Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Oct. 25, 2023, 10:56 a.m. | Oct. 25, 2023, 10:58 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\HTMLprofile.doc
1372
IP Address | Status | Action |
---|---|---|
141.98.6.91 | Active | Moloch |
142.250.199.67 | Active | Moloch |
142.250.199.68 | Active | Moloch |
142.250.204.35 | Active | Moloch |
142.250.206.195 | Active | Moloch |
142.250.206.234 | Active | Moloch |
142.250.206.238 | Active | Moloch |
142.250.207.106 | Active | Moloch |
142.250.76.131 | Active | Moloch |
142.251.220.109 | Active | Moloch |
142.251.220.110 | Active | Moloch |
142.251.220.46 | Active | Moloch |
164.124.101.2 | Active | Moloch |
172.217.161.225 | Active | Moloch |
172.217.24.67 | Active | Moloch |
172.217.24.68 | Active | Moloch |
172.217.25.1 | Active | Moloch |
172.217.25.174 | Active | Moloch |
172.217.25.3 | Active | Moloch |
211.114.64.12 | Active | Moloch |
34.104.35.123 | Active | Moloch |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49169 142.250.204.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=upload.video.google.com | 87:bd:c2:71:54:40:3f:f2:18:79:1a:89:f5:e9:bc:63:e5:ec:57:64 |
TLS 1.2 192.168.56.103:49168 142.250.204.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=upload.video.google.com | 87:bd:c2:71:54:40:3f:f2:18:79:1a:89:f5:e9:bc:63:e5:ec:57:64 |
TLS 1.3 192.168.56.103:49183 172.217.25.3:443 |
None | None | None |
TLS 1.3 192.168.56.103:49182 172.217.24.68:443 |
None | None | None |
TLS 1.3 192.168.56.103:49185 142.251.220.110:443 |
None | None | None |
TLS 1.3 192.168.56.103:49186 142.250.199.67:443 |
None | None | None |
TLS 1.3 192.168.56.103:49187 142.250.199.68:443 |
None | None | None |
TLS 1.3 192.168.56.103:49191 211.114.64.12:443 |
None | None | None |
TLS 1.3 192.168.56.103:49192 172.217.24.67:443 |
None | None | None |
UNDETERMINED 192.168.56.103:49193 172.217.24.67:443 |
None | None | None |
TLS 1.3 192.168.56.103:49196 142.251.220.46:443 |
None | None | None |
TLS 1.3 192.168.56.103:49197 172.217.25.1:443 |
None | None | None |
UNDETERMINED 192.168.56.103:49194 172.217.24.67:443 |
None | None | None |
TLS 1.2 192.168.56.103:49195 142.250.204.35:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1C3 | CN=upload.video.google.com | 87:bd:c2:71:54:40:3f:f2:18:79:1a:89:f5:e9:bc:63:e5:ec:57:64 |
TLS 1.3 192.168.56.103:49203 142.250.206.238:443 |
None | None | None |
TLS 1.3 192.168.56.103:49204 172.217.25.174:443 |
None | None | None |
TLS 1.3 192.168.56.103:49205 142.250.206.234:443 |
None | None | None |
TLS 1.3 192.168.56.103:49201 8.8.4.4:443 |
None | None | None |
TLS 1.3 192.168.56.103:49200 8.8.8.8:443 |
None | None | None |
TLS 1.3 192.168.56.103:49207 142.250.76.131:443 |
None | None | None |
TLS 1.3 192.168.56.103:49202 142.250.207.106:443 |
None | None | None |
TLS 1.3 192.168.56.103:49190 142.251.220.109:443 |
None | None | None |
TLS 1.3 192.168.56.103:49199 8.8.4.4:443 |
None | None | None |
UNDETERMINED 192.168.56.103:49189 142.250.199.68:443 |
None | None | None |
UNDETERMINED 192.168.56.103:49188 142.250.199.68:443 |
None | None | None |
suspicious_features | Connection to IP address | suspicious_request | GET http://141.98.6.91/72/Audiodgse.exe | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2 | ||||||
