File name: | contract.doc |
Full analysis: | https://app.any.run/tasks/9be14b91-1ea6-404c-b5c5-a887ec5bd1c4 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 13:58:47 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: wgaJL, Subject: kND, Author: SWsB, Template: Normal, Last Saved By: J, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Nov 8 11:46:00 2019, Last Saved Time/Date: Fri Nov 8 11:46:00 2019, Number of Pages: 1, Number of Words: 6, Number of Characters: 37, Security: 0 |
MD5: | FC0C9A07BE500627E0365AB9016CC927 |
SHA1: | 8F3BB3E25CF9A9705D13D68553F0D738D5270137 |
SHA256: | D59716BAD3B43F9EB13E806ED78F74A6023C66C87436AB9C26BFAD1F29238292 |
SSDEEP: | 12288:QRQ6X9GDapm27H+9vo4karcaXv2CAwz0NASBY196ID+9Wzv:QRQ6tlF/4kc/vAi0NASi65Ez |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
CompObjUserType: | Microsoft Word 97-2003 Document |
---|---|
CompObjUserTypeLen: | 32 |
TKKuSaP: | +J1O@5red |
MmiJrLVk: | *O.^:]5|Vmh{ |
CYTsMttR: | s_x.HLLA9]Bb |
QrVRWQ: | PnDmeGBm6pW);-b5,U,u9u{5^ALj+_~ |
CodePage: | Windows Latin 1 (Western European) |
HeadingPairs: |
|
TitleOfParts: | - |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
CharCountWithSpaces: | 42 |
Paragraphs: | 1 |
Lines: | 1 |
Bytes: | 50159 |
Company: | - |
Security: | None |
Characters: | 37 |
Words: | 6 |
Pages: | 1 |
ModifyDate: | 2019:11:08 11:46:00 |
CreateDate: | 2019:11:08 11:46:00 |
TotalEditTime: | - |
Software: | Microsoft Office Word |
RevisionNumber: | 2 |
LastModifiedBy: | J |
Template: | Normal |
Comments: | - |
Keywords: | - |
Author: | SWsB |
Subject: | kND |
Title: | wgaJL |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2772 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\contract.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRAA73.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0000.tmp | — | |
MD5:— | SHA256:— | |||
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$demem.docx.zip | — | |
MD5:— | SHA256:— | |||
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0001.tmp | — | |
MD5:— | SHA256:— | |||
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E3373435.emf | emf | |
MD5:FB3981532125928BB4E7E59661FB0744 | SHA256:7B2D4BC5CE523C483E756AC65AAD9678CC1FCB6D183EBA4A9977EEE320ADD207 | |||
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\videmem.docx | document | |
MD5:29E2D415C37FA24107E4C3DAA707DEEF | SHA256:67701DF36F660C9D38E2DDE9EB5F7B9BE72B34087005F3382C98C132C57614DD | |||
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\videmem.docx.zip | document | |
MD5:ED7AD3A6FD4D67FCF7C753B9DC65072F | SHA256:450BAFD3670839C159546E1A07F7B3F9872FE6A61134058C44E03239DC5B79A0 | |||
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$ntract.doc | pgc | |
MD5:358D85BF712D7C63ECA09CAF53A5EB06 | SHA256:5B7C7F9F298C1F63AB5374C14630E6F52FD28D8713DF9F51E0FC140240897881 | |||
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\oleObject1.bin | binary | |
MD5:D146162D6096A48C2A4EACE2ABD8697A | SHA256:138E2370CDCEAF9CF06A7F906A33831BB0C16523853864AF069FA473312D866B | |||
2772 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:89BBC9818CB955498093D860BD0397A1 | SHA256:340BD0B0A9CB841A4AA5BFC1D540F886FE0A0A97A0EAEF68E1C593A8A064DA2F |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 195.123.246.12:443 | microsoft-hub-us.com | — | UA | unknown |
Domain | IP | Reputation |
---|---|---|
microsoft-hub-us.com |
| unknown |