File name: | 4f754f9a21f09c3f2e62f476f5b9bcfa9f59c2c02099465cd8f4ae731e3642dc.rtf |
Full analysis: | https://app.any.run/tasks/e49a228d-15fd-480a-9588-c747d8d4e8d9 |
Verdict: | Malicious activity |
Analysis date: | January 17, 2020, 14:44:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, unknown character set |
MD5: | 1BAE1B310F29029D40896F6D92F3AF5D |
SHA1: | 33AC6156646DF1D5FB8615CB23D4A19F92EB5BE7 |
SHA256: | 4F754F9A21F09C3F2E62F476F5B9BCFA9F59C2C02099465CD8F4AE731E3642DC |
SSDEEP: | 1536:mh06KTP6npTvJEdh6dRtueReVeEe+fPf/Ppto6/ngR9LgMNRargbu34FRIxPILSJ:mhr6PoNmxgLSQWnT |
.rtf | | | Rich Text Format (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2128 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\4f754f9a21f09c3f2e62f476f5b9bcfa9f59c2c02099465cd8f4ae731e3642dc.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2128 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA86F.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2128 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\798B82CA.png | — | |
MD5:— | SHA256:— | |||
2128 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$754f9a21f09c3f2e62f476f5b9bcfa9f59c2c02099465cd8f4ae731e3642dc.rtf | pgc | |
MD5:9E90CD16185B084DE44BA1524F6F7A7B | SHA256:7BAAB9C7689B75A4D759F410623F47BCC57FF854B58899AF00203DD2BADB572E | |||
2128 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\AbctfhghghghghŠ.scT | html | |
MD5:A577C00277189C99FE49B5E794E50E7A | SHA256:C1B954E7F030BB14B99C2C61758A1E60D17CF4574E2A055875B2123417935612 | |||
2128 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:E755D9D7A3DFBFCBDFE1CED66D92B911 | SHA256:ABC564DDCD0E6D591C3CF4E0D82CDA84FFDB249CAEE68A97E737CB2A7178A8AB |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2128 | WINWORD.EXE | 84.16.248.166:80 | — | Leaseweb Deutschland GmbH | DE | malicious |
Domain | IP | Reputation |
---|---|---|
dns.msftncsi.com |
| shared |