Windows Analysis Report charge_12.01.2021.doc
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Suspicious MSHTA Process Patterns | Show sources |
Source: | Author: Florian Roth: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | TCP traffic: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Window created: |
System Summary: |
---|
Document contains an embedded VBA macro which may execute processes | Show sources |
Source: | OLE, VBA macro: |
Source: | OLE indicator has summary info: | ||
Source: | OLE indicator has summary info: |
Source: | Key opened: |
Source: | OLE indicator application name: | ||
Source: | OLE indicator application name: |
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro: |
Source: | OLE indicator, VBA macros: |
Source: | OLE, VBA macro line: |
Source: | Memory allocated: | ||
Source: | Memory allocated: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Virustotal: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Binary or memory string: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File read: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Binary or memory string: |
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Key value queried: |
Source: | Directory queried: | ||
Source: | Directory queried: | ||
Source: | Directory queried: | ||
Source: | Directory queried: | ||
Source: | Directory queried: | ||
Source: | Directory queried: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting12 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution13 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion1 | LSASS Memory | Virtualization/Sandbox Evasion1 | Remote Desktop Protocol | Data from Local System1 | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection1 | Security Account Manager | Remote System Discovery1 | SMB/Windows Admin Shares | Clipboard Data1 | Automated Exfiltration | Application Layer Protocol12 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting12 | NTDS | File and Directory Discovery11 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Software Packing | LSA Secrets | System Information Discovery14 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
20% | Virustotal | Browse | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
winrentals2017b.com | 194.62.42.207 | true | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
194.62.42.207 | winrentals2017b.com | Russian Federation | 34464 | ZEISS-ASRU | false |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 532355 |
Start date: | 02.12.2021 |
Start time: | 04:19:19 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | charge_12.01.2021.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.expl.winDOC@6/14@1/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
04:20:16 | API Interceptor | |
04:20:18 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
ZEISS-ASRU | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\mshta.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 203 |
Entropy (8bit): | 5.150186571388359 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3/ZKCezocKqD:J0+oxBeRmR9etdzRx/Fez1T |
MD5: | B5FF4C0F214FDF079AE6D835F046B7C5 |
SHA1: | FC1F09A696C92D366E4868A35A5AFA79129B12BE |
SHA-256: | AAF04ECB4C67DE5A7833184F5ABEEC5F48A2FC17BB8167637A421596E00C7E4C |
SHA-512: | 5DCFA31DD1A704AE698673763A2C3E96F0C7E70D06D4790033B6ECCAFF7E6A55D7D4F2913649915E1AD430E4FA9C68143D82A95A38C2B0BC315AD91099AEAB3A |
Malicious: | false |
Reputation: | low |
IE Cache URL: | http://winrentals2017b.com/tegz/Q277aG7FkN9pAcaWDfFlGNBeuaqGed8i/baWexTQoGyAAzLR/AU1XErrU1FitjjV8BBaQuem65smQXYvyd/64063/g6fJYLGHRVWp7s1tvHnZdv/XcjcYCjBX8tPaALshiDAx85PEq/cab3?ref=0t&WzOZ=9xyAidN&z3d9Ob0=EwAUkUUNyHsk&user=4Zky89n&cid=bE5YBOFyZvWHbGv9wPr7QVm&q=lYkgZNGYoZpu9 |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 14327 |
