File name: | c3411893f27b42aed564387b587c2b8c.doc |
Full analysis: | https://app.any.run/tasks/6eec2686-6f1c-4901-87ee-87776d1413c1 |
Verdict: | Malicious activity |
Analysis date: | February 19, 2019, 08:52:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: user1, Template: Normal, Last Saved By: user1, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Fri Feb 15 14:11:00 2019, Last Saved Time/Date: Fri Feb 15 14:11:00 2019, Number of Pages: 1, Number of Words: 28, Number of Characters: 166, Security: 0 |
MD5: | C3411893F27B42AED564387B587C2B8C |
SHA1: | 8AC5D6873ED4E4841F020B3A4E69A078EB4212A0 |
SHA256: | C5E809359CEEDCF6FA89F9909B223B5C86F697F281E345D897394598998C05DB |
SSDEEP: | 6144:UXtVgA/MvsBuSosPXbtfc3TZI+bo26TPhqix6i+rSMI337Wj3jXmWau5xbsI2wH7:EnJ3wRk |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
Author: | user1 |
---|---|
Template: | Normal |
LastModifiedBy: | user1 |
RevisionNumber: | 2 |
Software: | Microsoft Office Word |
TotalEditTime: | 1.0 minutes |
CreateDate: | 2019:02:15 14:11:00 |
ModifyDate: | 2019:02:15 14:11:00 |
Pages: | 1 |
Words: | 28 |
Characters: | 166 |
Security: | None |
CodePage: | Windows Cyrillic |
Company: | - |
Lines: | 1 |
Paragraphs: | 1 |
CharCountWithSpaces: | 193 |
AppVersion: | 14 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | - |
HeadingPairs: |
|
CompObjUserTypeLen: | 32 |
CompObjUserType: | ???????? Microsoft Word 97-2003 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2988 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\c3411893f27b42aed564387b587c2b8c.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3772 | c:\Users\Public\ctrlpanel.exe | c:\Users\Public\ctrlpanel.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Control panel component Version: 1.0.0.0 | ||||
3036 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2988 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRE4E6.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3036 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRF2E0.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2988 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:51841B3D88B50BFD73A91594DDA18C62 | SHA256:F7F45BAFD351A1E8BB642D6A8C100AC81042F4B7BB57C5D9F08083C2A55AFE9E | |||
2988 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$411893f27b42aed564387b587c2b8c.doc | pgc | |
MD5:957B5229A2686D75F345EDB8BB497F1B | SHA256:9AA8EA822E415291FD8D8F93C82CDDF66832FEAB2D611A9866F10C30ECC13DA5 | |||
2988 | WINWORD.EXE | C:\Users\Public\ctrlpanel.exe | executable | |
MD5:40D2CCD570BD898CC31AF1CBFE5FB08E | SHA256:10E720FBCF797A2F40FBAA214B3402DF14B7637404E5E91D7651BD13D28A69D8 |