Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Jan. 25, 2024, 10:19 a.m. | Jan. 25, 2024, 10:28 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\microsoftdecentipdationinstalledonpcfortestthesecuritycheckingfromtheentireprocess.doC
880
Name | Response | Post-Analysis Lookup |
---|---|---|
mail.telefoonreparatiebovenkarspel.nl | 185.94.230.135 | |
api.ipify.org |
CNAME
api4.ipify.org
|
104.237.62.211 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49169 185.94.230.135:587 |
C=US, ST=TX, L=Houston, O=cPanel, Inc., CN=cPanel, Inc. Certification Authority | CN=telefoonreparatiebovenkarspel.nl | ef:a6:6b:fb:17:ca:0d:c4:ca:6f:8a:f9:97:b8:9a:8c:0e:8e:8d:95 |
suspicious_features | Connection to IP address | suspicious_request | GET http://107.172.4.162/2509/conhost.exe |
request | GET http://107.172.4.162/2509/conhost.exe |
domain | api.ipify.org |
file | C:\Users\test22\AppData\Local\Temp\~$crosoftdecentipdationinstalledonpcfortestthesecuritycheckingfromtheentireprocess.doC |
host | 107.172.4.162 |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
Skyhigh | Exploit-CVE2017-11882.z |
VIPRE | Exploit.RTF-ObfsStrm.Gen |
Sangfor | Malware.Generic-RTF.Save.7ed0c0ab |
Arcabit | Exploit.RTF-ObfsStrm.Gen |
Symantec | Exp.CVE-2017-11882!g2 |
ESET-NOD32 | multiple detections |
McAfee | Exploit-CVE2017-11882.z |
Avast | OLE:CVE-2017-11882 [Expl] |
Cynet | Malicious (score: 99) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Exploit.RTF-ObfsStrm.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsStrm.Gen |
Emsisoft | Exploit.RTF-ObfsStrm.Gen (B) |
F-Secure | Heuristic.HEUR/Rtf.Malformed |
DrWeb | Exploit.ShellCode.69 |
TrendMicro | HEUR_RTFMALFORM |
FireEye | Exploit.RTF-ObfsStrm.Gen |
Sophos | Troj/RtfExp-EQ |
Ikarus | Exploit.CVE-2017-11882 |
Detected | |
Avira | HEUR/Rtf.Malformed |
Antiy-AVL | Trojan[Exploit]/OLE2.CVE-2017-11882 |
ZoneAlarm | HEUR:Exploit.MSOffice.Generic |
GData | Exploit.RTF-ObfsStrm.Gen |
Varist | CVE-2017-11882.E.gen!Camelot |
AhnLab-V3 | RTF/Malform-A.Gen |
Zoner | Probably Heur.RTFBadHeader |
Tencent | Exp.Office.CVE-2017-11882.a |
MAX | malware (ai score=89) |
Fortinet | MSOffice/CVE_2017_11882.B!exploit |
AVG | OLE:CVE-2017-11882 [Expl] |