File name: | c7db25cfd29e119cdaeb8f214282a5e9ac3ed037f953d598deab8d916838a63e.docx |
Full analysis: | https://app.any.run/tasks/6ea2b731-46fb-4109-a555-a01e4eab6dd7 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | October 20, 2020, 09:27:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Consequatur., Author: Louis Rey, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Oct 16 11:17:00 2020, Last Saved Time/Date: Fri Oct 16 11:17:00 2020, Number of Pages: 1, Number of Words: 2907, Number of Characters: 16576, Security: 8 |
MD5: | 446459B3FDE33A5EFCBFCEC999E279E0 |
SHA1: | FD998C50EAF6A3AD82B22445A7B2495883853CC7 |
SHA256: | C7DB25CFD29E119CDAEB8F214282A5E9AC3ED037F953D598DEAB8D916838A63E |
SSDEEP: | 3072:ei/HfmSDBeY5kb0TUNAuBqVPlB11nBEtAWTZIKP7X/PkpRhmp:eYHzEYOb0TUquBqt7nBgX/PIRhmp |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
CompObjUserType: | Microsoft Word 97-2003 Document |
---|---|
CompObjUserTypeLen: | 32 |
LocaleIndicator: | 1033 |
CodePage: | Unicode UTF-16, little endian |
HeadingPairs: |
|
TitleOfParts: | - |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 15 |
CharCountWithSpaces: | 19445 |
Paragraphs: | 38 |
Lines: | 138 |
Company: | - |
Security: | Locked for annotations |
Characters: | 16576 |
Words: | 2907 |
Pages: | 1 |
ModifyDate: | 2020:10:16 10:17:00 |
CreateDate: | 2020:10:16 10:17:00 |
TotalEditTime: | - |
Software: | Microsoft Office Word |
RevisionNumber: | 1 |
LastModifiedBy: | - |
Template: | Normal.dotm |
Comments: | - |
Keywords: | - |
Author: | Louis Rey |
Subject: | - |
Title: | Consequatur. |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2952 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\c7db25cfd29e119cdaeb8f214282a5e9ac3ed037f953d598deab8d916838a63e.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2952 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR5095.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2952 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~DFA89CF7EE5BE96786.TMP | — | |
MD5:— | SHA256:— | |||
2952 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:992FC7E4702CEA2F73299687C4C6E8DD | SHA256:FE2D0641A82AF16E5DF89B2A32E344F0F6C442BEE6A4CF1020B99E8394B0B7EB |