Try VMRay Platform
Malicious
Classifications

Downloader Exploit

Threat Names

Mal/HTMLGen-A

Dynamic Analysis Report

Created 2 years ago

Bank details.doc.rtf

RTF Document
...

VMRay Threat Identifiers (8 rules, 8 matches)

ScoreCategoryOperationCountClassification
5/5
System ModificationModifies operating system directory1-
4/5
ExploitExploits a vulnerability in MS Office1Exploit
4/5
Network ConnectionDownloads executable1Downloader
4/5
Network ConnectionAttempts to connect through HTTP1-
4/5
ExecutionDocument tries to create process1-
4/5
ReputationMalicious file detected via reputation1-
4/5
ReputationMalicious host or URL detected via reputation1-
2/5
Anti AnalysisTries to detect debugger1-

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Exploitation for Client Execution
Persistence
Privilege Escalation
Defense Evasion
Credential Access
Discovery
Lateral Movement
Remote File Copy
Collection
Command and Control
Remote File Copy
Standard Application Layer Protocol
Exfiltration
Impact

Sample Information

ID#8608244
MD5
ed242be953e58e86d97af7f85e2959ce
SHA1
a48f55176bb38dbe83f99b64035407bae95fbeb9
SHA256
8badd7a5fe0794d035783f9afcb7fc3af9a354f3cfb96acb080d3fb53658bb03
SSDeep
768:KwAbZSibMX9gRWjawP6x05z1g7H/weVsKsb0xtfiY7XOFvIas:KwAlR5wSUGH/sQxtfiY7XOFvIas
File NameBank details.doc.rtf
File Size89.67 KB
Sample TypeRTF Document
Has Macros

Analysis Information

Creation Time2023-08-15 06:08 (UTC+)
Analysis Duration00:04:03
Termination ReasonTimeout
Number of Monitored Processes3
Execution Successful
Reputation Enabled
Built-in AV Enabled
Number of AV Matches0
YARA Enabled
Number of YARA Matches0
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image