URL: | http://www.transelca.com.co/proveedor/doc_provedores/TPA1007%20Procedimiento%20de%20Evaluaci%C3%B3n%20de%20Proveedores.docx |
Full analysis: | https://app.any.run/tasks/4c67115c-7536-4523-b492-87c3eccf1a7d |
Verdict: | Malicious activity |
Analysis date: | January 18, 2019, 03:06:57 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | BCCE065331F734D220F8D8C6D60E2FE2 |
SHA1: | AC552D7728048AF6C60C916C42DCDB7E9AFFBB4E |
SHA256: | B69B5067C01C524BD978C67A154B2F70F6840E09A5B3BC591D038EAF21F35525 |
SSDEEP: | 3:N1KJS4IpHGT2KldXTDWxbjfaXBMIBGyV6EGMKCdlXVIBcBf:Cc4QmT2Klhv2bbSV6ODXV4cN |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2708 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3124 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2708 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3848 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2708 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
3848 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR7754.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3848 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019011820190119\index.dat | dat | |
MD5:A7FEA8DCB41A2E0278A339CE4E49355A | SHA256:0B1C417A00CC412C41AAC7ADA060A90C9595BC8107943EEB67B5A1468B0502D4 | |||
3848 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:608ED8B843D069EDBD1A518708ECCA9D | SHA256:FED8DACC3204DDD4BAB7D6CC7756377D9C00296953E38449A697CBDB40061D47 | |||
3848 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\corev4[1].css | text | |
MD5:78ACA328C87941EC989B404E5F560293 | SHA256:DA723A0B33A3BF244F86D0A91990997900434C6924E6B2D5098D4D687B81D461 | |||
3848 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\logo[1].png | image | |
MD5:D144358B3EF2D374A81FBC43F7E12BC4 | SHA256:01B4AE791A9DE2F19A5135502716E0AF207E9536A0CE69A4299B82929E2425ED | |||
3124 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\TPA1007%20Procedimiento%20de%20Evaluación%20de%20Proveedores[1].docx | document | |
MD5:91FAD17415E1AB25068052B536652313 | SHA256:805C834D142E6BEDFF782A1A28AFD0A0843B1A92A0BD004785CD35627350EE00 | |||
2708 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[3].png | image | |
MD5:9FB559A691078558E77D6848202F6541 | SHA256:6D8A01DC7647BC218D003B58FE04049E24A9359900B7E0CEBAE76EDF85B8B914 | |||
3848 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\login[1].aspx | html | |
MD5:68E0DFBCB56BC388FA26E4F3F8878292 | SHA256:3821988B54BEE7C1448A1F6013AC75AD5B4E5E8E0538B1CAC6FA71294F118960 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3848 | WINWORD.EXE | GET | 200 | 65.208.69.83:80 | http://www.transelca.com.co/Imagenes%20Corporativas/Institucionales/logo.png | CO | image | 1.63 Kb | malicious |
3124 | iexplore.exe | GET | 200 | 65.208.69.83:80 | http://www.transelca.com.co/proveedor/doc_provedores/TPA1007%20Procedimiento%20de%20Evaluaci%C3%B3n%20de%20Proveedores.docx | CO | document | 45.0 Kb | malicious |
3848 | WINWORD.EXE | GET | 200 | 65.208.69.83:80 | http://www.transelca.com.co/_LAYOUTS/CustomLoginPage/login.aspx?ReturnUrl=/_layouts/Error.aspx | CO | html | 1.22 Kb | malicious |
3848 | WINWORD.EXE | GET | 200 | 65.208.69.83:80 | http://www.transelca.com.co/_layouts/3082/styles/Themable/corev4.css | CO | text | 37.1 Kb | malicious |
3848 | WINWORD.EXE | OPTIONS | 403 | 65.208.69.83:80 | http://www.transelca.com.co/proveedor/doc_provedores/ | CO | text | 13 b | malicious |
2708 | iexplore.exe | GET | 200 | 13.107.21.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2708 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2708 | iexplore.exe | 13.107.21.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3848 | WINWORD.EXE | 65.208.69.83:80 | www.transelca.com.co | INTERNEXA S.A. E.S.P | CO | malicious |
3124 | iexplore.exe | 65.208.69.83:80 | www.transelca.com.co | INTERNEXA S.A. E.S.P | CO | malicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.transelca.com.co |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
3848 | WINWORD.EXE | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious DOC loader of embedded OLE from external source |