File name: | 81cb84514e8d406d7abde54d1e304f36.doc |
Full analysis: | https://app.any.run/tasks/c147955d-b926-4560-9957-a2f0e9f48785 |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 06:22:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | 81CB84514E8D406D7ABDE54D1E304F36 |
SHA1: | 7F4B3DE031C64E358BE845C0625B9BE56A4BD2FD |
SHA256: | FE190924F2F402138C0872A00447E0E8B97588B6D47711BBE9D6F4C7134E1F09 |
SSDEEP: | 6144:RAiVQhaAmLiXHlXh/tJvmhmroqxbFU5C5CKa9rak2:RKhrmQHlx/tFgSoKbq5K |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
AppVersion: | 12 |
---|---|
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | 19 |
LinksUpToDate: | No |
Company: | - |
ScaleCrop: | No |
Paragraphs: | 1 |
Lines: | 1 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 18 |
Words: | 2 |
Pages: | 1 |
TotalEditTime: | - |
Template: | Normal |
ModifyDate: | 2019:06:11 13:26:00Z |
CreateDate: | 2019:06:11 13:26:00Z |
RevisionNumber: | 3 |
LastModifiedBy: | HONGKONG |
Keywords: | - |
Description: | - |
---|---|
Creator: | HONGKONG |
Subject: | - |
Title: | - |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1460 |
ZipCompressedSize: | 386 |
ZipCRC: | 0x7fcf3406 |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0006 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1212 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\81cb84514e8d406d7abde54d1e304f36.doc.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3936 | "C:\Users\admin\AppData\Local\Temp\DHL-DataViewer.exe" | C:\Users\admin\AppData\Local\Temp\DHL-DataViewer.exe | — | WINWORD.EXE |
User: admin Integrity Level: MEDIUM Description: Version: 0.0.0.0 | ||||
3932 | "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\admin\AppData\Local\Temp\DHL-DataViewer.exe:Zone.Identifier" | C:\Windows\System32\cmd.exe | — | DHL-DataViewer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3312 | "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\admin\AppData\Local\Temp\DHL-DataViewer.exe:Zone.Identifier" | C:\Windows\System32\cmd.exe | — | DHL-DataViewer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1888 | "C:\Users\admin\AppData\Local\Temp\DHL-DataViewer.exe" | C:\Users\admin\AppData\Local\Temp\DHL-DataViewer.exe | — | WINWORD.EXE |
User: admin Integrity Level: MEDIUM Description: Exit code: 0 Version: 0.0.0.0 | ||||
3312 | "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\admin\AppData\Local\Temp\DHL-DataViewer.exe:Zone.Identifier" | C:\Windows\System32\cmd.exe | — | DHL-DataViewer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1412 | "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\admin\AppData\Local\Temp\DHL-DataViewer.exe:Zone.Identifier" | C:\Windows\System32\cmd.exe | — | DHL-DataViewer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1212 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR329C.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1212 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2683C25B.emf | emf | |
MD5:3EA29212F230A5B534F47AC641A037C5 | SHA256:F6049659CF6175139E67542B62775230E255B256A3E5D5D2A2E02B2FAA86629F | |||
1212 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:3107227F47377D26DFEB4773A6AFB83A | SHA256:4EE8125788061B77C12B0342B95E5F66F95A1F848A3B39220512773F24BA77B3 | |||
1212 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\DHL-DataViewer.exe | executable | |
MD5:84A4F65119105F3AF5D87D261E01CD9B | SHA256:F470CC43E85BD81CA0995C7604C99A89BD1DF2E3AF66031F8961451352B5DB33 | |||
1212 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$cb84514e8d406d7abde54d1e304f36.doc.docx | pgc | |
MD5:BE02C601D6A20569190716902088CD53 | SHA256:FFCB9F9DF46C096AF56D18267416ADEDC6FFCF68EA3AE0BC987C82645DE16637 |