Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 5, 2024, 9:15 a.m. | June 5, 2024, 9:20 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\lionsarekingofthejunglewhoruletheworldtounderstandhowmuchpowerfulthelionsarekingofthejungleneitreworldintogetitback___thinkthejungleoflionsare.doc
840
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49162 -> 198.23.227.213:80 | 2016141 | ET INFO Executable Download from dotted-quad Host | Potentially Bad Traffic |
TCP 198.23.227.213:80 -> 192.168.56.103:49162 | 2022050 | ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M1 | A Network Trojan was detected |
TCP 198.23.227.213:80 -> 192.168.56.103:49162 | 2018959 | ET POLICY PE EXE or DLL Windows file download HTTP | Potential Corporate Privacy Violation |
TCP 198.23.227.213:80 -> 192.168.56.103:49162 | 2022051 | ET MALWARE Likely Evil EXE download from dotted Quad by MSXMLHTTP M2 | A Network Trojan was detected |
TCP 198.23.227.213:80 -> 192.168.56.103:49162 | 2021076 | ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response | Potentially Bad Traffic |
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://198.23.227.213/20040/igcc.exe |
request | GET http://198.23.227.213/20040/igcc.exe |
file | C:\Users\test22\AppData\Local\Temp\~$onsarekingofthejunglewhoruletheworldtounderstandhowmuchpowerfulthelionsarekingofthejungleneitreworldintogetitback___thinkthejungleoflionsare.doc |
host | 198.23.227.213 | |||
host | 45.33.6.223 |
Lionic | Trojan.MSOffice.ObfsObjDat.4!c |
Cynet | Malicious (score: 99) |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
ALYac | Exploit.RTF-ObfsObjDat.Gen |
VIPRE | Exploit.RTF-ObfsObjDat.Gen |
Sangfor | Malware.Generic-RTF.Save.7ed0c0ab |
Arcabit | Exploit.RTF-ObfsObjDat.Gen |
Symantec | Exp.CVE-2017-11882!g2 |
ESET-NOD32 | multiple detections |
McAfee | RTFObfustream.c!C5858E4C6905 |
Avast | OLE:CVE-2017-11882 [Expl] |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Exploit.RTF-ObfsObjDat.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsObjDat.Gen |
Rising | Exploit.Generic!1.EB5C (CLASSIC) |
Emsisoft | Exploit.RTF-ObfsObjDat.Gen (B) |
F-Secure | Heuristic.HEUR/Rtf.Malformed |
DrWeb | Exploit.CVE-2017-11882.123 |
TrendMicro | HEUR_RTFMALFORM |
FireEye | Exploit.RTF-ObfsObjDat.Gen |
Sophos | Troj/RtfExp-EQ |
Ikarus | Win32.Outbreak |
Detected | |
Avira | HEUR/Rtf.Malformed |
Antiy-AVL | Trojan[Exploit]/MSOffice.CVE-2017-11882 |
Kingsoft | Win32.Infected.AutoInfector.a |
Microsoft | Exploit:O97M/CVE-2017-11882.VRP!MTB |
ZoneAlarm | HEUR:Exploit.MSOffice.Generic |
GData | Exploit.RTF-ObfsObjDat.Gen |
Varist | CVE-2017-11882.D.gen!Camelot |
AhnLab-V3 | RTF/Malform-A.Gen |
Zoner | Probably Heur.RTFBadHeader |
Tencent | Office.Exploit.Generic.Hplw |
MAX | malware (ai score=87) |
Fortinet | MSOffice/CVE_2017_11882.DMP!exploit |
AVG | OLE:CVE-2017-11882 [Expl] |
alibabacloud | Exploit:MSOffice/Abnormal.B |