File name: | d81afd01caa25aad448ccd3677a728a504fc5c00ea607ecb007fd66d5a5c144d |
Full analysis: | https://app.any.run/tasks/cf64cc47-de98-48d8-b1e6-f557dae23854 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2019, 20:21:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/plain |
File info: | ASCII text, with very long lines, with CRLF line terminators |
MD5: | 602F7A5D4EA7D86303C56536ADCA0111 |
SHA1: | CC365A4D05C3273717F29A9A8C9421BEF7F36A09 |
SHA256: | D81AFD01CAA25AAD448CCD3677A728A504FC5C00EA607ECB007FD66D5A5C144D |
SSDEEP: | 384:/NNNNNNNNNNLNF4v27YguE4x5+VsTM79tttttttttMAVGV:VihguE4WsI7sAo |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1584 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\d81afd01caa25aad448ccd3677a728a504fc5c00ea607ecb007fd66d5a5c144d | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1800 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\d81afd01caa25aad448ccd3677a728a504fc5c00ea607ecb007fd66d5a5c144d" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | rundll32.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2832 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
2432 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
2648 | cmd.exe /c%tmp%\test.exe AC | C:\Windows\system32\cmd.exe | — | EQNEDT32.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1780 | C:\Users\admin\AppData\Local\Temp\test.exe AC | C:\Users\admin\AppData\Local\Temp\test.exe | — | cmd.exe |
User: admin Integrity Level: MEDIUM Version: 1.00 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1800 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRBF34.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1800 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DD66F1B0-EEBA-459E-9D0E-0995773DADFC}.tmp | — | |
MD5:— | SHA256:— | |||
1800 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$1afd01caa25aad448ccd3677a728a504fc5c00ea607ecb007fd66d5a5c144d | pgc | |
MD5:4DBF1316457DAC52C536192660BF73ED | SHA256:7EBB093ED336407C394EF4495950AC8325713236F49BA7609C6BB7F4BE74C7D3 | |||
1800 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:E1263FB78C58B7DB7E413CA2CD16DDFA | SHA256:FC8EB7CF454401EB19A7F1FB98DFB8CE969A8E1BC09E8D01FAEBBBDA70E1970A | |||
1800 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\test.exe | executable | |
MD5:A386AFA06CEB88C4A94F160F4E4A13DC | SHA256:B7F3D7D5DCFCC5AF0A0A2D7B195D5EBC864F7CDAE4C743E7E53C6505B4505099 |