Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Dec. 1, 2023, 12:59 p.m. | Dec. 1, 2023, 1:02 p.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\wealthzx.doc
1836
Name | Response | Post-Analysis Lookup |
---|---|---|
fresh1.ironoreprod.top | 172.67.166.168 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
UDP 192.168.56.103:52760 -> 164.124.101.2:53 | 2023883 | ET DNS Query to a *.top domain - Likely Hostile | Potentially Bad Traffic |
TCP 192.168.56.103:49162 -> 104.21.16.60:80 | 2022896 | ET HUNTING SUSPICIOUS Firesale gTLD EXE DL with no Referer June 13 2016 | A Network Trojan was detected |
TCP 192.168.56.103:49162 -> 104.21.16.60:80 | 2023882 | ET INFO HTTP Request to a *.top domain | Potentially Bad Traffic |
TCP 104.21.16.60:80 -> 192.168.56.103:49162 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
TCP 104.21.16.60:80 -> 192.168.56.103:49162 | 2023464 | ET HUNTING Possible EXE Download From Suspicious TLD | Misc activity |
Suricata TLS
No Suricata TLS
request | GET http://fresh1.ironoreprod.top/_errorpages/wealthzx.exe |
file | C:\Users\test22\AppData\Local\Temp\~$althzx.doc |
Lionic | Trojan.MSOffice.ObfsObjDat.3!c |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
ALYac | Exploit.RTF-ObfsObjDat.Gen |
VIPRE | Exploit.RTF-ObfsObjDat.Gen |
Sangfor | Exploit.Generic-Doc.Save.74c7ccbf |
Arcabit | Exploit.RTF-ObfsObjDat.Gen |
Symantec | Exp.CVE-2017-11882!g5 |
ESET-NOD32 | multiple detections |
Avast | RTF:Obfuscated-gen [Trj] |
Cynet | Malicious (score: 99) |
Kaspersky | HEUR:Exploit.MSOffice.CVE-2018-0802.gen |
BitDefender | Exploit.RTF-ObfsObjDat.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsObjDat.Gen |
Rising | Exploit.Generic!1.EB5C (CLASSIC) |
Emsisoft | Exploit.RTF-ObfsObjDat.Gen (B) |
F-Secure | Trojan.TR/AVI.PWS.Agent.bzfqa |
DrWeb | Exploit.CVE-2018-0798.4 |
TrendMicro | HEUR_RTFMALFORM |
FireEye | Exploit.RTF-ObfsObjDat.Gen |
Detected | |
Avira | TR/AVI.PWS.Agent.bzfqa |
Microsoft | Trojan:Script/Phonzy.B!ml |
ZoneAlarm | HEUR:Exploit.MSOffice.CVE-2018-0802.gen |
GData | Exploit.RTF-ObfsObjDat.Gen |
AhnLab-V3 | OLE/Cve-2018-0798.Gen |
McAfee | RTFObfustream.c!5BB5392FF71E |
MAX | malware (ai score=87) |
Zoner | Probably Heur.RTFBadHeader |
Ikarus | Exploit.CVE-2017-11882 |
Fortinet | MSOffice/CVE_2018_0798.BOR!exploit |
AVG | RTF:Obfuscated-gen [Trj] |