File name: | 8aabd2e10859f8a81aa289f93dc8bb21e692379df3cbcea9f64a3449ba0d76c0 |
Full analysis: | https://app.any.run/tasks/cb51be87-14b8-46da-9fd3-f8cfb4a779ef |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 03:54:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, unknown character set |
MD5: | 9C460424BCA7FF20908F47B5C601E7AD |
SHA1: | 6CABD6E3CCB42893333CDC9D4BFD75B1240B905A |
SHA256: | 8AABD2E10859F8A81AA289F93DC8BB21E692379DF3CBCEA9F64A3449BA0D76C0 |
SSDEEP: | 1536:mPYRSTnlqtHv9YNpMhAFe1ehege+fD/fDNnoAaMF3gMSNkRCeY5YYZaFRIxPILSe:mPY5mNosmxgLSQWno |
.rtf | | | Rich Text Format (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2876 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\8aabd2e10859f8a81aa289f93dc8bb21e692379df3cbcea9f64a3449ba0d76c0.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2876 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR8E1B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2876 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\76D56528.png | — | |
MD5:— | SHA256:— | |||
2876 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Abctfhghghghghg.scT | xml | |
MD5:49C779F22E5BA625CEE490504258D6E1 | SHA256:B04D0F3D2E073250B1F8375D2BA97FB14115C8C6651F8C48CA0465715182DFC7 | |||
2876 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:62F2DA178DD59EBA6B61EE250E55F925 | SHA256:8CF938206B83D51659082A32A71F3A9F077217F5A2E07A98541350C60245A244 | |||
2876 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$abd2e10859f8a81aa289f93dc8bb21e692379df3cbcea9f64a3449ba0d76c0.rtf | pgc | |
MD5:D66EB46E2A8AFA76A7EE691E4A828777 | SHA256:AFA350505BEA701DF8B6185D9FB4029CA616E665D5D43F77BC5D195410E43E18 | |||
2876 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |