Category | Machine | Started | Completed |
---|---|---|---|
FILE | s1_win7_x6403_us | Sept. 22, 2024, 3:06 p.m. | Sept. 22, 2024, 3:08 p.m. |
-
WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\feelniceforgivenmegreatthingstobegreatforgetbacknicepictureofmygirlfrinedwhoreallylovedeveryonetogetmebackwithherlifesheisbeauty______nicegirliseenforeverme.doc
2056
Name | Response | Post-Analysis Lookup |
---|---|---|
ia600100.us.archive.org | 207.241.227.240 |
Suricata Alerts
Flow | SID | Signature | Category |
---|---|---|---|
TCP 192.168.56.103:49168 -> 207.241.227.240:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
TCP 192.168.56.103:49167 -> 207.241.227.240:443 | 906200054 | SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) | undefined |
Suricata TLS
No Suricata TLS
suspicious_features | Connection to IP address | suspicious_request | GET http://172.236.19.62/340/nicepictureforeveryoneseegood.tIF |
request | GET http://172.236.19.62/340/nicepictureforeveryoneseegood.tIF |
file | C:\Users\test22\AppData\Local\Temp\~$elniceforgivenmegreatthingstobegreatforgetbacknicepictureofmygirlfrinedwhoreallylovedeveryonetogetmebackwithherlifesheisbeauty______nicegirliseenforeverme.doc |
filetype_details | Rich Text Format data, version 1, unknown character set | filename | feelniceforgivenmegreatthingstobegreatforgetbacknicepictureofmygirlfrinedwhoreallylovedeveryonetogetmebackwithherlifesheisbeauty______nicegirliseenforeverme.doc |
host | 172.236.19.62 |
Bkav | W32.Common.49810A19 |
Lionic | Trojan.MSOffice.ObfsObjDat.4!c |
Cynet | Malicious (score: 99) |
CTX | rtf.exploit-kit.obfuscated |
CAT-QuickHeal | Exp.RTF.Obfus.Gen |
Skyhigh | BehavesLike.Trojan.nx |
ALYac | Exploit.RTF-ObfsObjDat.Gen |
VIPRE | Exploit.RTF-ObfsObjDat.Gen |
Sangfor | Malware.Generic-RTF.Save.ecfa366c |
Arcabit | Exploit.RTF-ObfsObjDat.Gen |
VirIT | Trojan.RTF.Heur.A |
Symantec | Exp.CVE-2017-11882!g2 |
ESET-NOD32 | multiple detections |
TrendMicro-HouseCall | Trojan.W97M.REMCOS.YXEIMZ |
Avast | RTF:Obfuscated-gen [Trj] |
Kaspersky | HEUR:Exploit.MSOffice.Generic |
BitDefender | Exploit.RTF-ObfsObjDat.Gen |
NANO-Antivirus | Exploit.Rtf.Heuristic-rtf.dinbqn |
MicroWorld-eScan | Exploit.RTF-ObfsObjDat.Gen |
Rising | Exploit.Generic!1.EB5C (CLASSIC) |
Emsisoft | Exploit.RTF-ObfsObjDat.Gen (B) |
F-Secure | Trojan.TR/AVI.Obfuscated.wtwnv |
DrWeb | Exploit.CVE-2017-11882.123 |
TrendMicro | Trojan.W97M.REMCOS.YXEIMZ |
Sophos | Troj/RtfExp-EQ |
Ikarus | Exploit.CVE-2017-11882 |
FireEye | Exploit.RTF-ObfsObjDat.Gen |
Detected | |
Avira | TR/AVI.Obfuscated.wtwnv |
Antiy-AVL | Trojan[Exploit]/MSOffice.CVE-2017-11882 |
Microsoft | Trojan:Script/Wacatac.B!ml |
ZoneAlarm | HEUR:Exploit.MSOffice.Generic |
GData | Exploit.RTF-ObfsObjDat.Gen |
Varist | CVE-2017-11882.E.gen!Camelot |
AhnLab-V3 | RTF/Malform-A.Gen |
McAfee | RTFObfustream.c!2DB98A27E71F |
Zoner | Probably Heur.RTFObfuscation |
Tencent | Office.Exploit.Generic.Eflw |
huorong | Exploit/CVE-2017-11882.g |
Fortinet | MSOffice/CVE_2017_11882.DMP!exploit |
AVG | RTF:Obfuscated-gen [Trj] |