Entropy (8bit): | 7.959467120915826 |
Encrypted: | false |
SSDEEP: | 384:3j0EEYpcVhE1ltmTV/YZO4NSCWl822TnU0:w02VWnZdw9822zv |
MD5: | 76DA3E2154587DD3D69A81FCDB0C7364 |
SHA1: | 0F23E27B3A456B22A11D3FBC3132397B0DDC9357 |
SHA-256: | F9299AB3483A8F729B2ACA2111B46E9952D4491AC66124FEC22C1C789EBC3139 |
SHA-512: | A20BA525941043701E8DA5234A286FF2AF0A5F4C45998F1BA3BD59785FF4CDDAA72DE316D0BC651C68F30A6587741539B51D356BF5D6FEEAFCAE492AB277BB45 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 24064 |
Entropy (8bit): | 4.61711360044789 |
Encrypted: | false |
SSDEEP: | 192:31tC/c8L5cBp19v3+DQM7wbwM8N0jHa3tY/H8r5cBp19v3+DQM7wbwM8N0jHa:ltmcekv+Mvj8N0jatcHmkv+Mvj8N0j |
MD5: | CB1824FD94AC639BBC2FA16B0428D68D |
SHA1: | 857B6763C495ADC01475B0E6FD8A78BC5FE8E4A1 |
SHA-256: | 5F45665D6EC34D66D8FE61F17AE4F8DF54DEFABE561D5FF517EC7D2C2DDE7CCC |
SHA-512: | 0F02D723F6AA18D996CE9A9BE6E2C06AE8CD13448B8E9E06B4C1FADDB0B8249FF888ADD05655470A65AF871100E3A49CEC8BC76B470F6B77640CA6492E919621 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 21070 |
Entropy (8bit): | 2.7051724386748672 |
Encrypted: | false |
SSDEEP: | 384:UlKV5yQOUVTs4SULwZ4pPVqHoVTQCOiTY5qFQ5q9eH4TsssHsU9YsqYjQYxtYn9q:ZGQOUVTs4SULwZ4pPVqHoVTQCOiThFJI |
MD5: | F21872093625D2BA00E54A3D108AF87C |
SHA1: | 863CA8B13F268B27CCE55FB2529F6DEB0E3F7FAD |
SHA-256: | 415D7D16904A8DEFC4E43F7B987E07C6DE35129DA74C02EDF24AA2D09BBE0D65 |
SHA-512: | 2C9244309A1C5DC95AB46FBEE99599DDE2481FE182665F63E9FA6C2958A930B4B312698B0CE6F941F3B1BA81672472F74CBF72851AEE410386C3BE8DCB0B2FAF |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 895 |
Entropy (8bit): | 4.475235381678639 |
Encrypted: | false |
SSDEEP: | 12:85Qt1lgXg/XAlCPCHaX6zBFbZD4KID3KicvbJIb4uCN1KZ3YilMMEpxRljKXTdXq:85C/XTKz3FkKsheyl2Y3qyZVNZVu/ |
MD5: | 06C90362D402245A0B0BAFA5A3E6531B |
SHA1: | 6D411C7BAFCCFBDA2233AE29DF9A94016DC49CFD |
SHA-256: | A0B8A90325D92635152F8102568FE6C0BB54408D11D32C72A30595C61CCFAC17 |
SHA-512: | 756D21086454E12DB0DF62F9F7D55D076FC2DEBD86D429C2590910786AB9A041AD58D0F6644D90E3BD7286958146ED657040870C12C4C8722B93EDA85AB26AB6 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1049 |
Entropy (8bit): | 4.514584183357273 |
Encrypted: | false |
SSDEEP: | 12:8BTzsTpA0gXg/XAlCPCHaX6zBFB/z+X+WsL7O/e4icvbT9442WDtZ3YilMMEpxR7:8dvk/XTKz3c2L7jreGoDv3qyQd7Qy |
MD5: | E709F4ED79010029EA756E43C97300E0 |
SHA1: | EB8BF923D3FCFB7C7506DC3746848ECAD22A6785 |
SHA-256: | 7315E9E82BFD64A149C161A616757BFE34938D92548C05C36B06BADA5D0D3EEA |
SHA-512: | 37E5338794A122E4002DDB9A23F06CCC387F765B4CC1CCA202DBA92F24B190CECB6E4A6FF4298F4CC8246DA75DC832633FF61AD32F3230F20585814BACA0936B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 143 |
Entropy (8bit): | 4.8475007361621305 |
Encrypted: | false |
SSDEEP: | 3:bDuMJleWSGCKLUlwcXAlWCEKUBCmX1a+CGCKLUlmxWXLRBCv:bCES2UPAk7BE+C2UJLRBs |
MD5: | 8783DD2CAE71F2E44E75175200CC3C71 |
SHA1: | 59A8D8943F354672ED2E4E1B0B97BC85F4529446 |
SHA-256: | D3511F772A8D95B4A56063132C49190D6165483DD1005B36647DF6AFB0D4567B |
SHA-512: | 8B26982B2136CAB23B8068A0C9A20FB0DC06205F7618B39A682C933550C645B4F4FEE65992D84763AB0CB3F32C887C51D44AC2AF8C97D383F3CDB6FED64F377F |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 1025 |
Entropy (8bit): | 4.53172314563644 |
Encrypted: | false |
SSDEEP: | 12:8Dwh6FRgXg/XAlCPCHaX6zBFbEDb5KIDhrc7H2NcW1KicvbJIYnYWluCN1KZ3YiU:8P/XTKz3wP5K0Q4eyYYWM2Y3qyR7m |
MD5: | 0A9A707360E344370C535C595C655FE5 |
SHA1: | 3DBD4D9B42BEBB0718FDD2E70B81CEAC0E500865 |
SHA-256: | 7A90EDFC0B1456A5B5735277C9F2A363BB703A2B7ADF4F9575227104FF0F0FFB |
