Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | May 12, 2023, 5:57 p.m. | May 12, 2023, 6:01 p.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\QQQ%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23QQQQ.doc
1508
Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://84.54.50.156/200/vbc.exe | ||||||
suspicious_features | POST method with no referer header, HTTP version 1.0 used, Connection to IP address | suspicious_request | POST http://171.22.30.164/mancho/five/fre.php |
request | GET http://84.54.50.156/200/vbc.exe |
request | POST http://171.22.30.164/mancho/five/fre.php |
request | POST http://171.22.30.164/mancho/five/fre.php |
file | C:\Users\test22\AppData\Local\Temp\~$Q#################################QQQQ.doc |
filetype_details | Rich Text Format data, version 1, unknown character set | filename | QQQ%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23QQQQ.doc |
host | 171.22.30.164 | |||
host | 84.54.50.156 |
DrWeb | Exploit.ShellCode.69 |
FireEye | Exploit.RTF-ObfsStrm.Gen |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
McAfee | Exploit-CVE2017-11882.z |
VIPRE | Exploit.RTF-ObfsStrm.Gen |
Arcabit | Exploit.RTF-ObfsStrm.Gen |
Cyren | CVE-2017-11882.C.gen!Camelot |
ESET-NOD32 | Win32/Exploit.CVE-2017-0199.EX |
Cynet | Malicious (score: 99) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Exploit.RTF-ObfsStrm.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsStrm.Gen |
Emsisoft | Exploit.RTF-ObfsStrm.Gen (B) |
F-Secure | Heuristic.HEUR/Rtf.Malformed |
TrendMicro | HEUR_RTFMALFORM |
McAfee-GW-Edition | Exploit-CVE2017-11882.z |
Sophos | Troj/RtfExp-EQ |
Avira | HEUR/Rtf.Malformed |
MAX | malware (ai score=83) |
Antiy-AVL | Trojan[Exploit]/OLE.CVE-2017-11882 |
ZoneAlarm | HEUR:Exploit.MSOffice.Generic |
GData | Exploit.RTF-ObfsStrm.Gen |
Detected | |
AhnLab-V3 | RTF/Malform-A.Gen |
Zoner | Probably Heur.RTFObfuscation |
Tencent | Exp.Ole.CVE-2017-11882.a |
Ikarus | Exploit.CVE-2017-11882 |
Fortinet | MSOffice/CVE_2017_11882.B!exploit |