URL: | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475/Letter%20To%20Self%20Assignment%20Sheet.doc |
Full analysis: | https://app.any.run/tasks/75d3276f-dc18-4ed6-8d68-8d60b3c5c46e |
Verdict: | Malicious activity |
Analysis date: | January 18, 2019, 03:48:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 84E8381C264FB0E1339DBDD2EF43F196 |
SHA1: | 7D59CC2AFAFFA42D8D4742649AC39A7E17E7427C |
SHA256: | E2E50FC1677A0F606993870807B988DAD042326B0B084C4689B2D80612145669 |
SSDEEP: | 3:N1KJS4fcRJdVEKfEx0vAYdFXuyEXOieG2NAAR1KG:Cc4G6KcaoeMyKdqlR1d |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2924 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3212 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2924 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2204 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3244 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2924 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2924 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2204 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR2F10.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2204 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{AFDB0237-9866-4711-B6CC-02500D91725C} | — | |
MD5:— | SHA256:— | |||
2204 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{FB088509-85EE-4C86-B55B-0E9D1D493C2D} | — | |
MD5:— | SHA256:— | |||
2204 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{BB0A528B-C757-49D5-919A-940FF9013E07}.FSD | binary | |
MD5:CEF25FDAF87060080C7ED5FBC9BF03CB | SHA256:4982A9EE67ACA5FDC1329B519AC54043427CA04D292174550B15D1EC06431B58 | |||
2204 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:C15F5F1ACCEEBEA94FF9378A7EFED9E9 | SHA256:869531F43E9BC18E5C766F11064B620E6CE5CF4018359A78736A83E792CAA42F | |||
3212 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Letter%20To%20Self%20Assignment%20Sheet[1].doc | document | |
MD5:0196785A5B5E0E5AEC90F0434DAAE5B0 | SHA256:A0ADB2DFE41A8C8C6B703B7AC5C15E3ED2474BCFC1BADDF780854104E8AAAE87 | |||
2204 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:A28FBE49FD46FDCFB9291B95D07BF3FC | SHA256:A51088CEDC1080456802A3CC7CE8574534B644432C89C6C74B97D96D1E15D6E6 | |||
2204 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | binary | |
MD5:35746181C21AB44664C0F1E848D9B5C2 | SHA256:BFB8AC859BA8C54FC3FB8B41D3F5062932C5BFE9BE4933EF40A257060E22CE3D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2204 | WINWORD.EXE | OPTIONS | 503 | 64.147.114.118:80 | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475/ | US | — | — | malicious |
2204 | WINWORD.EXE | OPTIONS | 503 | 64.147.114.118:80 | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475/ | US | — | — | malicious |
2204 | WINWORD.EXE | HEAD | 200 | 64.147.114.118:80 | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475/Letter%20To%20Self%20Assignment%20Sheet.doc | US | — | — | malicious |
2204 | WINWORD.EXE | OPTIONS | 503 | 64.147.114.118:80 | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475/ | US | — | — | malicious |
2204 | WINWORD.EXE | GET | 200 | 64.147.114.118:80 | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475/Letter%20To%20Self%20Assignment%20Sheet.doc | US | document | 9.28 Kb | malicious |
2924 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
976 | svchost.exe | OPTIONS | 301 | 64.147.114.118:80 | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475 | US | html | 270 b | malicious |
3212 | iexplore.exe | GET | 200 | 64.147.114.118:80 | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475/Letter%20To%20Self%20Assignment%20Sheet.doc | US | document | 9.28 Kb | malicious |
2204 | WINWORD.EXE | HEAD | 200 | 64.147.114.118:80 | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475/Letter%20To%20Self%20Assignment%20Sheet.doc | US | — | — | malicious |
2204 | WINWORD.EXE | HEAD | 200 | 64.147.114.118:80 | http://www.palmerschools.org/ourpages/auto/2017/1/25/50852475/Letter%20To%20Self%20Assignment%20Sheet.doc | US | compressed | 9.28 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2924 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2204 | WINWORD.EXE | 64.147.114.118:80 | www.palmerschools.org | The New York Internet Company | US | malicious |
976 | svchost.exe | 64.147.114.118:80 | www.palmerschools.org | The New York Internet Company | US | malicious |
3212 | iexplore.exe | 64.147.114.118:80 | www.palmerschools.org | The New York Internet Company | US | malicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.palmerschools.org |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2204 | WINWORD.EXE | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious DOC loader of embedded OLE from external source |
2204 | WINWORD.EXE | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious DOC loader of embedded OLE from external source |
2204 | WINWORD.EXE | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious DOC loader of embedded OLE from external source |