IOCReport

loading gif

Files

File Path
Type
Category
Malicious
2021-02-18 Fivoor - Overleg - Kwartaaloverleg.docx
Microsoft Word 2007+
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{5F669EE6-C8B8-44F5-8B10-98F08F0A9EC5}.FSD
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{FDF085F0-5246-4600-A9C1-70EEFDDBBCBC}.FSD
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF
data
dropped
 clean
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0E989C07-30AB-4901-9D2A-3CE504568F55}.tmp
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\msoB8E3.tmp
GIF image data, version 89a, 15 x 15
dropped
 clean
C:\Users\user\AppData\Local\Temp\{2EA589A8-80DC-4151-A705-FB65CDDF635A}
data
dropped
 clean
C:\Users\user\AppData\Local\Temp\{68E33153-79B5-4476-8353-B4DAFDE9644D}
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
data
dropped
 clean
C:\Users\user\Desktop\~$21-02-18 Fivoor - Overleg - Kwartaaloverleg.docx
data
dropped
 clean
There are 3 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
 clean

Domains

Name
IP
Malicious
lemontree1.sharepoint.com
unknown
 malicious

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
?#4
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
j&4
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
i+4
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Version
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@%SystemRoot%\system32\qagentrt.dll,-10
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@%SystemRoot%\System32\fveui.dll,-843
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@%SystemRoot%\System32\fveui.dll,-844
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
@%SystemRoot%\System32\wuaueng.dll,-400
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
WORDFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
SavedLegacySettings
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Blob
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Blob
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Blob
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Blob
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Blob
 clean
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
Blob
 clean
There are 13 hidden registries, click here to show them.