SHA-512: | 2A4F0DD8E8101486CEE4B92855D874CF059044E7C637C55E2A201CCB346E7B38947DFBFC6C051B2F9749601681D35A3FB20142922EE1F0D132A4B1D3FAE898FD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l |
MD5: | 45B1E2B14BE6C1EFC217DCE28709F72D |
SHA1: | 64E3E91D6557D176776A498CF0776BE3679F13C3 |
SHA-256: | 508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6 |
SHA-512: | 2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l |
MD5: | 45B1E2B14BE6C1EFC217DCE28709F72D |
SHA1: | 64E3E91D6557D176776A498CF0776BE3679F13C3 |
SHA-256: | 508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6 |
SHA-512: | 2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3342 |
Entropy (8bit): | 5.787478297876638 |
Encrypted: | false |
SSDEEP: | 96:iOVvcNLnp15eL/XaxaFD1OIWCOrWETgAgQg+jgMo0Y01MDdq:iOVqb5Sa05OIWCSWETgAgQgKgu1o8 |
MD5: | 55D9EAB53D4063A53B6ED05F7B1E75E7 |
SHA1: | E6B4C81676D3EF0D2F7D08A6CC2AD90EB54908C3 |
SHA-256: | C7F40608CE8A3DDA25C13D117790D08EF757B07B8C2CCB645A27A71ADC322FB2 |
SHA-512: | E90768D87C7B191D41D3944957725DB0E1F29FA865E24FD7308656FC9249CA0A5D1BD0ABEDA3BBC68528EFC0CE6BC3A79EB434C375FD5C6EC90455C6E19A74F9 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l |
MD5: | 45B1E2B14BE6C1EFC217DCE28709F72D |
SHA1: | 64E3E91D6557D176776A498CF0776BE3679F13C3 |
SHA-256: | 508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6 |
SHA-512: | 2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3342 |
Entropy (8bit): | 5.787478297876638 |
Encrypted: | false |
SSDEEP: | 96:iOVvcNLnp15eL/XaxaFD1OIWCOrWETgAgQg+jgMo0Y01MDdq:iOVqb5Sa05OIWCSWETgAgQgKgu1o8 |
MD5: | 55D9EAB53D4063A53B6ED05F7B1E75E7 |
SHA1: | E6B4C81676D3EF0D2F7D08A6CC2AD90EB54908C3 |
SHA-256: | C7F40608CE8A3DDA25C13D117790D08EF757B07B8C2CCB645A27A71ADC322FB2 |
SHA-512: | E90768D87C7B191D41D3944957725DB0E1F29FA865E24FD7308656FC9249CA0A5D1BD0ABEDA3BBC68528EFC0CE6BC3A79EB434C375FD5C6EC90455C6E19A74F9 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.789270534017578 |
TrID: |
|
File name: | charge_12.01.2021.doc |
File size: | 34322 |
MD5: | 18499830201cddade8183b8e24fdf30a |
SHA1: | 55c498cf7273cab567f49a00c15ca3316c001215 |
SHA256: | 0a42f6762ae4f3b1d95aae0f8977cde6361f1d59b5ccc400c41772db0205f7c5 |
SHA512: | 0a59ed2f3491bbd547d3ae543c6efcf965d1da65c02f900b09d6c75afd92dfc98c4182af7392b9d77b79cf0c17fe30d232449396a3a3be14c96b07ce7718928e |
SSDEEP: | 768:JouYXWQ6W02VWnZdw9822zARtrLfxl1Isq:mLmxfcWwkyNLfx4 |
File Content Preview: | PK..........!...O.............[Content_Types].xml ...(......................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | e4eea2aaa4b4b4a4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "/opt/package/joesandbox/database/analysis/532355/sample/charge_12.01.2021.doc" |
---|
Indicators | |
---|---|
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Title: | |
Subject: | |
Author: | |
Keywords: | |
Template: | |
Last Saved By: | |
Revion Number: | 2 |
Total Edit Time: | 0 |
Create Time: | 2021-12-01T11:28:00Z |
Last Saved Time: | 2021-12-01T11:28:00Z |
Number of Pages: | 1 |
Number of Words: | 116 |
Number of Characters: | 9905 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Number of Lines: | 55 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 16.0000 |
Streams with VBA |
---|
VBA File Name: ThisDocument.cls, Stream Size: 2131 |
---|
General | |
---|---|
