File name: | Запит клієнта.doc |
Full analysis: | https://app.any.run/tasks/f125d5e8-31c8-42e0-be5c-19c8caa49a46 |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 08:30:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, unknown character set |
MD5: | 2E352DD74AE1F771B2B6501BEE5752AB |
SHA1: | 8AE034C4AF737D743FC83D3E7311AF2592776A06 |
SHA256: | 40FB06033E15298A38C15580DAA88F81AEB83739DA0E2763F0358B0162D746E9 |
SSDEEP: | 768:OvyXCdJWz7zpgegbFzBLob2GR/yapptJdRH4v:cm7gJe/BrH74v |
.rtf | | | Rich Text Format (100) |
---|
Title: | Not |
---|---|
Author: | C |
LastModifiedBy: | Windows User |
CreateDate: | 2019:06:20 00:52:00 |
ModifyDate: | 2019:06:20 00:52:00 |
RevisionNumber: | 2 |
TotalEditTime: | 1 minute |
Pages: | 1 |
Words: | - |
Characters: | 4 |
CharactersWithSpaces: | 4 |
InternalVersionNumber: | 24689 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3692 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Запит клієнта.doc.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2804 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | — | svchost.exe |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
3052 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | EQNEDT32.EXE | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Version: 00110900 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3692 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRF712.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3692 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\wd32PrvSE.wmf | binary | |
MD5:274FBE7423A2650BC5432767F3869EE5 | SHA256:BFF30FCC9A9A78F2D1F45B238DF628B82E4FB1E9A8DD4E062BE6BF77A978F082 | |||
3692 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:DC5CFC2A06194321FECBA902009F4DAE | SHA256:B07FC3413BAED1CB2297033D59D57BFED7A9BC31CAC9F1F76BB9880CDB4B51ED | |||
3692 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$пит клієнта.doc.rtf | pgc | |
MD5:EAEFEB2257F2FD4EFAD616320E85EF69 | SHA256:89637A023575777EED9398A61906DDE38A621BF12AC8EB57FDB4977CAB16F680 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3052 | EQNEDT32.EXE | 104.27.142.252:443 | m.put.re | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
m.put.re |
| suspicious |