File name: | contract.doc |
Full analysis: | https://app.any.run/tasks/87e7ac9a-c41c-48a7-8e1f-054701d0b7c2 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 15:11:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: m, Subject: P, Author: yPagD, Template: Normal, Last Saved By: J, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Nov 8 11:46:00 2019, Last Saved Time/Date: Fri Nov 8 11:46:00 2019, Number of Pages: 1, Number of Words: 6, Number of Characters: 37, Security: 0 |
MD5: | 418A23A6037BEEACBB87C1E9917D376E |
SHA1: | 93A388EBEE3620001C545292759F7019823741EC |
SHA256: | FBFED044701B3525DB5F01D9F0DE344BAB9742600753920584737261BDC53456 |
SSDEEP: | 12288:kRQ6X9GDapmk7H+9vo4karcaXv2CAwz0NASBY196ID+9W4B:kRQ6tl//4kc/vAi0NASi65kK |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
Title: | m |
---|---|
Subject: | P |
Author: | yPagD |
Keywords: | - |
Comments: | - |
Template: | Normal |
LastModifiedBy: | J |
RevisionNumber: | 2 |
Software: | Microsoft Office Word |
TotalEditTime: | - |
CreateDate: | 2019:11:08 11:46:00 |
ModifyDate: | 2019:11:08 11:46:00 |
Pages: | 1 |
Words: | 6 |
Characters: | 37 |
Security: | None |
Company: | - |
Bytes: | 23245 |
Lines: | 1 |
Paragraphs: | 1 |
CharCountWithSpaces: | 42 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | - |
HeadingPairs: |
|
CodePage: | Windows Latin 1 (Western European) |
BicMnKEpw: | XK})5HHZCZ!XGwk7a6Q4kGNVd54!W |
BnVskg: | OcZ$}b}:N^^ |
EKVPOMjX: | &a#5dceO5af{MU3? |
HsyDDRRfWE: | Mk2ao*7c_j,]/R*^!5noA. |
FQyQlhUCew: | cUIe(3=1e#rFXi%gk |
OvpAjai: | {N|,X+XPOyH7(Uz9=pJQ/@M |
CompObjUserTypeLen: | 32 |
CompObjUserType: | Microsoft Word 97-2003 Document |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1556 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\contract.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA91B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0000.tmp | — | |
MD5:— | SHA256:— | |||
1556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$demem.docx.zip | — | |
MD5:— | SHA256:— | |||
1556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0001.tmp | — | |
MD5:— | SHA256:— | |||
1556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$idemem.docx | pgc | |
MD5:7A82A9746421CDD6D3A871B05A293382 | SHA256:D4E36BC19D81F71AD2B248D3CDE7F98B389E53C085C2B786B6BD531A72C65435 | |||
1556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:1495C98FB948974603A6E6D7DF759885 | SHA256:F987B3E99CCCCF1EBA69D75B6435DBC967D6CB1B94DBC39BFB3C9E2218A695A8 | |||
1556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\videmem.docx.zip | document | |
MD5:5E430C049B097DB20A5CC4DE52EABD25 | SHA256:76609C057AFDFF869E8A5C0406E6600D254EAA133F492E39D0240F7E9E883E9C | |||
1556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\oleObject1.bin | binary | |
MD5:D146162D6096A48C2A4EACE2ABD8697A | SHA256:138E2370CDCEAF9CF06A7F906A33831BB0C16523853864AF069FA473312D866B | |||
1556 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:2DFC9AE019F6020942B2012482836413 | SHA256:C2C7C9C91636F003B9CBEF40C8D6F39D50409EE8AE398099D027E0BC37B65173 | |||
1556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$ntract.doc | pgc | |
MD5:3B815371459A3F2B6CE50F7C6911F29B | SHA256:B92BACC120C132EEB9DE144BB9D03D10AB7C7CE110540A1C31C9FF8358568406 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1556 | WINWORD.EXE | 195.123.246.12:443 | microsoft-hub-us.com | — | UA | unknown |
Domain | IP | Reputation |
---|---|---|
microsoft-hub-us.com |
| unknown |