Stream Path: | VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 2131 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . " . . . 0 . . . . . . . . . . . . . . . - $ " 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . 1 . , . . . I . C + . . . . . . . 1 . . . . M . . . . , 1 ] \\ . . . . . . . . . . . . . . . . . . . . . 4 . . . . . J . . . . I 9 . : . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . 4 . . . . . J . . . . I 9 . : . 1 . , . . . I . C + . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 06 00 01 00 00 f4 04 00 00 e4 00 00 00 ea 01 00 00 22 05 00 00 30 05 00 00 c0 06 00 00 03 00 00 00 01 00 00 00 2d 24 22 31 00 00 ff ff a3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 96 31 f1 2c da ac df 49 b1 43 2b df da 14 fc be e0 d7 31 ff fb e4 a3 4d b5 cc 09 86 2c 31 5d 5c 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code |
---|
|
VBA File Name: main.bas, Stream Size: 1148 |
---|
General | |
---|---|
Stream Path: | VBA/main |
VBA File Name: | main.bas |
Stream Size: | 1148 |
Data ASCII: | . . . . . . . . . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - $ . A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 7a 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 81 02 00 00 a1 03 00 00 00 00 00 00 01 00 00 00 2d 24 9c 41 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code |
---|
|
Streams |
---|
Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 406 |
---|
General | |
---|---|
Stream Path: | PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 406 |
Entropy: | 5.30459067678 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 4 C 4 C B 6 7 3 - B F A 3 - 4 F 2 A - A F 5 A - A 6 3 2 A C 7 9 3 7 5 A } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . M o d u l e = m a i n . . N a m e = " P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 9 F 9 D 8 D 3 0 B 3 5 0 5 6 5 4 5 6 5 4 5 6 5 4 5 6 5 4 " . . D P B = " 3 E 3 C 2 C D 1 5 4 E F F 2 F 0 F 2 F 0 F 2 " . . G C = " D D D F C F 6 E F 1 0 C F 2 0 C F 2 F 3 " . . . . [ |
Data Raw: | 49 44 3d 22 7b 34 43 34 43 42 36 37 33 2d 42 46 41 33 2d 34 46 32 41 2d 41 46 35 41 2d 41 36 33 32 41 43 37 39 33 37 35 41 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 6d 61 69 6e 0d 0a 4e 61 6d 65 3d 22 50 72 6f 6a 65 63 74 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 |
Stream Path: PROJECTwm, File Type: data, Stream Size: 56 |
---|
General | |
---|---|
Stream Path: | PROJECTwm |
File Type: | data |
Stream Size: | 56 |
Entropy: | 3.05665670746 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . m a i n . m . a . i . n . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 6d 61 69 6e 00 6d 00 61 00 69 00 6e 00 00 00 00 00 |
Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 2864 |
---|
General | |
---|---|
Stream Path: | VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 2864 |
Entropy: | 4.29981377884 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . |
Data Raw: | cc 61 b2 00 00 03 00 ff 19 04 00 00 09 04 00 00 e3 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 1667 |
---|
General | |
---|---|
Stream Path: | VBA/__SRP_0 |
File Type: | data |
Stream Size: | 1667 |
Entropy: | 3.52769533528 |
Base64 Encoded: | False |
Data ASCII: | . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * \\ C N o r m a l r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ Z . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . O - . . % . J . i . . x - a ] . . . . . . . . . . . |
Data Raw: | 93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 01 00 09 00 00 00 2a 5c 43 4e 6f 72 6d 61 6c 72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00 |
Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 232 |
---|
General | |
---|---|
Stream Path: | VBA/__SRP_1 |
File Type: | data |
Stream Size: | 232 |
Entropy: | 2.20499301264 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . y o u D o o r N e x t . . . . . . . . . . . . . . . . y o u L o a d X . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 7a 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 ff ff ff ff ff ff ff ff 06 00 00 00 00 00 |
Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 799 |
---|
General | |
---|---|
Stream Path: | VBA/__SRP_2 |
File Type: | data |
Stream Size: | 799 |
Entropy: | 1.96552857808 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 03 00 03 00 00 00 00 00 01 00 01 00 00 00 01 00 71 07 00 00 00 00 00 00 00 00 00 00 a1 07 00 00 00 00 00 00 00 00 00 00 d1 07 |
Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 314 |
---|
General | |
---|---|
Stream Path: | VBA/__SRP_3 |
File Type: | data |
Stream Size: | 314 |
Entropy: | 2.19683844969 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O . X . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 40 00 e1 01 00 00 00 00 00 00 00 00 02 00 00 00 04 60 04 01 e1 0d ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
Stream Path: VBA/dir, File Type: data, Stream Size: 552 |
---|
General | |
---|---|
Stream Path: | VBA/dir |
File Type: | data |
Stream Size: | 552 |
Entropy: | 6.3505975093 |
Base64 Encoded: | True |
Data ASCII: | . $ . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . . t . c . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E N o r m a l . . E N . C r . m . a Q . F . . . . . . . * . \\ C . . . . . m . . . |
Data Raw: | 01 24 b2 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e3 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 f6 74 a0 63 0d 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 2, 2021 04:20:15.383035898 CET | 49165 | 80 | 192.168.2.22 | 194.62.42.207 |
Dec 2, 2021 04:20:15.472258091 CET | 80 | 49165 | 194.62.42.207 | 192.168.2.22 |
Dec 2, 2021 04:20:15.472520113 CET | 49165 | 80 | 192.168.2.22 | 194.62.42.207 |
Dec 2, 2021 04:20:15.765425920 CET | 49165 | 80 | 192.168.2.22 | 194.62.42.207 |
Dec 2, 2021 04:20:15.854682922 CET | 80 | 49165 | 194.62.42.207 | 192.168.2.22 |
Dec 2, 2021 04:20:16.313687086 CET | 80 | 49165 | 194.62.42.207 | 192.168.2.22 |
Dec 2, 2021 04:20:16.313941002 CET | 49165 | 80 | 192.168.2.22 | 194.62.42.207 |
Dec 2, 2021 04:20:20.341320992 CET | 49165 | 80 | 192.168.2.22 | 194.62.42.207 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 2, 2021 04:20:15.315145016 CET | 52167 | 53 | 192.168.2.22 | 8.8.8.8 |
Dec 2, 2021 04:20:15.352807045 CET | 53 | 52167 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 2, 2021 04:20:15.315145016 CET | 192.168.2.22 | 8.8.8.8 | 0x92e6 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 2, 2021 04:20:15.352807045 CET | 8.8.8.8 | 192.168.2.22 | 0x92e6 | No error (0) | 194.62.42.207 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49165 | 194.62.42.207 | 80 | C:\Windows\SysWOW64\mshta.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Dec 2, 2021 04:20:15.765425920 CET | 0 | OUT | |
Dec 2, 2021 04:20:16.313687086 CET | 1 | IN |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 04:20:12 |
Start date: | 02/12/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f410000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 04:20:16 |
Start date: | 02/12/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffa10000 |
File size: | 3229696 bytes |
MD5 hash: | 38AE1B3C38FAEF56FE4907922F0385BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 04:20:17 |
Start date: | 02/12/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffa10000 |
File size: | 3229696 bytes |
MD5 hash: | 38AE1B3C38FAEF56FE4907922F0385BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 04:20:17 |
Start date: | 02/12/2021 |
Path: | C:\Windows\SysWOW64\mshta.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe10000 |
File size: | 13312 bytes |
MD5 hash: | ABDFC692D9FE43E2BA8FE6CB5A8CB95A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|