Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 10, 2021, 8:18 a.m.	Nov. 10, 2021, 8:24 a.m.

Size	22.6KB
Type	Rich Text Format data, unknown version
MD5	`8a1a3caa1e0f138dc0d8016671682438`
SHA256	`dfd507a747aa49b13351f35e97dde23519e56fb017dc2c5c0b60c1923511763e`
CRC32	`8DBFDA28`
ssdeep	`384:pZc9Bxc7z4ArxxzXL36U6evkLndqi6kEPcRIJMQTXu6acKmll6:k/0z4A1xzXL36U6cilRIJLTnG`
Yara	Rich_Text_Format_Zero - Rich Text Format Signature Zero

WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\invoice_34567445556.wbk
2316

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtCreateFile Nov. 10, 2021, 8:18 a.m.	create_disposition: 5 (FILE_OVERWRITE_IF) file_handle: 0x00000490 filepath: C:\Users\test22\AppData\Local\Temp\~$voice_34567445556.wbk desired_access: 0x40100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$voice_34567445556.wbk create_options: 4194400 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 2 (FILE_CREATED) share_access: 0 ()	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 10, 2021, 8:18 a.m.	process_identifier: 2316 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x7ef70000 process_handle: 0xffffffff	1	0	0

filetype_details

Rich Text Format data, unknown version

filename

invoice_34567445556.wbk

DrWeb	Exploit.Rtf.Obfuscated.32
FireEye	Exploit.RTF-ObfsStrm.Gen
McAfee	RTFObfustream.e!8A1A3CAA1E0F
Sangfor	Malware.Generic-RTF.Save.c5a892ae
K7AntiVirus	Trojan ( 0057b3a91 )
K7GW	Trojan ( 0057b3a91 )
Cyren	RTF/CVE-2017-11882.R.gen!Camelot
Symantec	Bloodhound.RTF.20
ESET-NOD32	a variant of DOC/Abnormal.B
Cynet	Malicious (score: 99)
Kaspersky	UDS:DangerousObject.Multi.Generic
BitDefender	Exploit.RTF-ObfsStrm.Gen
NANO-Antivirus	Exploit.Rtf.Heuristic-rtf.dinbqn
MicroWorld-eScan	Exploit.RTF-ObfsStrm.Gen
Ad-Aware	Exploit.RTF-ObfsStrm.Gen
Sophos	Troj/RtfExp-EQ
TrendMicro	HEUR_RTFMALFORM
Emsisoft	Exploit.RTF-ObfsStrm.Gen (B)
Ikarus	Exploit.CVE-2017-11882
Avira	HEUR/Rtf.Malformed
Antiy-AVL	Trojan/Generic.ASDOH.22A
Arcabit	Exploit.RTF-ObfsStrm.Gen
ZoneAlarm	HEUR:Exploit.MSOffice.Generic
GData	Exploit.RTF-ObfsStrm.Gen
AhnLab-V3	RTF/Malform-A.Gen
TACHYON	Trojan-Exploit/RTF.CVE-2017-11882
MAX	malware (ai score=86)
Fortinet	RTF/GenericKD.47107450!tr

invoice_34567445556.wbk