File name: | 891de464225b91853e88b1a476e4449f1088a78eca6c49f69cc1c7f090b4cbc9 |
Full analysis: | https://app.any.run/tasks/2c1a11d4-8a53-4a33-b336-490b4d4e826d |
Verdict: | Malicious activity |
Analysis date: | June 19, 2019, 04:30:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | DD89BBB916A2C909630EC78CBB0E13E5 |
SHA1: | 88294078D7F7D9816FD7C393048D0CC4508492F4 |
SHA256: | 891DE464225B91853E88B1A476E4449F1088A78ECA6C49F69CC1C7F090B4CBC9 |
SSDEEP: | 6144:K01HXSxE144/lqPnvFb1ew+3nPEZ5XAmnlICm4PFcJ9W+e:K+Mu44/IB1ewsPE7XAml9hNcJ0+e |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
Description: | - |
---|---|
Creator: | Windows User |
Subject: | - |
Title: | - |
ModifyDate: | 2019:03:11 06:03:00Z |
---|---|
CreateDate: | 2019:03:11 05:42:00Z |
RevisionNumber: | 4 |
LastModifiedBy: | Windows User |
Keywords: | - |
AppVersion: | 16 |
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | 1013 |
LinksUpToDate: | No |
Company: | - |
TitlesOfParts: | - |
HeadingPairs: |
|
ScaleCrop: | No |
Paragraphs: | 2 |
Lines: | 7 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 864 |
Words: | 151 |
Pages: | 1 |
TotalEditTime: | 21 minutes |
Template: | Normal.dotm |
ZipFileName: | _rels/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2019:03:11 12:51:01 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2932 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\891de464225b91853e88b1a476e4449f1088a78eca6c49f69cc1c7f090b4cbc9.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3200 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE" C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE | — | WINWORD.EXE |
User: admin Integrity Level: LOW Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2932 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRE85B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2932 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$1de464225b91853e88b1a476e4449f1088a78eca6c49f69cc1c7f090b4cbc9.docx | pgc | |
MD5:8B6AE99BC8A2D594EB4FECBF30B305E4 | SHA256:015CCCF3C3230CBE61D699E0777AC192A773645C23C91268BB955FEE2644A745 | |||
2932 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:816BEA007272E3D591722A84B2EBD2E8 | SHA256:0BD48B965DD591F21A77D8C83E4C24FE5627C543192A698F7B1E1842A0EEDB5A | |||
2932 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_248C1444-052F-4812-9285-2AD9148C3F7E.0\FLF0A9.tmp | ps | |
MD5:AA8C03A86478EDFFA8EEABCBBFDA7278 | SHA256:B5F6246F03185C44478E6ABEA9529BB33B81253E22833E55A507713D1B63647A | |||
2932 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\39B09E4E.eps | ps | |
MD5:AA8C03A86478EDFFA8EEABCBBFDA7278 | SHA256:B5F6246F03185C44478E6ABEA9529BB33B81253E22833E55A507713D1B63647A |