File name: | c67625e2b5e2f01b74e854c0c1fdf0b3b4733885475fe35b80a5f4bca13eccc7 |
Full analysis: | https://app.any.run/tasks/724fb55d-70b1-4354-a80e-37bac4ade134 |
Verdict: | Malicious activity |
Analysis date: | April 23, 2019, 16:46:59 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, unknown character set |
MD5: | 392F48D32DE4CAC9949AB7ECAB393BA8 |
SHA1: | 5F197C15BBDDCF2F77583F95BDC7E95415FC43A3 |
SHA256: | C67625E2B5E2F01B74E854C0C1FDF0B3B4733885475FE35B80A5F4BCA13ECCC7 |
SSDEEP: | 6144:kxn00V3hR1lSu1jFtaCaQqvtqabYsUxMlFewIBArfWsrNbfUD/T1/D8pRwDipwgk:q00V3nLBZtUvzwaFeWD5zU14g+eia |
.rtf | | | Rich Text Format (100) |
---|
Author: | admin |
---|---|
LastModifiedBy: | admin |
CreateDate: | 2017:12:07 20:30:00 |
ModifyDate: | 2017:12:08 00:50:00 |
RevisionNumber: | 7 |
TotalEditTime: | 23 minutes |
Pages: | 1 |
Words: | 36 |
Characters: | 338 |
CharactersWithSpaces: | 373 |
InternalVersionNumber: | 32859 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2556 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\c67625e2b5e2f01b74e854c0c1fdf0b3b4733885475fe35b80a5f4bca13eccc7.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3856 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | — | svchost.exe |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
2656 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | EQNEDT32.EXE | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
3116 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | — | svchost.exe |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
2088 | "C:\Users\admin\AppData\Roaming\spoolsv.exe" | C:\Users\admin\AppData\Roaming\spoolsv.exe | EQNEDT32.EXE | |
User: admin Company: McAfee, Inc. Integrity Level: MEDIUM Description: VirusScan On-Demand Scan Task Properties Exit code: 13184 Version: 8.8.0.777 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR63DC.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\8.t | binary | |
MD5:F7D40E91F08FB07FC008D087E62F7B70 | SHA256:0F15862F36807E5EAA9B2C56D525B3089A8995BAD7BB19A31532536890963F65 | |||
2656 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\spoolsv.exe | executable | |
MD5:EA5BCFFA797A96C70BD3ACC79482923C | SHA256:CBC8796A1604FAAF9B35185D3D4E53A55AE6C5BD8A038CAB36F07B6065980100 | |||
2556 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$7625e2b5e2f01b74e854c0c1fdf0b3b4733885475fe35b80a5f4bca13eccc7.rtf | pgc | |
MD5:3171EF23C661EE5F2F1A19D2A372910B | SHA256:A8C106B520A703CE9EEAB21671CE1C977B085BDAD1DF3A2A1AE9EE981814F571 | |||
2556 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:03F75A861CC10AD1C3318BEB891B725B | SHA256:7EBE4AE513B230A4E93B55D5C5B1A8281E935A6A42B38FA33B58EA5B73980E58 | |||
2656 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\vsodscpl.dll | executable | |
MD5:71CDBA3859CA8BD03C1E996A790C04F9 | SHA256:B9F0C34F879658596A99A263C0C94D0AEA6C6459BD6FCDC3276D2D4DFA48C633 | |||
2656 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\vsodscpl | binary | |
MD5:E025045A269FC1EB78DD31B04535B8D4 | SHA256:FA68052746D58BB104BDFA5E1C3CCDB847D23C3963CE744A025ED3F0CCBC1733 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 172.217.22.14:80 | — | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
cloud.yootypes.com |
| unknown |