suspicious_features | POST method with no referer header | suspicious_request | POST https://update.googleapis.com/service/update2?cup2key=11:ucciJXz2DRnbg3OLFhEKLNT1Ho4HCaExqeDsDp12_7M&cup2hreq=8650510305d18db3aa4a81c1579e660f081ba8e1c5014aaf087a8fc498361059 |
request | GET http://141.98.6.91/72/Audiodgse.exe |
request | HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome/czao2hrvpk5wgqrkz4kks5r734_109.0.5414.120/109.0.5414.120_chrome_installer.exe |
request | GET http://edgedl.me.gvt1.com/edgedl/release2/chrome/czao2hrvpk5wgqrkz4kks5r734_109.0.5414.120/109.0.5414.120_chrome_installer.exe |
request | HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3 |
request | GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3 |
request | HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adnh37obenwknkqmvhcw72i7qsia_417/lmelglejhemejginpboagddgdfbepgmp_417_all_ZZ_kqkdtq7va5rvur2kfj67x5s2gi.crx3 |
request | GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adnh37obenwknkqmvhcw72i7qsia_417/lmelglejhemejginpboagddgdfbepgmp_417_all_ZZ_kqkdtq7va5rvur2kfj67x5s2gi.crx3 |
request | HEAD http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwcdm4bj7lx4xbm2ireywxlhvca_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3 |
request | GET http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwcdm4bj7lx4xbm2ireywxlhvca_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3 |
request | POST https://update.googleapis.com/service/update2 |
request | POST https://update.googleapis.com/service/update2?cup2key=11:ucciJXz2DRnbg3OLFhEKLNT1Ho4HCaExqeDsDp12_7M&cup2hreq=8650510305d18db3aa4a81c1579e660f081ba8e1c5014aaf087a8fc498361059 |
request | POST https://update.googleapis.com/service/update2 |
request | POST https://update.googleapis.com/service/update2?cup2key=11:ucciJXz2DRnbg3OLFhEKLNT1Ho4HCaExqeDsDp12_7M&cup2hreq=8650510305d18db3aa4a81c1579e660f081ba8e1c5014aaf087a8fc498361059 |
file | C:\Users\test22\AppData\Local\Temp\~$MLprofile.doc |
host | 141.98.6.91 | |||
host | 142.250.199.67 | |||
host | 142.250.204.35 | |||
host | 142.250.206.195 | |||
host | 142.250.206.234 | |||
host | 142.250.206.238 | |||
host | 142.250.207.106 | |||
host | 142.250.76.131 | |||
host | 142.251.220.110 | |||
host | 172.217.161.225 | |||
host | 172.217.25.174 |
MicroWorld-eScan | Exploit.RTF-ObfsObjDat.Gen |
FireEye | Exploit.RTF-ObfsObjDat.Gen |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
ALYac | Exploit.RTF-ObfsObjDat.Gen |
VIPRE | Exploit.RTF-ObfsObjDat.Gen |
Sangfor | Malware.Generic-RTF.Save.4aa2c45b |
Symantec | Bloodhound.RTF.20 |
ESET-NOD32 | multiple detections |
Cynet | Malicious (score: 99) |
Kaspersky | HEUR:Exploit.MSOffice.CVE-2018-0802.gen |
BitDefender | Exploit.RTF-ObfsObjDat.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
Rising | Exploit.CVE-2017-11882!1.E8F8 (CLASSIC) |
Emsisoft | Exploit.RTF-ObfsObjDat.Gen (B) |
F-Secure | Heuristic.HEUR/Rtf.Malformed |
DrWeb | Exploit.CVE-2018-0798.4 |
TrendMicro | HEUR_RTFMALFORM |
Ikarus | Exploit.RTF.Doc |
GData | Exploit.RTF-ObfsObjDat.Gen |
Avira | HEUR/Rtf.Malformed |
Arcabit | Exploit.RTF-ObfsObjDat.Gen |
ZoneAlarm | HEUR:Exploit.MSOffice.CVE-2018-0802.gen |
Microsoft | Exploit:Win32/CVE-2017-11882!ml |
Detected | |
AhnLab-V3 | RTF/Malform-A.Gen |
MAX | malware (ai score=88) |
Zoner | Probably Heur.RTFBadHeader |
Fortinet | MSOffice/CVE_2018_0798.BOR!exploit |