File name: | 1.docx |
Full analysis: | https://app.any.run/tasks/e2e17e55-f8a1-4d4f-8a86-2e168ff29159 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2022, 05:16:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | 666B2B178CE52E30BE9E69DE93CC60A9 |
SHA1: | FCC2D69A02F091593BC4F0B7D4F3CB5C90B4B011 |
SHA256: | CD09BF437F46210521AD5C21891414F236E29AA6869906820C7C9DC2B565D8BE |
SSDEEP: | 384:Txs3l0+5mYF8Bc2HtarGtYEerqy2SHgyOT4TO3wCB/g:Gv/yBcgtaQerqy2SHZOkTCXi |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2276 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\1.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItems |
Operation: | write | Name: | u?. |
Value: 753F2E00E4080000010000000000000000000000 | |||
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1033 |
Value: Off | |||
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1041 |
Value: Off | |||
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1046 |
Value: Off | |||
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1036 |
Value: Off | |||
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1031 |
Value: Off | |||
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1040 |
Value: Off | |||
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1049 |
Value: Off | |||
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 3082 |
Value: Off | |||
(PID) Process: | (2276) WINWORD.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1042 |
Value: Off |
PID | Process | Filename | Type | |
---|---|---|---|---|
2276 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRF775.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2276 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:BD0F7CA04713B9C5CA4127B2FD8E7037 | SHA256:719457D4BD0617FF6E230B9B49AF6D68E63A69C02352E849B0D51F30F3DF8CD0 | |||
2276 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:50C33AAF552D0E4F816BDB064D148F90 | SHA256:359DAC2B3ADF62AEFDA055C3E85EE26A1291884C9E88B8576F74C9188AEFFE3D | |||
2276 | WINWORD.EXE | C:\Users\admin\Desktop\~$1.docx | pgc | |
MD5:0C2A09D5D8DB114C9C1D46F6A4C2E4DE | SHA256:E1A07D956B43AB258033B775ABD73AC155F87C180DC0B7FD98DC76D870A5D769 | |||
2276 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:3CC81264DB5EE7428703372967A7DF0C | SHA256:C4ED0DE7F61AF07E11399613191D404587419F31EF7485B938B95EE661BD2A75 | |||
2276 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{65EB3D26-F59E-42F9-9738-A05FD102031C}.FSD | binary | |
MD5:73F96E77FEB685BBFC96C7E7EDE5000B | SHA256:4209937341F538F2477389CDCF7DED3D2393DD82E321A87E4CCF93C6CEEE80DA | |||
2276 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{CCA6B314-0391-4AEF-83DE-857D2F6B32E5} | binary | |
MD5:50C33AAF552D0E4F816BDB064D148F90 | SHA256:359DAC2B3ADF62AEFDA055C3E85EE26A1291884C9E88B8576F74C9188AEFFE3D | |||
2276 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{4F728FD0-E226-4611-9BAB-CB9508AC38C1}.FSD | binary | |
MD5:DC0ACAB543CC23997BBC5BFA07DB6CEC | SHA256:02C751EF6D2D44F76483B6B37D93E8C0C3E78EC2B80A32DDC61D1D6CA49832C7 | |||
2276 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | binary | |
MD5:D471A0BB5F0B8A9AC834E0172491B7F9 | SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F | |||
2276 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{271538B8-3EB4-453E-99AB-05ACE8104D52} | binary | |
MD5:3CC81264DB5EE7428703372967A7DF0C | SHA256:C4ED0DE7F61AF07E11399613191D404587419F31EF7485B938B95EE661BD2A75 |
Domain | IP | Reputation |
---|---|---|
pnwc.bol-north.com |
| unknown |