Windows
Analysis Report
Credit Ref Verify - American States Utility Service for National Stormwater Trust Inc.doc
Overview
General Information
Detection
Score: | 1 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w7x64
- WINWORD.EXE (PID: 2548 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, ObjectPool: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | File read: | Jump to behavior |
Source: | OLE indicator, Word Document stream: |
Source: | File created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | 1 Ingress Tool Transfer | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 581989 |
Start date: | 02.03.2022 |
Start time: | 21:38:42 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 12s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Credit Ref Verify - American States Utility Service for National Stormwater Trust Inc.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 3 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean1.winDOC@1/8@0/0 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
- Report size getting too big, too many NtQueryAttributesFile calls found.
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{FD4A9FF0-45D4-4B29-B275-F3D0609FB7FF}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 155648 |
Entropy (8bit): | 3.3987793966196556 |
Encrypted: | false |
SSDEEP: | 768:NE0iyR3CjNE0iyR3CjNE0iyR3Cj4rO80+irO80+irO80+:ZiaCtiaCtiaCb+h+h+ |
MD5: | 9BDE7B7F966C29FAA52AC8D4CCC0AB96 |
SHA1: | D54034F995E7156518E50A89FDAC129B33815E80 |
SHA-256: | DE2ED6A15DE0C6F0C210B37C61881B3A8708449388D74A745CE3837E4485A359 |
SHA-512: | 170D9CFEF09156C523E16A0D9643251946247559DD87B98D7999E777E0D5AC45937F5EB4250B50C33D17E53B5300F640E368F631AC0A8D2859BD39B81896C89B |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{05321645-6541-494A-9CAF-CDF206BEB341}.tmp
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Credit Ref Verify - American States Utility Service for National Stormwater Trust Inc.LNK
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1389 |
Entropy (8bit): | 4.536102341958585 |
Encrypted: | false |
SSDEEP: | 24:8pYiP/XTuzLIi4Z1dcN4D7eisObA2X1dcN4D1Dv3qGniQd7Qy:8ZP/XTkaZM07pbA2XM0EGiUj |
MD5: | 4A8E436E8DA07B9423E244E30F22737F |
SHA1: | 3D7DC70403C5DDE2FD09F443C34840C91970D67D |
SHA-256: | 442C96C6C5B7CF349545BD9408126B51ECE335B353033E42EE0A32D257FDC3B1 |
SHA-512: | 4E587616EF7557FED1AAAD0D7CA814B613F578ABE841C0B482ABD350A3B2352014A5297B96DFE046C82D80F199184ACD9648FC177DF14581B65679C769A99BD3 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 221 |
Entropy (8bit): | 4.744400811065283 |
Encrypted: | false |
SSDEEP: | 6:bCCQSFAy7wFEQNA2vegFrSFAy7wFEQNA2veg1:bCiZwmQNA2lFYZwmQNA2l1 |
MD5: | 5605F60055131D415A91AFE264ACA486 |
SHA1: | D8261663AB0AAFF1B267F01D2EC7192E39E23C48 |
SHA-256: | 246A91524CF2D3FFDEDDE44C86519F9D8B00C9D90BA848CB50957BEFB8581F85 |
SHA-512: | 4F85BA246DCDC4C9FB21D084716D19D19CA5807F7DD44906768512127D9AC675D4C5EF7C32F60971EF8AD96D8E590FA6586FAC005DD7D323898EA8C241B0570F |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707526 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyYpfHh233WWPAyfGpKyH/ln:vdsCkWtxJgJXKl |
MD5: | 6462452E1083FFF3724A32DC01771E8B |
SHA1: | 244116899824E727C5C399064F004C71D88F7254 |
SHA-256: | 869216753E7235557D0BDCC32046E7DA62B2DD69B9B7175F27AD546161F1EB2A |
SHA-512: | 303C93E9E5AB236053693ECE6B9925F4E451EE28834A46DCF2A23311CD254F022967632852AFEB46E4C842DCE42072192F0B726B48FBBE9D5FA907918B71CE88 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2 |
Entropy (8bit): | 1.0 |
Encrypted: | false |
SSDEEP: | 3:Qn:Qn |
MD5: | F3B25701FE362EC84616A93A45CE9998 |
SHA1: | D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB |
SHA-256: | B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
SHA-512: | 98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
C:\Users\user\Desktop\~$edit Ref Verify - American States Utility Service for National Stormwater Trust Inc.doc
Download File
