File name: | naal.doc |
Full analysis: | https://app.any.run/tasks/db5442d5-89fb-45cb-a4c3-d5325ecb888a |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 14:07:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/rtf |
File info: | Rich Text Format data, unknown version |
MD5: | 14B5872AFB373C5F910D04E3A0797BB5 |
SHA1: | 67F01DB2D2220934036B1B615600DFA519398986 |
SHA256: | EAA13A5A265DA18E113CA1BB190FD9F1F585B1BF943DB22315ED14D25887745D |
SSDEEP: | 1536:lv7XvTxtRS1k9n3DmqvVBxpn31q2hWncjrOfi65PCHLL9jJFvjbNPe/fJODAgHGl:N7IkPnvVFB32VS5oVrWUxbFIO |
.rtf | | | Rich Text Format (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2792 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\naal.doc.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3288 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2792 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR49F6.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2792 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$al.doc.rtf | pgc | |
MD5:7A1E723B33B98C7368F8A44BE711D51C | SHA256:66042243469CC705A677F938B4B286E10D7CBF23DBBDE95F47128AEC3BD7F52B | |||
2792 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:CB0890A34CBD6E1BE368D4CBC9212F34 | SHA256:2913ED40B1A05DF7601B950AD1775A6BF15ABDA50CC4217E265085D78674A255 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3288 | EQNEDT32.EXE | GET | 404 | 173.254.28.161:80 | http://www.mozambiquecomputers.com/naal.exe | US | html | 292 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3288 | EQNEDT32.EXE | 173.254.28.161:80 | www.mozambiquecomputers.com | Unified Layer | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.mozambiquecomputers.com |
| malicious |