File name: | fae13937a5e01256d8da45c4f55710810c155da4e030450425831696a12f6f33 |
Full analysis: | https://app.any.run/tasks/d0befe02-2a01-4fd4-b04f-66c7912f423d |
Verdict: | Malicious activity |
Analysis date: | June 19, 2019, 16:41:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | F27227BE2CB3EC64061B416293F4BDC8 |
SHA1: | FB571A2363EE2AF13BF90C0DC127926CB3EF650F |
SHA256: | FAE13937A5E01256D8DA45C4F55710810C155DA4E030450425831696A12F6F33 |
SSDEEP: | 768:Z2LOC1LLAWPsngpFlzWXGwEaj9YrEY996HiwgYTxpHAOkDi39FvZE6pF4J:GVj0nGXzW3erP9Miwgep3vzC |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
AppVersion: | 14 |
---|---|
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | 20 |
LinksUpToDate: | No |
Company: | - |
ScaleCrop: | No |
Paragraphs: | 1 |
Lines: | 1 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 18 |
Words: | 3 |
Pages: | 1 |
TotalEditTime: | - |
Template: | Normal.dotm |
ModifyDate: | 2019:06:15 12:20:00Z |
CreateDate: | 2019:06:15 12:20:00Z |
RevisionNumber: | 1 |
LastModifiedBy: | Admin |
Keywords: | - |
Description: | - |
---|---|
Creator: | Admin |
Subject: | - |
Title: | - |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1570 |
ZipCompressedSize: | 415 |
ZipCRC: | 0xc1917370 |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0006 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3124 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\fae13937a5e01256d8da45c4f55710810c155da4e030450425831696a12f6f33.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2160 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Word Processor.js" | C:\Windows\System32\WScript.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3124 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRF077.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3124 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E9778436.emf | emf | |
MD5:4C767983BB2DF15C45962969D1AF2931 | SHA256:654E6A75BD51431DFD2D6D59D70425ECC28F0894C6C1D097A5C5BC1061ADDCCA | |||
3124 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:B4A3A7010D8FEA8F141CA79DBF1C0A7F | SHA256:1AE5A8F017BE4D661214AD5059D36CCC00CE7BC44428DA72655DCE7695B6AB06 | |||
3124 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:702B39931CE9836955A11E4D1D16A0B8 | SHA256:6DD18DFDDEF6487BFA9B9B7DD65A195239A2EB3C5728EA48E22F5D308E32584B | |||
3124 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\fae13937a5e01256d8da45c4f55710810c155da4e030450425831696a12f6f33.docx.LNK | lnk | |
MD5:BCDD7E29976B0C2E3480756AB332D9B8 | SHA256:B7985AD63F8AC7937E419315056420A8D247B00252EBFA9B8D569BCD7575AD4D | |||
3124 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Word Processor.js | text | |
MD5:6EB0A85B3D74321EEA1935A67CB86E20 | SHA256:AB3A257AC4013AB56566E87E289995C8A2F7DA59A5ED4C48CF62F532255D134B | |||
3124 | WINWORD.EXE | C:\Users\admin\Desktop\~$e13937a5e01256d8da45c4f55710810c155da4e030450425831696a12f6f33.docx | pgc | |
MD5:8E8D7AA37FD117006CEC04938F7A691E | SHA256:88B35FA3C9B5578C35EB72504FA22A246B876487416C34AAFBD5AF516FB03CC2 |