File name: | Trump's_Attack_on_Syria_English.docx |
Full analysis: | https://app.any.run/tasks/beac1760-935d-4465-90c3-dd589b75acdc |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 11:29:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | F8E92D8B5488EA76C40601C8F1A08790 |
SHA1: | D5235D136CFCADBEF431EEA7253D80BDE414DB9D |
SHA256: | 91ACB0D56771AF0196E34AC95194B3D0BF3200BC5F6208CAF3A91286958876F9 |
SSDEEP: | 6144:x9xUBwNi8X0Dv0xrIb0f59TRkjj3siJwXT5:/xUYi8X0DvSHQZaF |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2017:04:18 12:27:12 |
ZipCRC: | 0xf5547294 |
ZipCompressedSize: | 354 |
ZipUncompressedSize: | 1375 |
ZipFileName: | [Content_Types].xml |
Template: | Normal.dotm |
---|---|
TotalEditTime: | 1 minute |
Pages: | 2 |
Words: | 958 |
Characters: | 5462 |
Application: | Microsoft Office Word |
DocSecurity: | None |
Lines: | 45 |
Paragraphs: | 12 |
ScaleCrop: | No |
HeadingPairs: |
|
TitlesOfParts: | - |
Company: | - |
LinksUpToDate: | No |
CharactersWithSpaces: | 6408 |
SharedDoc: | No |
HLinks: |
|
HyperlinksChanged: | No |
AppVersion: | 15 |
Keywords: | - |
CreateDate: | 2017:04:18 08:41:00Z |
ModifyDate: | 2017:04:18 08:41:00Z |
Title: | - |
---|---|
Subject: | - |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3004 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Trump's_Attack_on_Syria_English.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3664 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE" C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE | — | WINWORD.EXE |
User: admin Integrity Level: LOW Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3004 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRB7F5.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3004 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$ump's_Attack_on_Syria_English.docx | pgc | |
MD5:92271E5159E95A314696478FBAFFBBE7 | SHA256:E04237C0AE4CFAFF54AC8F9A15D4FD6C9FDA34FAA7DEFAF90FBF9A17C2D439E0 | |||
3004 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:0D51E31C2A01DA5DE6C235E6217037C7 | SHA256:FF596751B774F3C826BF5229633411E85D858847D0F65372E4AA63FCBCB438CA | |||
3004 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 | |||
3004 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B162B82A.eps | ps | |
MD5:B137C809E3BF11F2F5D867A6F4215F95 | SHA256:2E75DEAC828111D224C2E6F08662A25E6CCF1C2B7AA938D8D35AE08560AE278A | |||
3004 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_9FC0125B-C03B-4AFB-9444-4CB51D31D46D.0\FLC564.tmp | ps | |
MD5:B137C809E3BF11F2F5D867A6F4215F95 | SHA256:2E75DEAC828111D224C2E6F08662A25E6CCF1C2B7AA938D8D35AE08560AE278A |