File name: | 138d62f8ee7e4902ad23fe81e72a1f3b7ac860d3c1fd5889ed8b8236b51ba64b |
Full analysis: | https://app.any.run/tasks/5ad1c29c-9b5a-4fa5-b01f-6e45b973ea6f |
Verdict: | Malicious activity |
Analysis date: | April 23, 2019, 16:53:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, unknown character set |
MD5: | 5AF6C9C49012DABD1468DCFA3F3E49A1 |
SHA1: | 6F6D526287DD7DE10242BDF198D091A8035A5C5B |
SHA256: | 138D62F8EE7E4902AD23FE81E72A1F3B7AC860D3C1FD5889ED8B8236B51BA64B |
SSDEEP: | 12288:Q/4PzHsSm/x5XZMZtUvzwaFea9LcGlBqiNgTwa:u4LHsSm/xxz1FbL99Mwa |
.rtf | | | Rich Text Format (100) |
---|
InternalVersionNumber: | 85 |
---|---|
CharactersWithSpaces: | 2337 |
Characters: | 1992 |
Words: | 349 |
Pages: | 6 |
TotalEditTime: | - |
RevisionNumber: | 2 |
ModifyDate: | 2017:12:08 06:29:00 |
CreateDate: | 2017:12:08 06:29:00 |
LastModifiedBy: | WINDOWS7 |
Author: | information |
Subject: | . |
Title: | personal information |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2184 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\138d62f8ee7e4902ad23fe81e72a1f3b7ac860d3c1fd5889ed8b8236b51ba64b.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
1476 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | — | svchost.exe |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
4004 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | EQNEDT32.EXE | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
1216 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | — | svchost.exe |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
3516 | "C:\Users\admin\AppData\Roaming\spoolsv.exe" | C:\Users\admin\AppData\Roaming\spoolsv.exe | EQNEDT32.EXE | |
User: admin Company: McAfee, Inc. Integrity Level: MEDIUM Description: VirusScan On-Demand Scan Task Properties Exit code: 13184 Version: 8.8.0.777 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2184 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR2EFC.tmp.cvr | — | |
MD5:— | SHA256:— | |||
4004 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\spoolsv.exe | executable | |
MD5:FA3C8D91EF4A8B245033DDB9AA3054A2 | SHA256:59C467B1EFAD9BAD7E738C544B1B3A6BAA635E102AFCB6033B1150DA0595D809 | |||
2184 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$8d62f8ee7e4902ad23fe81e72a1f3b7ac860d3c1fd5889ed8b8236b51ba64b.rtf | pgc | |
MD5:D51F5C1AE3A682C114869B089AA1F0F3 | SHA256:1F052F335840B95D8422E1C030AC53A2EC52A3F2C581987FC13662B9D0CEAC6A | |||
4004 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\vsodscpl.dll | executable | |
MD5:E82622E08BB27B63EA82DE8017B18079 | SHA256:4F08F185FDB6240F269B6AADDBEDF16E327A6B053D0309A2840B0CBD539D615B | |||
4004 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\vsodscpl | binary | |
MD5:C8D073323A9E287AB6461966D3269B8B | SHA256:B0F62BFD772AD67095D53E18ACFE1A9CE8A03004597D04526C41542BBEE6665E | |||
2184 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\8.t | binary | |
MD5:154C0A67A4E0F73624EC938CA35CB73E | SHA256:5C866FFC94071F8A674769C3FD2DEDCE4EB3E1F0EBCB1D615E2D7E6967BB05C3 | |||
2184 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:E0A6D871DF9AF8A843020CC2FC70CA4E | SHA256:33FAFDD37700ECE853AC83901FBEAB68A9A8E725B6B27DF6C65EDBF64767BE47 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3516 | spoolsv.exe | 128.199.154.189:443 | — | Digital Ocean, Inc. | SG | unknown |