File name: | 05-2022-0438.doc.zip |
Full analysis: | https://app.any.run/tasks/bf12c6d0-f4d5-4629-bb47-333732699d60 |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 22:21:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 58A2A7ABF63694E01DEB961166C5663E |
SHA1: | B22A5B27A8E93C440189E321082D3EB625BC8453 |
SHA256: | 90A1A94F5F9EFCE66697129BD4267B5E5102EEC7446D51B769882360AE035B19 |
SSDEEP: | 192:dfbGLkotEJOklSYTlRyZLsQgeWzkSfGeosi/oPCQh8TNxpr1yxw+1UUQ/t:dTGLkCEJOklllRyZLhgFzkSf2H2cr1yW |
.zip | | | ZIP compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1124 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\05-2022-0438.doc.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3188 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\05-2022-0438.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3188 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRF415.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3188 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:482C516CCADFC229935F4180457120CF | SHA256:0C5204C41F9CB0CB84A0EF30FF3BFC0672EACE60CFAD89D9944228A290C6BBB7 | |||
3188 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{BD7561BF-76BE-4B40-A34D-79A1F8D356F9}.FSD | binary | |
MD5:99FD15A48C62E95F259320969B086483 | SHA256:32B5F7DF82938553C33CE3236BF20CB55955A95E55D5D39510B40AE447007881 | |||
3188 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:6BCA5FC1D272B8CCEA604BAD75E36515 | SHA256:ED99AAEE9A04F65EC45B3E74EAD5DAB9505B4F4E7365CBF141CBD009A05EE124 | |||
3188 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{1C0AE668-5221-41C1-B9EA-5D86A075E0D1} | binary | |
MD5:482C516CCADFC229935F4180457120CF | SHA256:0C5204C41F9CB0CB84A0EF30FF3BFC0672EACE60CFAD89D9944228A290C6BBB7 | |||
3188 | WINWORD.EXE | C:\Users\admin\Desktop\~$-2022-0438.doc | pgc | |
MD5:95DD59A4DEADE1A70FE62864745BB358 | SHA256:0AF922BA55D8B7E5629DA625C3F5A554C1A8EBADA68736225743D35743D503D2 | |||
3188 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:5B9B4BF604F43B52453A54689D09F8EC | SHA256:E289ED12EC013B6449F99D67A1F84A6C522A986A0D4BA3C60F69B5FF50FC4359 | |||
3188 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\05-2022-0438.doc.LNK | lnk | |
MD5:E1EF01F982335740510E62966B1DCD45 | SHA256:DC7B925203C459115C6B66893A14682630B6C0D8E4ACC59A172179F87F7D038A | |||
3188 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF | binary | |
MD5:D471A0BB5F0B8A9AC834E0172491B7F9 | SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F | |||
3188 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{08C64D7B-396E-4285-AB68-83B41547F3D0} | binary | |
MD5:5B9B4BF604F43B52453A54689D09F8EC | SHA256:E289ED12EC013B6449F99D67A1F84A6C522A986A0D4BA3C60F69B5FF50FC4359 |
Domain | IP | Reputation |
---|---|---|
www.xmlformats.com |
| malicious |