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.503835550707526 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyYpfHh233WWPAyfGpKyH/ln:vdsCkWtxJgJXKl |
MD5: | 6462452E1083FFF3724A32DC01771E8B |
SHA1: | 244116899824E727C5C399064F004C71D88F7254 |
SHA-256: | 869216753E7235557D0BDCC32046E7DA62B2DD69B9B7175F27AD546161F1EB2A |
SHA-512: | 303C93E9E5AB236053693ECE6B9925F4E451EE28834A46DCF2A23311CD254F022967632852AFEB46E4C842DCE42072192F0B726B48FBBE9D5FA907918B71CE88 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
File type: | |
Entropy (8bit): | 4.3820695248638515 |
TrID: |
|
File name: | Credit Ref Verify - American States Utility Service for National Stormwater Trust Inc.doc |
File size: | 201216 |
MD5: | 08b06c35612aa766211a217f2dfafbd5 |
SHA1: | 695e32fa43d9e2aee8a3cf49d69e495237818207 |
SHA256: | abcaacb83b6dab3f55e6db5f48928b562da2e2d87e67b4267342e1c05dfc89a8 |
SHA512: | 0ecdf562808452f7c7064cba78cbcdcd204b891113b1b38fc31152e81728a8de27070884e28a5ea2ea95e741fa903e6afbf8e01b9a452ff8a92642714a460120 |
SSDEEP: | 1536:DuQQQQQgiaCtiaCtiaCb+h+h+nN18sHtjS4xrt:DuQQQQQtXAXAXb+h+h+Nmspx |
File Content Preview: | ........................>...............................................................b...................................................................................................................................................................... |
Icon Hash: | e4eea2aaa4b4b4a4 |
Document Type: | OLE |
Number of OLE Files: | 1 |
OLE File "Credit Ref Verify - American States Utility Service for National Stormwater Trust Inc.doc"
Has Summary Info: | |
Application Name: | Microsoft Office Word |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | True |
Flash Objects Count: | 0 |
Contains VBA Macros: | False |
Code Page: | 1252 |
Title: | |
Subject: | |
Author: | |
Keywords: | |
Template: | |
Last Saved By: | |
Revion Number: | 4 |
Total Edit Time: | 360 |
Last Printed: | 2022-02-23 17:25:00 |
Create Time: | 2022-03-02 19:46:00 |
Last Saved Time: | 2022-03-02 19:51:00 |
Number of Pages: | 1 |
Number of Words: | 152 |
Number of Characters: | 871 |
Creating Application: | |
Security: | 0 |
Document Code Page: | 1252 |
Number of Bytes: | 46592 |
Number of Lines: | 7 |
Number of Paragraphs: | 2 |
Thumbnail Scaling Desired: | False |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 1048576 |
General | |
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.2359563651 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 624 |
Entropy: | 3.35289411236 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . D . . . . . . . . . . . . . . . + , . . L . . . . . . . . . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 44 00 00 00 05 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 4c 01 00 00 08 01 00 00 0d 00 00 00 01 00 00 00 70 00 00 00 0f 00 00 00 78 00 00 00 04 00 00 00 84 00 00 00 05 00 00 00 8c 00 00 00 06 00 00 00 94 00 00 00 11 00 00 00 9c 00 00 00 17 00 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 468 |
Entropy: | 3.76809440063 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . . . 4 . . . . . . . T . . . . . . . ` . . . . . . . l . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P r o f e s s i o n a l M e m o . . . . . . . . . . . . . . . . . . . . . . . R o b e r t A |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a4 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 b4 00 00 00 04 00 00 00 c0 00 00 00 05 00 00 00 e0 00 00 00 07 00 00 00 ec 00 00 00 08 00 00 00 08 01 00 00 09 00 00 00 28 01 00 00 12 00 00 00 34 01 00 00 |
General | |
Stream Path: | 1Table |
File Type: | dBase III DBT, version number 0, next free block index 3737106 |
Stream Size: | 17958 |
Entropy: | 5.15749056356 |
Base64 Encoded: | True |
Data ASCII: | . . 9 . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 12 06 39 00 12 00 01 00 78 01 0f 00 07 00 00 00 00 00 00 00 00 00 04 00 08 00 00 00 08 00 00 00 08 00 00 00 08 00 00 00 08 00 00 00 08 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | Data |
