File name: | 5f63e4a8d34224a4df7756d8dc147df4d42585e8616a43b389ed1b058b704b4c |
Full analysis: | https://app.any.run/tasks/87d6b831-b20a-4e84-93fb-ea029bde329f |
Verdict: | Malicious activity |
Analysis date: | January 18, 2019, 13:19:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/rtf |
File info: | Rich Text Format data, unknown version |
MD5: | D3A37758A7423137BCE59BE947F90CCF |
SHA1: | 3C92C137409198667C3D332D586FB2CDFD1535E2 |
SHA256: | 5F63E4A8D34224A4DF7756D8DC147DF4D42585E8616A43B389ED1B058B704B4C |
SSDEEP: | 3072:GjoaFp9MqO+OkGEWxlKzV0fQQffo7zhvi6iti61iVJMo9kf0r:cp9MqOJkbW7kifQQXo7zhi6ir1ijyMr |
.rtf | | | Rich Text Format (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2816 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\5f63e4a8d34224a4df7756d8dc147df4d42585e8616a43b389ed1b058b704b4c.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3192 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2816 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9A71.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2816 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:0FEE22FA40EAB618E269AF59EF990721 | SHA256:DB543AC7F35DE26670D8A65A74DD48BCF6E5E70FF2A75D8A42E2FD500F8A170D | |||
2816 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$63e4a8d34224a4df7756d8dc147df4d42585e8616a43b389ed1b058b704b4c.rtf | pgc | |
MD5:3D7BEB5F6633461B3F64E1F78CD32567 | SHA256:E150D5D5701BD5BBE46F7883B7753794CA56F733BEF3F4FD0BCC11EEC04DF96F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3192 | EQNEDT32.EXE | GET | 404 | 198.54.126.123:80 | http://becker-tm.org/mmunix/xoio.exe | US | html | 332 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3192 | EQNEDT32.EXE | 198.54.126.123:80 | becker-tm.org | Namecheap, Inc. | US | malicious |
Domain | IP | Reputation |
---|---|---|
becker-tm.org |
| malicious |