analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | Notificazione-531082.doc |
| Full analysis: | https://app.any.run/tasks/1f1e6bab-701a-4f38-8350-7a15e8fcffac |
| Verdict: | Malicious activity |
| Analysis date: | October 14, 2019, 10:37:11 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| MIME: | application/msword |
| File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, Code page: 1252, Author: Administrator, Template: Normal.dotm, Last Saved By: Administrator, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 03:00, Create Time/Date: Wed Sep 25 23:02:00 2019, Last Saved Time/Date: Wed Oct 2 05:05:00 2019, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0 |
| MD5: | 48CCF1A30F3D8E113DAC57DF5444EB32 |
| SHA1: | BC60D5739887D42A98153D5F24C04C00F3121178 |
| SHA256: | B06D0E9DF051DBBB4EDB851A2A86566BA3CB33F10A0AE217925E06A690E96CBA |
| SSDEEP: | 768:jC3hskfJyrnl5SuxelIylxLPHJ2DvhZImJhHi/o5Zbtxw+t:jC3hskRSSuclIyTPHkDD+WZbtxrt |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
Creates files in the user directory
- WINWORD.EXE (PID: 2280)
Reads Microsoft Office registry keys
- WINWORD.EXE (PID: 2280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .doc | | | Microsoft Word document (54.2) |
|---|---|---|
| .doc | | | Microsoft Word document (old ver.) (32.2) |
EXIF
FlashPix
| Title: | - |
|---|---|
| Subject: | - |
| Author: | Administrator |
| Keywords: | - |
| Comments: | - |
| Template: | Normal.dotm |
| LastModifiedBy: | Administrator |
| RevisionNumber: | 4 |
| Software: | Microsoft Office Word |
| TotalEditTime: | 3.0 minutes |
| CreateDate: | 2019:09:25 22:02:00 |
| ModifyDate: | 2019:10:02 04:05:00 |
| Pages: | 1 |
| Words: | - |
| Characters: | 1 |
| Security: | None |
| CodePage: | Windows Latin 1 (Western European) |
| Company: | - |
| Lines: | 1 |
| Paragraphs: | 1 |
| CharCountWithSpaces: | 1 |
| AppVersion: | 16 |
| ScaleCrop: | No |
| LinksUpToDate: | No |
| SharedDoc: | No |
| HyperlinksChanged: | No |
| TitleOfParts: | - |
| HeadingPairs: |
|
| CompObjUserTypeLen: | 32 |
| CompObjUserType: | Microsoft Word 97-2003 Document |
Total processes
35
Monitored processes
1
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2280 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Notificazione-531082.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
Total events
1 535
Read events
865
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
0
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2280 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRAB0F.tmp.cvr | — | |
MD5:— | SHA256:— | |||
| 2280 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:8B378DCC62035BBABEF8B1C2A131A338 | SHA256:7C1F83E56B3CF1632E1D1DDD8BFD13219F8133599041726FA2EA3FB98B22B275 | |||
| 2280 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$tificazione-531082.doc | pgc | |
MD5:6E130BEF9A6A8548157FDFC2A2720F22 | SHA256:BA4B0C38961BFEDDDD07553D8D0718BEC1D56E00262A6540A2DAC1AC5FDACF25 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report