Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | July 24, 2024, 9:08 a.m. | July 24, 2024, 9:12 a.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\simplethingseverywherehappeningwithgreatthingstobeonlinewithgreatattitudeandentirethingsgreat_______wenicetogetmebackwithnew.doc
1952
Name | Response | Post-Analysis Lookup |
---|---|---|
pastecode.dev | 172.66.40.229 |
Suricata Alerts
Suricata TLS
Flow | Issuer | Subject | Fingerprint |
---|---|---|---|
TLSv1 192.168.56.103:49165 172.66.43.27:443 |
C=US, O=Google Trust Services, CN=WE1 | CN=pastecode.dev | d9:2a:74:a8:39:b7:f5:58:35:8b:6b:79:ec:51:d6:73:e6:0f:03:b8 |
TLSv1 192.168.56.103:49167 172.66.43.27:443 |
None | None | None |
suspicious_features | Connection to IP address | suspicious_request | GET http://46.183.222.11/938/simpleweightcreatednicething.gIF | ||||||
suspicious_features | GET method with no useragent header, Connection to IP address | suspicious_request | GET http://198.46.176.133/Upload/vbs.jpeg |
request | GET http://46.183.222.11/938/simpleweightcreatednicething.gIF |
request | GET http://198.46.176.133/Upload/vbs.jpeg |
request | GET https://pastecode.dev/raw/6l7qjjrz/paste1.txt |
file | C:\Users\test22\AppData\Local\Temp\~$mplethingseverywherehappeningwithgreatthingstobeonlinewithgreatattitudeandentirethingsgreat_______wenicetogetmebackwithnew.doc |
filetype_details | Rich Text Format data, version 1, unknown character set | filename | simplethingseverywherehappeningwithgreatthingstobeonlinewithgreatattitudeandentirethingsgreat_______wenicetogetmebackwithnew.doc |
host | 198.46.176.133 | |||
host | 46.183.222.11 |
Lionic | Trojan.MSOffice.ObfsObjDat.4!c |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
Skyhigh | BehavesLike.Trojan.nx |
ALYac | Exploit.RTF-ObfsObjDat.Gen |
VIPRE | Exploit.RTF-ObfsObjDat.Gen |
Sangfor | Malware.Generic-RTF.Save.9548b23d |
Arcabit | Exploit.RTF-ObfsObjDat.Gen |
Symantec | Exp.CVE-2017-11882!g2 |
ESET-NOD32 | multiple detections |
McAfee | RTFObfustream.c!ADFEE8B96208 |
Avast | RTF:Obfuscated-gen [Trj] |
Cynet | Malicious (score: 99) |
Kaspersky | UDS:DangerousObject.Multi.Generic |
BitDefender | Exploit.RTF-ObfsObjDat.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsObjDat.Gen |
Rising | Exploit.Generic!1.EB5C (CLASSIC) |
Emsisoft | Exploit.RTF-ObfsObjDat.Gen (B) |
F-Secure | Heuristic.HEUR/Rtf.Malformed |
DrWeb | Exploit.CVE-2017-11882.123 |
TrendMicro | HEUR_RTFMALFORM |
FireEye | Exploit.RTF-ObfsObjDat.Gen |
Sophos | Troj/RtfExp-EQ |
Ikarus | Exploit.CVE-2017-11882 |
Detected | |
Avira | TR/AVI.Obfuscated.twnbk |
Antiy-AVL | Trojan[Exploit]/MSOffice.CVE-2017-11882 |
Microsoft | Exploit:Win32/CVE-2017-11882!ml |
ZoneAlarm | HEUR:Exploit.MSOffice.Generic |
GData | Exploit.RTF-ObfsObjDat.Gen |
Varist | CVE-2017-11882.E.gen!Camelot |
AhnLab-V3 | RTF/Malform-A.Gen |
Zoner | Probably Heur.RTFObfuscation |
Tencent | Office.Exploit.Generic.Edhl |
MAX | malware (ai score=83) |
Fortinet | MSOffice/CVE_2017_11882.DMP!exploit |
AVG | RTF:Obfuscated-gen [Trj] |