Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Nov. 11, 2024, 9:41 a.m.	Nov. 11, 2024, 10:04 a.m.

Size	15.3KB
Type	ASCII text, with very long lines, with CRLF line terminators
MD5	`53eac0d35066ed3fbce4e52ca06fec42`
SHA256	`8cd167a8eb67a290731a2a7ec65de32702488bc9245651fb847dc71af8d7991f`
CRC32	`8A848387`
ssdeep	`192:r6K6O6d6L6+6o686+6U6/6m6VD61636U6D6X6H6K6Y6L6U6N6j6p6M6D6C666H6q:O/`
Yara	Antivirus - Contains references to security software

WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\Manger.docx
1648

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

file	C:\Users\test22\AppData\Local\Temp\~$Manger.docx

Time & API	Arguments	Status	Return	Repeated
NtCreateFile Nov. 11, 2024, 9:41 a.m.	create_disposition: 5 (FILE_OVERWRITE_IF) file_handle: 0x00000488 filepath: C:\Users\test22\AppData\Local\Temp\~$Manger.docx desired_access: 0x40100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$Manger.docx create_options: 4194400 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 2 (FILE_CREATED) share_access: 0 ()	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Nov. 11, 2024, 9:41 a.m.	process_identifier: 1648 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x7ef80000 process_handle: 0xffffffff	1	0	0

Lionic	Trojan.Script.Alien.4!c
CTX	vba.trojan.alien
ALYac	Application.Generic.3823617
VIPRE	Application.Generic.3823617
Arcabit	Application.Generic.D3A5801
VirIT	Trojan.VBS.Agent.HGQ
Symantec	ISB.Downloader!gen80
ESET-NOD32	PowerShell/Runner.A suspicious
Avast	Script:SNH-gen [PUP]
Kaspersky	HEUR:Trojan.VBS.Alien.gen
BitDefender	Application.Generic.3823617
MicroWorld-eScan	Application.Generic.3823617
Rising	PUF.Runner/PS!8.188C4 (TOPIS:E0:V57SxEang5G)
Emsisoft	Application.Generic.3823617 (B)
DrWeb	Trojan.MulDrop28.38192
Ikarus	Trojan.PowerShell.Agent
FireEye	Application.Generic.3823617
Google	Detected
Kingsoft	Win32.Troj.Undef.a
Microsoft	Trojan:VBS/AsyncRAT.RTCR!MTB
ZoneAlarm	HEUR:Trojan.VBS.Alien.gen
GData	Application.Generic.3823617
Varist	VBS/Agent.BOL!Eldorado
Tencent	Vbs.Trojan.Alien.Vdkl
huorong	TrojanDownloader/PS.NetLoader.fk
AVG	Script:SNH-gen [PUP]

Manger.docx