Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6402 | Sept. 7, 2023, 5:52 p.m. | Sept. 7, 2023, 5:54 p.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\obizx.doc
3036
Name | Response | Post-Analysis Lookup |
---|---|---|
cp5ua.hyperhost.ua | 91.235.128.141 | |
api.ipify.org |
CNAME
api4.ipify.org
|
104.237.62.212 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.102:49170 91.235.128.141:587 |
C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA | CN=*.hyperhost.ua | 31:5a:b5:30:54:87:eb:3f:d4:42:69:f9:97:6e:d8:03:c6:5d:32:c0 |
domain | api.ipify.org |
file | C:\Users\test22\AppData\Local\Temp\~$obizx.doc |
filetype_details | Rich Text Format data, version 1, unknown character set | filename | obizx.doc |
host | 185.28.39.17 |
FireEye | Exploit.RTF-ObfsObjDat.Gen |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
McAfee | RTFObfustream.c!5C2B9063897B |
Sangfor | Malware.Generic-RTF.Save.99345c7c |
Arcabit | Exploit.RTF-ObfsObjDat.Gen |
Cyren | RTF/CVE-2017-11882.U.gen!Camelot |
Symantec | Bloodhound.RTF.20 |
Cynet | Malicious (score: 99) |
Kaspersky | HEUR:Exploit.MSOffice.CVE-2018-0802.gen |
BitDefender | Exploit.RTF-ObfsObjDat.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsObjDat.Gen |
Sophos | Troj/RTFDl-CKM |
F-Secure | Heuristic.HEUR/Rtf.Malformed |
DrWeb | Exploit.CVE-2018-0798.4 |
VIPRE | Exploit.RTF-ObfsObjDat.Gen |
TrendMicro | HEUR_RTFMALFORM |
Emsisoft | Exploit.RTF-ObfsObjDat.Gen (B) |
Ikarus | Exploit.RTF.Doc |
Avira | HEUR/Rtf.Malformed |
ZoneAlarm | HEUR:Exploit.MSOffice.CVE-2018-0802.gen |
GData | Exploit.RTF-ObfsObjDat.Gen |
Detected | |
AhnLab-V3 | OLE/Cve-2018-0798.Gen |
ALYac | Exploit.RTF-ObfsObjDat.Gen |
Zoner | Probably Heur.RTFObfuscation |
Rising | Exploit.CVE-2017-11882!1.E8F8 (CLASSIC) |
MAX | malware (ai score=88) |
Fortinet | MSOffice/CVE_2018_0798.BOR!exploit |