Windows Analysis Report
Q4_Benefits_&_Bonus_for_Andreas.attenberger#IyNURVhUTlVNUkFORE9NNDUjIw==.docx

Overview

General Information

Sample name: Q4_Benefits_&_Bonus_for_Andreas.attenberger#IyNURVhUTlVNUkFORE9NNDUjIw==.docx
Analysis ID: 1559096
MD5: 2f895718b3563c7b0705fd3d4fd4e1fb
SHA1: bca0f4ade8676fde18aad5e4d6f10bdbacc4db8a
SHA256: 97dae125f0747dac754bc5d99e654deb5096f9264874562d9354a51bd622d68d
Errors
  • Corrupt sample or wrongly selected analyzer.

Detection

Score: 1
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type

Classification

Source: winword.exe Memory has grown: Private usage: 1MB later: 74MB
Source: App1732085381845851700_40388F7C-376E-4770-B869-044C04F68DBC.log.0.dr String found in binary or memory: https://login.windows.net
Source: gb.xsl.0.dr OLE indicator, VBA macros: true
Source: ieee2006officeonline.xsl.0.dr OLE indicator, VBA macros: true
Source: mlaseventheditionofficeonline.xsl.0.dr OLE indicator, VBA macros: true
Source: APASixthEditionOfficeOnline.xsl.0.dr OLE indicator, VBA macros: true
Source: gostname.xsl.0.dr OLE indicator, VBA macros: true
Source: gosttitle.xsl.0.dr OLE indicator, VBA macros: true
Source: turabian.xsl.0.dr OLE indicator, VBA macros: true
Source: harvardanglia2008officeonline.xsl.0.dr OLE indicator, VBA macros: true
Source: sist02.xsl.0.dr OLE indicator, VBA macros: true
Source: chicago.xsl.0.dr OLE indicator, VBA macros: true
Source: iso690nmerical.xsl.0.dr OLE indicator, VBA macros: true
Source: iso690.xsl.0.dr OLE indicator, VBA macros: true
Source: gb.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: ieee2006officeonline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: mlaseventheditionofficeonline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: APASixthEditionOfficeOnline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gostname.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: gosttitle.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: turabian.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: harvardanglia2008officeonline.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: sist02.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: chicago.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690nmerical.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: iso690.xsl.0.dr OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
Source: classification engine Classification label: unknown1.winDOCX@2/219@0/0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Roaming\Microsoft\Office Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE File created: C:\Users\user\AppData\Local\Temp\{40388F7C-376E-4770-B869-044C04F68DBC} - OProcSessId.dat Jump to behavior
Source: Insight design set.dotx.0.dr OLE indicator, Word Document stream: true
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr OLE indicator, Word Document stream: true
Source: Equations.dotx.0.dr OLE indicator, Word Document stream: true
Source: Element design set.dotx.0.dr OLE indicator, Word Document stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/media/image2.jpg
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = word/media/image10.jpeg
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Insight design set.dotx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/theme/_rels/theme1.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/item3.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Text Sidebar (Annual Report Red and Black design).docx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/stylesWithEffects.xml
Source: Equations.dotx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/settings.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/_rels/document.xml.rels
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/document.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/fontTable.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/webSettings.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = word/glossary/styles.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = customXml/item2.xml
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = [trash]/0000.dat
Source: Element design set.dotx.0.dr Initial sample: OLE zip file path = docProps/custom.xml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common Jump to behavior
Source: Insight design set.dotx.0.dr Initial sample: OLE indicators vbamacros = False
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE Process information queried: ProcessInformation Jump to behavior
No contacted IP infos