File name: | 9892134317e1375c1bef7200b675854d.rtf |
Full analysis: | https://app.any.run/tasks/d4f7a9d0-528d-430d-9cbd-58b861144afa |
Verdict: | Malicious activity |
Analysis date: | May 24, 2019, 02:48:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, unknown character set |
MD5: | 9892134317E1375C1BEF7200B675854D |
SHA1: | 018939B2982B4BC8A50D91E39A1ED569266A486B |
SHA256: | CEC9252EFFD1FD99E7DB63C24DD1DCACA40DF5027FAA46E56081E52DAE96406D |
SSDEEP: | 1536:+rhwuzHlOQIZEr/YzpooU2mECSaTzaPECSbrcs6b4Tp6p7eacbmF0Fliy9GVdVle:+lwIipooDo3CBs6opMelVrVWKjWDBAvx |
.rtf | | | Rich Text Format (100) |
---|
Author: | Windows Óû§ |
---|---|
LastModifiedBy: | Windows Óû§ |
CreateDate: | 2019:04:16 18:26:00 |
ModifyDate: | 2019:04:16 18:26:00 |
RevisionNumber: | 2 |
TotalEditTime: | - |
Pages: | 1 |
Words: | 3 |
Characters: | 18 |
CharactersWithSpaces: | 20 |
InternalVersionNumber: | 49247 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1672 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\9892134317e1375c1bef7200b675854d.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3616 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
2900 | C:\Windows\system32\WerFault.exe -u -p 3616 -s 336 | C:\Windows\system32\WerFault.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Problem Reporting Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1672 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRFA1C.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2900 | WerFault.exe | C:\Users\admin\AppData\Local\Temp\WERAF6.tmp.WERInternalMetadata.xml | — | |
MD5:— | SHA256:— | |||
2900 | WerFault.exe | C:\Users\admin\AppData\Local\Temp\WERAF7.tmp.hdmp | — | |
MD5:— | SHA256:— | |||
2900 | WerFault.exe | C:\Users\admin\AppData\Local\Temp\WERBF2.tmp.mdmp | — | |
MD5:— | SHA256:— | |||
1672 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\copyfile.dll | executable | |
MD5:54FF120CF7D7074F5A4E35DC416EDB3D | SHA256:D5E1D8A7EE9E60A203C723BA21F24F345BB4AD92264FDB9C2983551CA20753B9 | |||
2900 | WerFault.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_EQNEDT32.EXE_4a46cad0181eeab2ca544a7e4c4fdc51adb1774_cab_0b460c9b\WERAF7.tmp.hdmp | dmp | |
MD5:47BA09EE674A616FB87DBF8F4B9DD922 | SHA256:99A4193099F7F26C3DFC80AB11B0A6E741D7D43542181C8D3B974F42E693100D | |||
2900 | WerFault.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_EQNEDT32.EXE_4a46cad0181eeab2ca544a7e4c4fdc51adb1774_cab_0b460c9b\WERBF2.tmp.mdmp | dmp | |
MD5:C73E93897EC1753C3FFB12569BA14700 | SHA256:BF649BC467E948867734BA735A5C9C00D8133A122CE392BB338EF0FCE54E7E5F | |||
2900 | WerFault.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_EQNEDT32.EXE_4a46cad0181eeab2ca544a7e4c4fdc51adb1774_cab_0b460c9b\WERAF6.tmp.WERInternalMetadata.xml | xml | |
MD5:1F65A97AA32566E40868AB9E5FFBBD8E | SHA256:999FD60CE4D78E7D8BC559EC809457E786EF3C2187FC9D31F293688321A2D182 | |||
2900 | WerFault.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportQueue\AppCrash_EQNEDT32.EXE_4a46cad0181eeab2ca544a7e4c4fdc51adb1774_cab_0b460c9b\Report.wer | binary | |
MD5:4F1823C272071252A2BE6700F3A29115 | SHA256:E01E4E564E9C688C697858912FECF093C1562A523820907E1E1A8599BDE873BD | |||
1672 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$92134317e1375c1bef7200b675854d.rtf | pgc | |
MD5:42AAEB660081D2980212424567BB2399 | SHA256:A500814032CA2F69F39907CA1D9C42431FEE3F1B05034CEA7602C8450D3CE346 |