File name: | Documents.rtf |
Full analysis: | https://app.any.run/tasks/7ad28707-c37f-44d7-ba1b-14adc2bee353 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2019, 20:18:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, unknown character set |
MD5: | 6D55252FAD0207756C671DE8D5F97E7F |
SHA1: | 152433EBA1D86F3EA6325A1060B84BD032747B78 |
SHA256: | F2088110972BC3D8A1360181BE9317E351252507F5C64BDF370DAEC062706788 |
SSDEEP: | 1536:mI9STt1jtHv9YlR7lByie1ehegeeflLf3QrBukRs3gMSVOdWY+oa6FRIxPILSQWY:mINhQamxgLSQWnY |
.rtf | | | Rich Text Format (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
460 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Documents.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
460 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRDB6B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
460 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$cuments.rtf | pgc | |
MD5:FA85FBCBF1CD24B23D976FDAE294C6F4 | SHA256:F2EB225ADD4C80C970C6646DF10192502665CE31B18E5079461A0DB2AC8CDF6A | |||
460 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Abctfhghghghghg.scT | html | |
MD5:B62459AF8F85A3B1BA36507ADB6B5798 | SHA256:EA9FB6BAADEC30FC77B90F1AF84467922B3FBABC73EFF08B732CA4FF44EE8500 | |||
460 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:F5743C90D1A676FAE81742B0CF2FDF3F | SHA256:F4E39BE12C32DD01520D4D30C3D5B834E87CD3F96667AA40FA6B99FA66DDB625 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
460 | WINWORD.EXE | 45.77.239.169:80 | — | — | US | suspicious |