Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | May 29, 2024, 10 a.m. | May 29, 2024, 10:02 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\lioniskingandtigerisalsotryingforkingbutdifferentistheattitudeofthistwoanimalaredifferentlionsisalwaysalionitsucantcomparewith__anyotherbecauselionbeauty.doc
1676
Name | Response | Post-Analysis Lookup |
---|---|---|
ecogasoline.com.pk | 148.66.139.57 | |
api.ipify.org | 104.26.12.205 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLS 1.2 192.168.56.103:49167 172.67.74.152:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=ipify.org | d7:26:8f:42:ea:20:0d:40:ec:e2:9c:42:dd:94:45:64:2a:b8:c6:ce |
suspicious_features | Connection to IP address | suspicious_request | GET http://192.227.225.180/1020/csrss.exe |
request | GET http://192.227.225.180/1020/csrss.exe |
request | GET http://ecogasoline.com.pk/doc0098.exe |
request | GET https://api.ipify.org/ |
domain | api.ipify.org |
file | C:\Users\test22\AppData\Local\Temp\~$oniskingandtigerisalsotryingforkingbutdifferentistheattitudeofthistwoanimalaredifferentlionsisalwaysalionitsucantcomparewith__anyotherbecauselionbeauty.doc |
host | 192.227.225.180 |
Cynet | Malicious (score: 99) |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
Skyhigh | BehavesLike.Trojan.nx |
ALYac | Exploit.RTF-ObfsObjDat.Gen |
VIPRE | Exploit.RTF-ObfsObjDat.Gen |
Sangfor | Malware.Generic-RTF.Save.4aa2c45b |
Symantec | Bloodhound.RTF.20 |
ESET-NOD32 | multiple detections |
McAfee | RTFObfustream.c!313F69E46A9D |
Avast | OLE:CVE-2017-11882 [Expl] |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Exploit.RTF-ObfsObjDat.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsObjDat.Gen |
Rising | Exploit.Generic!1.EB5C (CLASSIC) |
Emsisoft | Exploit.RTF-ObfsObjDat.Gen (B) |
F-Secure | Heuristic.HEUR/Rtf.Malformed |
DrWeb | Exploit.CVE-2017-11882.123 |
TrendMicro | HEUR_RTFMALFORM |
FireEye | Exploit.RTF-ObfsObjDat.Gen |
Sophos | Troj/RtfExp-EQ |
Ikarus | Exploit.CVE-2017-11882 |
Detected | |
Avira | HEUR/Rtf.Malformed |
Antiy-AVL | Trojan[Exploit]/MSOffice.CVE-2017-11882 |
Arcabit | Exploit.RTF-ObfsObjDat.Gen |
ZoneAlarm | HEUR:Exploit.MSOffice.Generic |
GData | Exploit.RTF-ObfsObjDat.Gen |
Varist | CVE-2017-11882.C.gen!Camelot |
AhnLab-V3 | RTF/Malform-A.Gen |
Zoner | Probably Heur.RTFBadHeader |
MAX | malware (ai score=82) |
Fortinet | MSOffice/CVE_2017_11882.DMP!exploit |
AVG | OLE:CVE-2017-11882 [Expl] |