File name: | a48b75c267d139f804821172a42776ce2c9c1669f41dcc1ab84fa13eec546c80.docm |
Full analysis: | https://app.any.run/tasks/51d24c1e-cde0-4ad8-a2e3-20684b4bc8ba |
Verdict: | Malicious activity |
Analysis date: | March 21, 2019, 03:01:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | AC61EBBDF88A10542A9BB7565BD137AC |
SHA1: | 80B36351C1FB3E014F7372FE0C9871CD753B2394 |
SHA256: | A48B75C267D139F804821172A42776CE2C9C1669F41DCC1AB84FA13EEC546C80 |
SSDEEP: | 768:Bi64wSBlHyubDOM/9ndFE4kCGINZ5+gkNCAI9hhSEKDaKfmTx41mwt+iOBl:ske/DOMC4koZQgkNCXhtK9pde |
.docm | | | Word Microsoft Office Open XML Format document (with Macro) (53.6) |
---|---|---|
.docx | | | Word Microsoft Office Open XML Format document (24.2) |
.zip | | | Open Packaging Conventions container (18) |
.zip | | | ZIP compressed archive (4.1) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0006 |
ZipCompression: | Deflated |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCRC: | 0x2e84550c |
ZipCompressedSize: | 446 |
ZipUncompressedSize: | 1665 |
ZipFileName: | [Content_Types].xml |
Template: | Normal |
---|---|
TotalEditTime: | 24 minutes |
Pages: | 1 |
Words: | 2872 |
Characters: | 15797 |
Application: | Microsoft Office Word |
DocSecurity: | None |
Lines: | 131 |
Paragraphs: | 37 |
ScaleCrop: | No |
HeadingPairs: |
|
TitlesOfParts: | - |
Company: | - |
LinksUpToDate: | No |
CharactersWithSpaces: | 18632 |
SharedDoc: | No |
HyperlinksChanged: | No |
AppVersion: | 14 |
LastModifiedBy: | VM |
RevisionNumber: | 5 |
CreateDate: | 2019:03:05 14:31:00Z |
ModifyDate: | 2019:03:05 15:21:00Z |
Creator: | VM |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
180 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\a48b75c267d139f804821172a42776ce2c9c1669f41dcc1ab84fa13eec546c80.docm" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 | ||||
2588 | OYwhgiVditQg.exe | C:\Users\admin\OYwhgiVditQg.exe | — | WINWORD.EXE |
User: admin Integrity Level: MEDIUM Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
180 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR86F9.tmp.cvr | — | |
MD5:— | SHA256:— | |||
180 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FE7A1AED.png | — | |
MD5:— | SHA256:— | |||
180 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3412CC0A.jpeg | — | |
MD5:— | SHA256:— | |||
180 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{100724B9-3E83-4A96-A802-2454DB59E7F7}.tmp | — | |
MD5:— | SHA256:— | |||
180 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{79D0D1AD-D394-4288-8013-58CF77D6D807}.tmp | — | |
MD5:— | SHA256:— | |||
180 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{8E453609-9E3C-49C3-B9F1-2B6666FDFBD6}.tmp | — | |
MD5:— | SHA256:— | |||
180 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:A3D37A96BE99E1B37F142EAB31105E77 | SHA256:10776DED098C89C43628A733533878C3854AA3666210F1501E5D0D74311EF8F0 | |||
180 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$8b75c267d139f804821172a42776ce2c9c1669f41dcc1ab84fa13eec546c80.docm | pgc | |
MD5:63A968A02CDAE2D7A33F21D3D775F048 | SHA256:504C29F2D47460430CC7680FB8223884588E3639EDE6DB64AF5FC1056549F98B | |||
180 | WINWORD.EXE | C:\Users\admin\OYwhgiVditQg.exe | executable | |
MD5:5C349331621932B0251FA7A98AA3EE93 | SHA256:CE0AFB0AD57F6D01746D81554909C9FABD8650E9AD680F2CCFDBB2D74A76653B | |||
180 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryFR040c.lex | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |