Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | May 14, 2021, 6:09 p.m. | May 14, 2021, 6:11 p.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\1.doc
112
Name | Response | Post-Analysis Lookup |
---|---|---|
facextrade.com.br | 187.45.240.69 | |
nyc008.hawkhost.com | 172.96.187.2 |
Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | GET method with no useragent header | suspicious_request | GET http://facextrade.com.br/0C.txt | ||||||
suspicious_features | GET method with no useragent header | suspicious_request | GET http://facextrade.com.br/0A.txt |
request | GET http://facextrade.com.br/z.mp3 |
request | GET http://facextrade.com.br/0C.txt |
request | GET http://facextrade.com.br/0A.txt |
file | C:\Users\test22\AppData\Local\Temp\~$1.doc |
FireEye | VB.Heur.Chronos.7.3D17CC43.Gen |
Alibaba | TrojanDownloader:VBA/Obfuscation.A |
Arcabit | HEUR.VBA.Trojan.d |
Symantec | CL.Downloader!gen87 |
ESET-NOD32 | a variant of Generik.LEIKKZW |
Kaspersky | HEUR:Trojan-Downloader.Script.Generic |
BitDefender | VB.Heur.Chronos.7.3D17CC43.Gen |
NANO-Antivirus | Trojan.Ole2.Vbs-heuristic.druvzi |
TACHYON | Suspicious/WOX.Obfus.Gen.8 |
Emsisoft | VB.Heur.Chronos.7.3D17CC43.Gen (B) |
McAfee-GW-Edition | BehavesLike.Downloader.cc |
AegisLab | Trojan.Script.Generic.a!c |
ZoneAlarm | HEUR:Trojan-Downloader.Script.Generic |
GData | VB.Heur.Chronos.7.3D17CC43.Gen (12x) |
MAX | malware (ai score=82) |
Fortinet | VBA/Chronos.3D17!tr |