File name: | Amazon Statement.docx |
Full analysis: | https://app.any.run/tasks/53c854c0-934a-41b7-ac28-ba9f22611916 |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 00:55:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | 36D9775EDCD5A5584EA2A331CF8D06EC |
SHA1: | 3650D632D13A69747FC5D7483C9B444C29CD6609 |
SHA256: | FBEA3549E1A0B3A0977E5DBED5C3AB8CD7D2190EF4702D3145CCF3D0F0FEEB61 |
SSDEEP: | 1536:ynRMoLwcU9aCzhR5LjD9Gq4ULwF2Jg6a/7b:iJLCB7DTEF8pa/7b |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0006 |
ZipCompression: | Deflated |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCRC: | 0x2c4825bf |
ZipCompressedSize: | 444 |
ZipUncompressedSize: | 1869 |
ZipFileName: | [Content_Types].xml |
Creator: | vincent ah ah ah |
---|
LastModifiedBy: | Azure |
---|---|
RevisionNumber: | 138 |
LastPrinted: | 2019:01:27 08:09:00Z |
CreateDate: | 2019:09:27 07:14:00Z |
ModifyDate: | 2019:10:13 23:23:00Z |
Template: | Account-Verify.dot |
TotalEditTime: | 1.0 hours |
Pages: | 1 |
Words: | 155 |
Characters: | 888 |
Application: | Microsoft Office Word |
DocSecurity: | None |
Lines: | 7 |
Paragraphs: | 2 |
ScaleCrop: | No |
HeadingPairs: |
|
TitlesOfParts: | - |
Company: | - |
LinksUpToDate: | No |
CharactersWithSpaces: | 1041 |
SharedDoc: | No |
HyperlinksChanged: | No |
AppVersion: | 12 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
992 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Amazon Statement.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
992 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA831.tmp.cvr | — | |
MD5:— | SHA256:— | |||
992 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\msoAF27.tmp | — | |
MD5:— | SHA256:— | |||
992 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$azon Statement.docx | pgc | |
MD5:411EEF87EB4706CF15411B5B975BEAA1 | SHA256:029529DFBAC98D1A6F0F06C52A340763017042DBCC6CB14FBC177B21CE40DAD9 | |||
992 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN3809.lex | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 | |||
992 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:71834CB5A40FD067717E5E242FCFDDE2 | SHA256:053F9EECE736E49AA9E3C99DB635C70D83D2B9311D2D3CA8D612695DCF73376C |