Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | June 25, 2024, 9:09 a.m. | June 25, 2024, 9:11 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\notorious.doc
800
Name | Response | Post-Analysis Lookup |
---|---|---|
apps.identrust.com |
CNAME
a1952.dscq.akamai.net
CNAME
identrust.edgesuite.net
|
23.76.153.211 |
api.ipify.org | 172.67.74.152 | |
ipinfo.io | 34.117.186.192 | |
api.ip.sb | 104.26.13.31 | |
universalmovies.top | 104.21.74.191 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49168 104.26.12.31:443 |
C=US, O=Let's Encrypt, CN=R3 | CN=api.ip.sb | 56:08:4c:28:1c:71:43:01:67:cb:24:7f:37:f3:f9:bd:5d:e1:9b:93 |
TLSv1 192.168.56.103:49163 172.67.162.95:443 |
C=US, O=Google Trust Services LLC, CN=GTS CA 1P5 | CN=universalmovies.top | 67:bc:42:10:14:49:13:d3:52:bc:a7:fb:fc:bd:0e:1c:24:be:f9:a6 |
request | GET http://apps.identrust.com/roots/dstrootcax3.p7c |
request | GET https://universalmovies.top/ExtExport2.exe |
domain | universalmovies.top | description | Generic top level domain TLD |
domain | api.ipify.org |
domain | ipinfo.io |
file | C:\Users\test22\AppData\Local\Temp\~$torious.doc |
filetype_details | Rich Text Format data, version 1, unknown character set | filename | notorious.doc |
host | 185.38.142.10 |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
Skyhigh | BehavesLike.BadFile.jx |
ALYac | Exploit.RTF-ObfsObjDat.Gen |
VIPRE | Exploit.RTF-ObfsObjDat.Gen |
Sangfor | Malware.Generic-RTF.Save.1688859d |
Arcabit | Exploit.RTF-ObfsObjDat.Gen |
Symantec | Exp.CVE-2017-11882!g6 |
McAfee | RTFObfustream.c!2D1B096A33D1 |
Avast | RTF:Obfuscated-gen [Trj] |
Kaspersky | HEUR:Exploit.MSOffice.CVE-2018-0802.gen |
BitDefender | Exploit.RTF-ObfsObjDat.Gen |
MicroWorld-eScan | Exploit.RTF-ObfsObjDat.Gen |
Rising | Exploit.Generic!1.EB5C (CLASSIC) |
Emsisoft | Exploit.RTF-ObfsObjDat.Gen (B) |
DrWeb | Exploit.CVE-2018-0798.4 |
TrendMicro | HEUR_RTFMALFORM |
FireEye | Exploit.RTF-ObfsObjDat.Gen |
Ikarus | Exploit.RTF.Doc |
Detected | |
Microsoft | Exploit:Win32/CVE-2017-11882!ml |
ZoneAlarm | HEUR:Exploit.MSOffice.CVE-2018-0802.gen |
GData | Exploit.RTF-ObfsObjDat.Gen |
AhnLab-V3 | OLE/Cve-2018-0798.Gen |
Zoner | Probably Heur.RTFObfuscation |
MAX | malware (ai score=85) |
Fortinet | MSOffice/CVE_2018_0798.BOR!exploit |
AVG | RTF:Obfuscated-gen [Trj] |