OPERATIONS.doc
This report is generated from a file or URL submitted to this webservice on July 1st 2019 08:59:05 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.30 © Hybrid Analysis
Indicators
No matches.
File Details
OPERATIONS.doc
- Filename
- OPERATIONS.doc
- Size
- 335KiB (343530 bytes)
- Type
- docx office
- Description
- Zip archive data, at least v1.0 to extract
- Architecture
- WINDOWS
- SHA256
- f2cf51ac95ba9c9e5ca15ad2f1c2d815fe973ed9ed6dd64c6a00b2eff0a1fd66
- MD5
- bc36f4c873fb062144b26283549e861a
- SHA1
- ba0ded9e0d9e87515445e3562d0478109a5c7d5f
- ssdeep
- 6144:IE/YCRugfnGUbuCduBJAi8qCX4esKmaH24iY6Dt6W1swLX9czgT6:J1R4UbuCmJ8qCnsKL24N6Dt6wrG
Classification (TrID)
- 51.0% (.DOCX) Word Microsoft Office Open XML Format document
- 38.0% (.ZIP) Open Packaging Conventions container
- 8.6% (.ZIP) ZIP compressed archive
- 2.1% (.BIN) PrintFox/Pagefox bitmap (var. P)
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 3 processes in total.
- WINWORD.EXE /n "C:\OPERATIONS.doc" (PID: 3080)
- cmd.exe /C type nul > "C:\extra_embedded_0..NET exe:Zone.Identifier" (PID: 3916)
- cmd.exe /C type nul > "C:\extra_embedded_0..NET exe:Zone.Identifier" (PID: 2664)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Clean 1
-
-
~_ERATIONS.doc
- Size
- 162B (162 bytes)
- Type
- data
- AV Scan Result
- 0/56
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- 16cf07b6d6f758652122f5c01b561b38
- SHA1
- 5ef543ce193044191392e2b8e887a300c52baf74
- SHA256
- 3882a3e04d6cf66707b31c8cb14a7c9fe512d10dd355f97a37e8666270f6e17d
-
-
Informative 9
-
-
OPERATIONS.LNK
- Size
- 463B (463 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Mon Jul 1 09:00:00 2019, mtime=Mon Jul 1 09:04:01 2019, atime=Mon Jul 1 09:04:01 2019, length=345576, window=hide
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- 77926db5ea3286114cea46f6eeb573fa
- SHA1
- de71b51088f645c90ab010a26eb82436b4e76a92
- SHA256
- 5a10b5097c8980858863d51027b48d28e5d731b1fe75dea9fa435ffad9e03100
-
index.dat
- Size
- 116B (116 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- 02386259a322fd3d71db30e76369e055
- SHA1
- 15bbca1007607ea5f6091c357127f456e0b0b276
- SHA256
- f67de540b787f4eeab004827ba1a3c5f11bc3dc9bba53a3da0f5f20992bad331
-
B80B10E7.emf
- Size
- 4.9KiB (5020 bytes)
- Type
- img image
- Description
- Windows Enhanced Metafile (EMF) image data version 0x10000
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- ff4f756d096565041a8634b9a7c57a01
- SHA1
- cb6b6a3a81613f26b421f0b74efe2f517ee7055d
- SHA256
- 684a2f3915ffcad94f70e2db64f6bfc27eec24a6f242ca671546f8059268655b
-
extra_embedded_0..NET exe.bin
- Size
- 410KiB (419328 bytes)
- Type
- peexe assembly executable
- Description
- PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- 9aa44da7422cc4dc092faf584d8ab58a
- SHA1
- b159589f73a35902ef84deb5f0640eda044d6035
- SHA256
- 2e40b9f11abd50f6db84874d759d96021f437fc5596827877e14c8a3b8d483d6
-
~WRS_432953F7-7C60-4A5C-AEB9-89E2CB92FE39_.tmp
- Size
- 1KiB (1024 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- 5d4d94ee7e06bbb0af9584119797b23a
- SHA1
- dbb111419c704f116efa8e72471dd83e86e49677
- SHA256
- 4826c0d860af884d3343ca6460b0006a7a2ce7dbccc4d743208585d997cc5fd1
-
~WRS_F9B6DD15-736D-4B51-8F8C-7591F0147A96_.tmp
- Size
- 1.5KiB (1536 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- 6470a9dac9a32ee73c3d09e4395d82c5
- SHA1
- ff39c6bfdbb2fbd5d41a879afaba9dd71afe6bf0
- SHA256
- b50b3ea1ea7899fd5c83b4474ef14d7883f25cc869f52e56afa6f83440cfa9e0
-
~WRD0000.tmp
- Size
- 337KiB (345576 bytes)
- Type
- docx office
- Description
- Microsoft Word 2007+
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- 5e8b14027fedbb064b56b5abdb0fc0a8
- SHA1
- 9df984dbaa85954f7321e649b3d02b85f71297ab
- SHA256
- fcda9187e2eccdd05602d37183cb6f055e0eed56f458cefd5ea9aeba18f734e1
-
~WRD0002.tmp
- Size
- 337KiB (345576 bytes)
- Type
- docx office
- Description
- Microsoft Word 2007+
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- 893cdde6ae3bc827d18736664cbd2601
- SHA1
- ec06331e97b0b16ac7b5f7ac7078fc2383b99422
- SHA256
- 501ed781a04eb56200a874ceb6140c18e9fbbcee70d9a5e2d6a51194fd331ca2
-
~_Normal.dotm
- Size
- 162B (162 bytes)
- Type
- data
- Runtime Process
- WINWORD.EXE (PID: 3080)
- MD5
- 16cf07b6d6f758652122f5c01b561b38
- SHA1
- 5ef543ce193044191392e2b8e887a300c52baf74
- SHA256
- 3882a3e04d6cf66707b31c8cb14a7c9fe512d10dd355f97a37e8666270f6e17d
-