File name: | 50773.doc |
Full analysis: | https://app.any.run/tasks/e4fafa7d-12e8-49c4-97d4-f12bd05cc098 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | November 08, 2019, 15:59:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/CDFV2 |
File info: | Composite Document File V2 Document, Can't read SAT |
MD5: | C7778371E349FCEF1B262FAE48A43F73 |
SHA1: | 9BA3584EFBCE3CB080D0D501DFA19FCD384AEF02 |
SHA256: | 86129AA66D83FB03A592B252772050813DFA4DF8DFE53DECCDDBDED868E723B2 |
SSDEEP: | 3072:rlCAO4wYMH+UaqFh51r/SzFaSawGBrjC48+WZ/POhh+/PL:rlTO4wYMHNaqjSzGwD48+aPOneL |
.doc | | | Microsoft Word document (80) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1732 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\50773.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1732 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA7E3.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1732 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:D3E45E9E34C71A48C10FD945E9620BAF | SHA256:6CC7603DD408465CD9F4E0ED479443E49C34BDBCC43DE9FD1A9A1A1B8185537F |