File name: | bad1.docx |
Full analysis: | https://app.any.run/tasks/20cb630b-dbe9-4a4c-ba33-3d0d6153a56e |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | September 30, 2020, 04:04:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/octet-stream |
File info: | data |
MD5: | E8D2F3EE2BD155916D732A65D3371F02 |
SHA1: | 09FFB148D9926A2A29939F1ED50569729EEB4466 |
SHA256: | AA6C51857BDC1BCE0E0B29EF89DE4037DC8529CAAF48CCDD931F2C86D178B55A |
SSDEEP: | 1536:pRSAMOAMsydi1Ir77zOH98Wj2gpngx+a9sPWNWP5d6YQGVIcw1:EyfrzOH98ipg+P7vQGVIcw1 |
.bs/bin | | | PrintFox (C64) bitmap (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2620 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\bad1.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2620 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA6B0.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$bad1.docx | pgc | |
MD5:8BCBD478BE45663F6498802E66D41B90 | SHA256:2C76C49D73DC9803DAC142345282B5D2A1F6B6A02D41ACEF083DADE668E160CB | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:DB7ED30F2AF244B37602E9A8FA40BC69 | SHA256:6C261EB204362985E24872BAC097DA758424FC98F9EA7C6D717C17385EC5961A |