File name: | 138d62f8ee7e4902ad23fe81e72a1f3b7ac860d3c1fd5889ed8b8236b51ba64b |
Full analysis: | https://app.any.run/tasks/359350cb-787b-4ccc-9b2c-ce745a2de6f7 |
Verdict: | Malicious activity |
Analysis date: | April 23, 2019, 16:52:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, unknown character set |
MD5: | 5AF6C9C49012DABD1468DCFA3F3E49A1 |
SHA1: | 6F6D526287DD7DE10242BDF198D091A8035A5C5B |
SHA256: | 138D62F8EE7E4902AD23FE81E72A1F3B7AC860D3C1FD5889ED8B8236B51BA64B |
SSDEEP: | 12288:Q/4PzHsSm/x5XZMZtUvzwaFea9LcGlBqiNgTwa:u4LHsSm/xxz1FbL99Mwa |
.rtf | | | Rich Text Format (100) |
---|
InternalVersionNumber: | 85 |
---|---|
CharactersWithSpaces: | 2337 |
Characters: | 1992 |
Words: | 349 |
Pages: | 6 |
TotalEditTime: | - |
RevisionNumber: | 2 |
ModifyDate: | 2017:12:08 06:29:00 |
CreateDate: | 2017:12:08 06:29:00 |
LastModifiedBy: | WINDOWS7 |
Author: | information |
Subject: | . |
Title: | personal information |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3668 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\138d62f8ee7e4902ad23fe81e72a1f3b7ac860d3c1fd5889ed8b8236b51ba64b.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3496 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | — | svchost.exe |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
2312 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | EQNEDT32.EXE | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
992 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | — | svchost.exe |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
2616 | "C:\Users\admin\AppData\Roaming\spoolsv.exe" | C:\Users\admin\AppData\Roaming\spoolsv.exe | EQNEDT32.EXE | |
User: admin Company: McAfee, Inc. Integrity Level: MEDIUM Description: VirusScan On-Demand Scan Task Properties Exit code: 13184 Version: 8.8.0.777 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3668 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR5D9C.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2312 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\vsodscpl | binary | |
MD5:C8D073323A9E287AB6461966D3269B8B | SHA256:B0F62BFD772AD67095D53E18ACFE1A9CE8A03004597D04526C41542BBEE6665E | |||
2312 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\spoolsv.exe | executable | |
MD5:FA3C8D91EF4A8B245033DDB9AA3054A2 | SHA256:59C467B1EFAD9BAD7E738C544B1B3A6BAA635E102AFCB6033B1150DA0595D809 | |||
3668 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$8d62f8ee7e4902ad23fe81e72a1f3b7ac860d3c1fd5889ed8b8236b51ba64b.rtf | pgc | |
MD5:6048A3BDAE06C7AB5E2A3314BECB465D | SHA256:84FF7086ED8E710BC562E4ADCF67F4AC87EA93762CAEED345D2C9BD150695CE6 | |||
3668 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:4484E35394B8EDAC3DE8BD1DA0EFF864 | SHA256:B2FCDA3D44DE81D99C0237FC693F53466372C2BABA65DAD15FEA871155446BB9 | |||
2312 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\vsodscpl.dll | executable | |
MD5:E82622E08BB27B63EA82DE8017B18079 | SHA256:4F08F185FDB6240F269B6AADDBEDF16E327A6B053D0309A2840B0CBD539D615B | |||
3668 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\8.t | binary | |
MD5:154C0A67A4E0F73624EC938CA35CB73E | SHA256:5C866FFC94071F8A674769C3FD2DEDCE4EB3E1F0EBCB1D615E2D7E6967BB05C3 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2616 | spoolsv.exe | 128.199.154.189:443 | — | Digital Ocean, Inc. | SG | unknown |