File name: | contract.doc |
Full analysis: | https://app.any.run/tasks/8554f92c-0d54-48d5-9368-8e8fa0f5c7ad |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 14:41:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: kC, Subject: LT, Author: lCwb, Template: Normal, Last Saved By: J, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Nov 8 11:46:00 2019, Last Saved Time/Date: Fri Nov 8 11:46:00 2019, Number of Pages: 1, Number of Words: 6, Number of Characters: 37, Security: 0 |
MD5: | D17F02540B6337184B6CEAED1949E9A4 |
SHA1: | 9BEFC5E3446A50197AA30ED8D790E42FF6D970CE |
SHA256: | DF182629A79CF35EF0510988B4E98D2555134C6FA5E8E6FF58082C35C83E06F3 |
SSDEEP: | 12288:WRQ6X9GDapm/7H+9vo4karcaXv2CAwz0NASBY196ID+9ozv:WRQ6tla/4kc/vAi0NASi65uz |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
Title: | kC |
---|---|
Subject: | LT |
Author: | lCwb |
Keywords: | - |
Comments: | - |
Template: | Normal |
LastModifiedBy: | J |
RevisionNumber: | 2 |
Software: | Microsoft Office Word |
TotalEditTime: | - |
CreateDate: | 2019:11:08 11:46:00 |
ModifyDate: | 2019:11:08 11:46:00 |
Pages: | 1 |
Words: | 6 |
Characters: | 37 |
Security: | None |
Company: | - |
Bytes: | 25068 |
Lines: | 1 |
Paragraphs: | 1 |
CharCountWithSpaces: | 42 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | - |
HeadingPairs: |
|
CodePage: | Windows Latin 1 (Western European) |
FYTvcrDVpu: | ;7q1p |
PLSllt: | R]-3Cda;G |
ZlIaXsMWeR: | &,WK$.@5P8=Z~.fO:2xI |
DIJtA: | _GlxmV19fBs |
CompObjUserTypeLen: | 32 |
CompObjUserType: | Microsoft Word 97-2003 Document |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1820 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\contract.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1820 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA60E.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1820 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0000.tmp | — | |
MD5:— | SHA256:— | |||
1820 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0001.tmp | — | |
MD5:— | SHA256:— | |||
1820 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\oleObject1.bin | binary | |
MD5:D146162D6096A48C2A4EACE2ABD8697A | SHA256:138E2370CDCEAF9CF06A7F906A33831BB0C16523853864AF069FA473312D866B | |||
1820 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:8032A407895D8E9D2BB6589223B4888A | SHA256:534549629E0A7B0918B121CD41380D0B5E05083A9E1D1ECB2D231626D89AFA74 | |||
1820 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\videmem.docx.zip | document | |
MD5:1B49382E2E980CD608D158DBE648F39D | SHA256:8A0C6168508BDE4228660D5D711867B873A7313A8E40D221DCFE2C5B7427879B | |||
1820 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\videmem.docx | document | |
MD5:3169C6895F99487C01B4C4BDF7276532 | SHA256:F87570BEFB24904E511819DD90139CAF04734DD561ECF72147A5AD7AC4169227 | |||
1820 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$ntract.doc | pgc | |
MD5:62F7A166AA3E58508774E57A29DB184E | SHA256:5DD9B1032FDB713CE09F77C3D0ECBF31ED676A608148783649044EF296EF4698 | |||
1820 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$demem.docx.zip | pgc | |
MD5:B8A5A8C0D941E27F4CD1B2D0A8D06045 | SHA256:2E5516893E7532866D2221F6EC6B2E13B8E51FAA51CB5E6E295F89CC261A298B | |||
1820 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:03356CB49C1A5796472BD0230B9C25A9 | SHA256:EC5CA070CC832649721E30F31F2F0CEB29A814893C9B610E530C83D84955AF9D |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1820 | WINWORD.EXE | 195.123.246.12:443 | microsoft-hub-us.com | — | UA | unknown |
Domain | IP | Reputation |
---|---|---|
microsoft-hub-us.com |
| unknown |