File name: | Investment_Proposal.doc |
Full analysis: | https://app.any.run/tasks/fbec779b-9a62-405f-821b-5b2fe33e443c |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 12:57:01 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: Opal, Template: Normal, Last Saved By: Opal, Revision Number: 10, Name of Creating Application: Microsoft Office Word, Total Editing Time: 08:00, Create Time/Date: Wed Jul 10 11:04:00 2019, Last Saved Time/Date: Wed Jul 10 11:18:00 2019, Number of Pages: 2, Number of Words: 253, Number of Characters: 1448, Security: 0 |
MD5: | 82F8883EDEF1A5767F095EFECC063308 |
SHA1: | 0BFA4807F2249FD94181FD21B6FE03741964E98E |
SHA256: | E8B90B275CFDDAB049BFDF35FAEA75F7A38EA419CEEEDC7678300FA07558118E |
SSDEEP: | 12288:55tMNsvSHQBtjcuJV3L8FXypCrS+Hnnn4lS:N7vjcug0pCrjn4lS |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
CompObjUserType: | ???????? Microsoft Word 97-2003 |
---|---|
CompObjUserTypeLen: | 32 |
HeadingPairs: |
|
TitleOfParts: | - |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 15 |
CharCountWithSpaces: | 1698 |
Paragraphs: | 3 |
Lines: | 12 |
Company: | - |
CodePage: | Windows Cyrillic |
Security: | None |
Characters: | 1448 |
Words: | 253 |
Pages: | 2 |
ModifyDate: | 2019:07:10 10:18:00 |
CreateDate: | 2019:07:10 10:04:00 |
TotalEditTime: | 8.0 minutes |
Software: | Microsoft Office Word |
RevisionNumber: | 10 |
LastModifiedBy: | Opal |
Template: | Normal |
Comments: | - |
Keywords: | - |
Author: | Opal |
Subject: | - |
Title: | - |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3000 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Investment_Proposal.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3144 | "C:\Users\admin\AppData\Local\Temp\investment proposal (2).scr" /S | C:\Users\admin\AppData\Local\Temp\investment proposal (2).scr | WINWORD.EXE | |
User: admin Company: G&G Software Integrity Level: MEDIUM Description: Controversy Bilingual Forks Councils Stocks Version: 6.3.2.4 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3000 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR36AA.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3000 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D30FBFB4.emf | — | |
MD5:— | SHA256:— | |||
3000 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:CADEE69070B8ACF2A94571E2F408245D | SHA256:ED589F9FA3564DCAD8F9D6599732C2FE5BAC3F30542F1456AAB7412946A50274 | |||
3000 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2BA40CBF.emf | emf | |
MD5:0703026B83B08048C0652ADCF478E70B | SHA256:5688A413FBB9DC0C5D449049827E71079E2B638C08DFD6D04BFFC47D2BABA1C6 | |||
3000 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$vestment_Proposal.doc | pgc | |
MD5:78EAFDDD3B39B17AB5A55F64EE2B221D | SHA256:1A7DE552D1F239982E9E95A8BBB3FF0F019008F60A36621EBC54258199E9843E | |||
3000 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\investment proposal (2).scr | executable | |
MD5:33E14179BC13A5AEAD84E7351C806E87 | SHA256:D97264C62FED820A59F52D3F451A60961399D11DAC54622B5EEF6F72DD12C66B | |||
3144 | investment proposal (2).scr | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ggkcowbacuayicoog[1].txt | html | |
MD5:E3E31917B751C388834905CF038BBABE | SHA256:6943FFB16B421346D41EC8BD7F96BE75D44FCBCCBAB812109911D299772C6F1F | |||
3000 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3144 | investment proposal (2).scr | 185.243.114.220:443 | securegrandix.com | — | — | suspicious |
Domain | IP | Reputation |
---|---|---|
securegrandix.com |
| suspicious |