File Type: | data |
Stream Size: | 17322 |
Entropy: | 7.27425978769 |
Base64 Encoded: | False |
Data ASCII: | E C . . D . d . . . . . . . . . . . . . . . . . . . . . . ' . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . # . . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . b . . . . B . . . . . % Q . . > . z . } v z ( * . . . . B . . . . . . D . . . . . . . . n . . . B . . . % Q . . > . z . } v z ( * . . . P N G . . . . . . . . I H D R . . . H . . . . . . . . . . . ' p . . . . s R G B . . . . . . . . . p H Y s . . . . . . . . . |
Data Raw: | 45 43 00 00 44 00 64 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 9c 27 cd 0d 60 02 19 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 30 00 00 00 b2 04 0a f0 08 00 00 00 01 04 00 00 00 0a 00 00 23 00 0b f0 0c 00 00 00 04 41 01 00 00 00 ff 01 00 00 08 00 00 00 10 f0 04 00 00 00 00 00 00 80 62 00 07 f0 |
General | |
Stream Path: | ObjectPool/_1064645219/\x1CompObj |
File Type: | data |
Stream Size: | 102 |
Entropy: | 3.62482561758 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A d o b e P h o t o s h o p I m a g e . . . . . A d o b e P h o t o D e l u x e I m a g e . . . . . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 00 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 49 6d 61 67 65 00 18 00 00 00 41 64 6f 62 65 20 50 68 6f 74 6f 44 65 6c 75 78 65 20 49 6d 61 67 65 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | ObjectPool/_1064645219/\x1Ole |
File Type: | data |
Stream Size: | 20 |
Entropy: | 0.568995593589 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | ObjectPool/_1064645219/\x3ObjInfo |
File Type: | data |
Stream Size: | 4 |
Entropy: | 0.811278124459 |
Base64 Encoded: | False |
Data ASCII: | . . . . |
Data Raw: | 00 00 03 00 |
General | |
Stream Path: | ObjectPool/_1064645219/CONTENTS |
File Type: | Adobe Photoshop Image, 1352 x 471, RGB, 3x 8-bit channels |
Stream Size: | 150157 |
Entropy: | 3.43936161306 |
Base64 Encoded: | False |
Data ASCII: | 8 B P S . . . . . . . . . . . . . . . . . H . . . . . . . . . . . | 8 B I M . . . . . . . . . H . . . . . . . H . . . . . . 8 B I M . . . . . . . . . . . . . . . . 8 B I M ' . . . . . . . . . . . . . . . . . 8 B I M . . . . . . . H . / f f . . . l f f . . . . . . . . . / f f . . . . . . . . . . . . . . . 2 . . . . . Z . . . . . . . . . . . 5 . . . . . - . . . . . . . . . . 8 B I M . . . . . . . . . . 8 B I M . . . . . . . . . . P H U T . 5 . . . . . D . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 38 42 50 53 00 01 00 00 00 00 00 00 00 03 00 00 01 d7 00 00 05 48 00 08 00 03 00 00 00 00 00 00 01 7c 38 42 49 4d 03 ed 00 00 00 00 00 10 00 48 00 00 00 01 00 01 00 48 00 00 00 01 00 01 38 42 49 4d 03 f3 00 00 00 00 00 08 00 00 00 00 00 00 00 01 38 42 49 4d 27 10 00 00 00 00 00 0a 00 01 00 00 00 00 00 00 00 02 38 42 49 4d 03 f5 00 00 00 00 00 48 00 2f 66 66 00 01 00 6c 66 66 00 06 |
General | |
Stream Path: | WordDocument |
File Type: | data |
Stream Size: | 7732 |
Entropy: | 3.97814084136 |
Base64 Encoded: | True |
Data ASCII: | . . . . ) . . . . . . 2 . . . . . . . . . . . . . . . . / . . . . . b j b j . . . . . . . . . . . . . . . . . . . . . . . . . . 4 . . . . . 4 h . . 4 h . . . . . . . . / . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . " . . . . . . . " . . . . . . . " . . . . . . . " . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . & " . . . . . . & " . . . . . . & " . . 8 . . . ^ " . . , . |
Data Raw: | ec a5 c1 00 29 00 09 04 00 00 f8 32 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 2f 0c 00 00 0e 00 62 6a 62 6a f4 a0 f4 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 04 16 00 34 1e 00 00 96 ca 34 68 96 ca 34 68 ff 03 00 00 00 00 00 00 2f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 21:39:15 |
Start date: | 02/03/2022 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f750000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |