70fa2300...7665 | Environment
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Downloader
Threat Names:
VBA:Amphitryon.1265
Gen:Variant.Graftor.596138
Gen:Variant.Zusy.308149
...

Pyongyang stores low on foreign goods amid North Korean COVID-19 paranoia.doc

Word Document

Created 4 years ago

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "11 minutes" to "1 minute, 50 seconds" to reveal dormant functionality.

Virtual Machine Information

Namewin10_64_rs2_japanese
DescriptionWindows 10 x64 Japanese
Architecturex86 64-bit
Operating SystemWindows 10 Redstone 2
Kernel Version10.0.15063.540 (f6f48955-5489-4b24-b4df-942361f0730d)
Network Scheme NameLocal Gateway
Network Config NameLocal Gateway

Analyzer Information

Analyzer Version3.2.2
Dynamic Engine Version3.2.2 / 2020-06-03 06:06 (UTC+)
Static Engine Version1.3.0 / 2020-06-03 06:06 (UTC+)
Local AV VersionAVCORE v2.1 Linux/x86_64 11.0.1.19 (January 14, 2020)
Local AV Database Update Release Date2020-12-23 13:43:55+00:00
VTI Ruleset Version3.6
YARA Built-in Ruleset Version1.5
Analysis Report Layout Version7

Software Information

Adobe Acrobat Reader Version18.009.20050
Microsoft OfficeMicrosoft Office
Microsoft Office Version16.0.12228.20364
Internet Explorer Version11.540.15063.0
Chrome Version61.0.3163.79
Firefox Version71.0
Flash Version25.0.0.148
Java Version8.0.1440.1

System Information

Sample DirectoryC:\Users\FD1HVy\Desktop
Computer NameNQDPDE
User DomainNQDPDE
User NameFD1HVy
User ProfileC:\Users\FD1HVy
Temp DirectoryC:\Users\FD1HVy\AppData\Local\Temp
System RootC:\WINDOWS

Randomly Created Artifacts

This section provides information about processes and files that were created before the analysis was started. This is one of many steps designed to make the analysis system look more realistic and prevent evasion by environment aware malware. The number of randomly generated artifacts can be changed in the configuration.

»
Processes (19)
»
Files (272)
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image