Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 20, 2024, 9:23 a.m. | June 20, 2024, 9:26 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\llb.doc
1704
Name | Response | Post-Analysis Lookup |
---|---|---|
www.hissmjkl.com | 104.21.26.154 | |
www.noblessewine.com | ||
synergyinnovationsgroup.com | 199.217.106.226 | |
www.go2super.app |
CNAME
go2super.app
|
15.197.148.33 |
www.sqlite.org | 45.33.6.223 | |
www.seemorebooks.com |
CNAME
seemorebooks.com
|
66.228.55.6 |
Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://192.210.150.54/800/service.exe |
request | GET http://192.210.150.54/800/service.exe |
request | GET http://synergyinnovationsgroup.com/rTenPEVaZZd63.bin |
request | POST http://www.go2super.app/wgnm/ |
request | GET http://www.go2super.app/wgnm/?pY=Fa4WWJW4OAk9quC/liQ5qPCm6cq5UHInoPdIisE1PBrL79EG4mQIKlmV9v0gNsYws5soHWC75TgVD8ScXJuz3zKnezho/eF1xa+ohUcEmn2mEAmZPvlgVqrPRDgE59rzl73KHjo=&q7iu=YOnhTm3GvPBMIU |
request | GET http://www.sqlite.org/2017/sqlite-dll-win32-x86-3190000.zip |
request | POST http://www.seemorebooks.com/pi58/ |
request | GET http://www.seemorebooks.com/pi58/?pY=YYtcvmaEEn+7nyfxzWgh1us0l/woYfyMnrlu6Rjt4og+6FeMZ1IdpKDPKj+aPF1uuIq0gCsO4nwJKFBr1ceHHaYtBG7ACxwv7Iz3EuX+x6xrPs5Ey6eaPYfJ6s7i8ry1ERDc11U=&q7iu=YOnhTm3GvPBMIU |
request | POST http://www.hissmjkl.com/zadz/ |
request | GET http://www.hissmjkl.com/zadz/?pY=GqmOaWdq+kX/yRvyAZZwseYDvaTL8crr23pe6qvcgIhSte46GY4DIQa7ks3RQ77EfqOrO6E9ud6ta6vwJbbEPWpMvqhVaL5TSjftDGWhiRc7xSx2vvQWLWjMkFGYeWU0dOjwkWc=&q7iu=YOnhTm3GvPBMIU |
request | POST http://www.go2super.app/wgnm/ |
request | POST http://www.seemorebooks.com/pi58/ |
request | POST http://www.hissmjkl.com/zadz/ |
file | C:\Users\test22\AppData\Local\Temp\~$llb.doc |
host | 192.210.150.54 |
Lionic | Trojan.MSOffice.ObfsStrm.4!c |
Cynet | Malicious (score: 99) |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
Skyhigh | BehavesLike.Trojan.nx |
VIPRE | Exploit.RTF-ObfsStrm.Gen |
Sangfor | Malware.Generic-RTF.Save.ecfa366c |
Arcabit | Exploit.RTF-ObfsStrm.Gen |
Symantec | Exp.CVE-2017-11882!g2 |
ESET-NOD32 | Win32/Exploit.CVE-2017-11882.BLZ |
McAfee | RTFObfustream.c!3A8DF96DB2B8 |
Avast | OLE:CVE-2017-11882-B [Expl] |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Exploit.RTF-ObfsStrm.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsStrm.Gen |
Rising | Exploit.Generic!1.EB5C (CLASSIC) |
Emsisoft | Exploit.RTF-ObfsStrm.Gen (B) |
F-Secure | Heuristic.HEUR/Rtf.Malformed |
DrWeb | Exploit.ShellCode.69 |
TrendMicro | HEUR_RTFMALFORM |
FireEye | Exploit.RTF-ObfsStrm.Gen |
Sophos | Troj/RtfExp-EQ |
Ikarus | Exploit.CVE-2017-11882 |
Detected | |
Avira | HEUR/Rtf.Malformed |
Antiy-AVL | Trojan[Exploit]/OLE2.CVE-2017-11882 |
Kingsoft | Win32.Infected.AutoInfector.a |
Microsoft | Trojan:HTML/Casdet!rfn |
ZoneAlarm | HEUR:Exploit.MSOffice.Generic |
GData | Script.Trojan.Agent.BVTNK1 |
Varist | CVE-2017-11882.D.gen!Camelot |
AhnLab-V3 | RTF/Malform-A.Gen |
Zoner | Probably Heur.RTFBadHeader |
Tencent | Exp.Office.CVE-2017-11882.a |
MAX | malware (ai score=83) |
Fortinet | MSOffice/CVE_2017_11882.B!exploit |
AVG | OLE:CVE-2017-11882-B [Expl] |
alibabacloud | Exploit:MSOffice/Abnormal.B |