Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | March 13, 2023, 5:44 p.m. | March 13, 2023, 5:50 p.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\hm...............................hm..................doc
800
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
143.42.136.20 | Active | Moloch |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49162 -> 143.42.136.20:80 | 2016141 | ET INFO Executable Download from dotted-quad Host | A Network Trojan was detected |
TCP 192.168.56.103:49162 -> 143.42.136.20:80 | 2019714 | ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://143.42.136.20/2707/vbc.exe |
request | GET http://143.42.136.20/2707/vbc.exe |
file | C:\Users\test22\AppData\Local\Temp\~$...............................hm..................doc |
filetype_details | Rich Text Format data, version 1, unknown character set | filename | hm...............................hm..................doc |
host | 143.42.136.20 |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
McAfee | RTFObfustream.c!A0FDF8E29445 |
VIPRE | Exploit.RTF-ObfsStrm.Gen |
Arcabit | Exploit.RTF-ObfsStrm.Gen |
Cyren | RTF/CVE-2017-11882.T.gen!Camelot |
Symantec | Exp.CVE-2017-11882!g2 |
ESET-NOD32 | multiple detections |
Avast | Other:Malware-gen [Trj] |
Cynet | Malicious (score: 99) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Exploit.RTF-ObfsStrm.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsStrm.Gen |
Tencent | Exp.Ole.CVE-2017-11882.a |
Sophos | Troj/RtfExp-EQ |
DrWeb | Exploit.ShellCode.69 |
TrendMicro | HEUR_RTFMALFORM |
McAfee-GW-Edition | BehavesLike.Trojan.mv |
FireEye | Exploit.RTF-ObfsStrm.Gen |
Emsisoft | Exploit.RTF-ObfsStrm.Gen (B) |
Avira | EXP/YAV.Minerva.jbhpj |
MAX | malware (ai score=85) |
Antiy-AVL | Trojan[Exploit]/OLE.CVE-2017-11882 |
Microsoft | Exploit:O97M/CVE-2017-11882.SZS!MTB |
ZoneAlarm | HEUR:Exploit.MSOffice.Generic |
GData | Exploit.RTF-ObfsStrm.Gen |
Detected | |
AhnLab-V3 | RTF/Malform-A.Gen |
TACHYON | Trojan-Exploit/RTF.CVE-2017-11882 |
Zoner | Probably Heur.RTFObfuscation |
Ikarus | Exploit.CVE-2017-11882 |
Fortinet | MSOffice/CVE_2017_11882.B!exploit |
AVG | Other:Malware-gen [Trj] |