Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 13, 2021, 1:17 p.m.	July 13, 2021, 1:20 p.m.

Size	643.8KB
Type	Microsoft Word 2007+
MD5	`2c171622a19a378ea51d08748c70eb59`
SHA256	`c1923226d58186c7e0735e058be80022a57e7e819e1e41b4c6e03065252be11f`
CRC32	`C9D4EB40`
ssdeep	`12288:t4lEug1Rp7WzxW+T0y5T9r1+2Y2fB/8xjygh8Hf:t4l8fGnIy3r1R1/pghu`
Yara	None matched

WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" "C:\Users\test22\AppData\Local\Temp\FBR Circular.docx"
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory July 13, 2021, 1:17 p.m.	process_identifier: 2552 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 0 length: 4096 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x6a204000 process_handle: 0xffffffff	1	0	0

file	C:\Users\test22\AppData\Local\Temp\~$R Circular.docx

Time & API	Arguments	Status	Return	Repeated
NtCreateFile July 13, 2021, 1:17 p.m.	create_disposition: 5 (FILE_OVERWRITE_IF) file_handle: 0x00000414 filepath: C:\Users\test22\AppData\Local\Temp\~$R Circular.docx desired_access: 0x40100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$R Circular.docx create_options: 4194400 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 2 (FILE_CREATED) share_access: 0 ()	1	0	0

DrWeb	Trojan.DownLoader40.31702
ALYac	Trojan.Downloader.DOC.Gen
Alibaba	TrojanDownloader:Office/Generic.9fe1849e
Arcabit	Exploit.OLE.Gen.1
Cyren	Trojan.OPRY-5
Symantec	Trojan.Gen.NPE
ESET-NOD32	DOC/TrojanDropper.Agent.VF
TrendMicro-HouseCall	TROJ_FRS.VSNW0BG21
Avast	Other:Malware-gen [Trj]
Cynet	Malicious (score: 99)
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Exploit.OLE.Gen.1
NANO-Antivirus	Trojan.Script.Vbs-heuristic.druvzi
ViRobot	DOC.Z.Agent.659241
MicroWorld-eScan	Exploit.OLE.Gen.1
Ad-Aware	Exploit.OLE.Gen.1
Emsisoft	Exploit.OLE.Gen.1 (B)
TrendMicro	TROJ_FRS.VSNW0BG21
McAfee-GW-Edition	RDN/Generic Downloader.x
FireEye	Exploit.OLE.Gen.1
GData	Exploit.OLE.Gen.1
Avira	TR/Dldr.Script.fhdip
MAX	malware (ai score=84)
Microsoft	Trojan:Script/Wacatac.B!ml
McAfee	RDN/Generic Downloader.x
Rising	Downloader.Agent/VBS!1.A537 (CLASSIC)
Ikarus	Exploit.OLE
Fortinet	VBS/Agent.VRO!tr.dldr
AVG	Other:Malware-gen [Trj]
Panda	JS/Psyme.gen
Qihoo-360	virus.vbs.down.d

FBR Circular.docx