Try VMRay Platform
Malicious
Classifications

Spyware Exploit Downloader

Threat Names

Mal/HTMLGen-A Mal/Generic-S AgentTesla

Dynamic Analysis Report

Created on 2023-08-02T11:06:21+00:00

ed248657afc15600a6b8e5b9cfa94203f9bfeda0ebd1a3007356e99836adeddf.rtf

RTF Document
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\ed248657afc15600a6b8e5b9cfa94203f9bfeda0ebd1a3007356e99836adeddf.rtf Sample File RTF
Malicious
...
»
MIME Type text/rtf
File Size 48.82 KB
MD5 bc89a42094fac06d565983f94cb4fa2a Copy to Clipboard
SHA1 d7a9a95e4a4b3c4a1e60262fece5e041f18c002c Copy to Clipboard
SHA256 ed248657afc15600a6b8e5b9cfa94203f9bfeda0ebd1a3007356e99836adeddf Copy to Clipboard
SSDeep 768:UwAbZSibMX9gRWjUsFc5vg4SfnEgLSnKXjFSr/jcYxd/TL9d:UwAlRtg4SfnEgL9jUjjcY/LLL Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
Office Information
»
Document Content Snippet
» 
99488146please click Enable editing from the yellow bar above.The independent auditors’ opinion says the financial statements are fairly stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit’s) employees in the normal course of performing their duties. If the auditors detect an unexpected material misstatement during your audit, it could indicate that your internal controls are not functioning properly. Conver
C:\Users\RDhJ0CNFevzX\AppData\Roaming\lawserhgj5784.exe Downloaded File Binary
Malicious
...
»
Also Known As c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\e5tft0zi\lawzx[1].exe (Downloaded File, Extracted File)
MIME Type application/vnd.microsoft.portable-executable
File Size 747.50 KB
MD5 f7687a10bf31777ddad97b1d0907bdc6 Copy to Clipboard
SHA1 85c1582ebcd476730ec5e098b58078c8d803063d Copy to Clipboard
SHA256 4e8962c45fb4aa831a15ec2c5db19d6949c7426fa65ed3ed58ab794ad09e9f04 Copy to Clipboard
SSDeep 12288:S5MYOdXvdBXN+kkAABjVyfHyvWzR9MHSECeuTivne1bttQfPkp6:S6Nd/dBXhkAAq/NjMHSECRTivSbIfPk Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
File Reputation Information
»
Verdict
Malicious
PE Information
»
Image Base 0x00400000
Entry Point 0x004BBCCA
Size Of Code 0x000B9E00
Size Of Initialized Data 0x00000E00
File Type IMAGE_FILE_EXECUTABLE_IMAGE
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2023-08-02 03:41 (UTC+2)
Version Information (11)
»
Comments -
CompanyName Microsoft
FileDescription WindowsFormsApplication1
FileVersion 1.0.0.0
InternalName FoNW.exe
LegalCopyright Copyright © Microsoft 2011
LegalTrademarks -
OriginalFilename FoNW.exe
ProductName WindowsFormsApplication1
ProductVersion 1.0.0.0
Assembly Version 1.0.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x00402000 0x000B9CD0 0x000B9E00 0x00000200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 7.74
.rsrc 0x004BC000 0x00000B08 0x00000C00 0x000BA000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.64
.reloc 0x004BE000 0x0000000C 0x00000200 0x000BAC00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain - 0x00402000 0x000BBC9E 0x000B9E9E 0x00000000
Memory Dumps (17)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point YARA Actions
lawserhgj5784.exe 3 0x00560000 0x0061FFFF Relevant Image False 32-bit - False
...
buffer 3 0x04870000 0x04879FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 3 0x04880000 0x04883FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 3 0x07660000 0x076D4FFF Reflectively Loaded .NET Assembly False 32-bit - False
...
buffer 6 0x00400000 0x00441FFF Content Changed False 32-bit - False
...
lawserhgj5784.exe 6 0x00A10000 0x00ACFFFF Relevant Image False 32-bit - False
...
lawserhgj5784.exe 3 0x00560000 0x0061FFFF Process Termination False 32-bit - False
...
buffer 6 0x0519E000 0x0519FFFF First Network Behavior False 32-bit - False
...
buffer 6 0x0493E000 0x0493FFFF First Network Behavior False 32-bit - False
...
buffer 6 0x04F5E000 0x04F5FFFF First Network Behavior False 32-bit - False
...
buffer 6 0x04B5C000 0x04B5FFFF First Network Behavior False 32-bit - False
...
buffer 6 0x0444E000 0x0444FFFF First Network Behavior False 32-bit - False
...
buffer 6 0x00189000 0x0018FFFF First Network Behavior False 32-bit - False
...
buffer 6 0x00400000 0x00441FFF First Network Behavior False 32-bit - False
...
lawserhgj5784.exe 6 0x00A10000 0x00ACFFFF First Network Behavior False 32-bit - False
...
buffer 6 0x00400000 0x00441FFF Final Dump False 32-bit - False
...
lawserhgj5784.exe 6 0x00A10000 0x00ACFFFF Final Dump False 32-bit - False
...
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
UNKNOWN_1 Extracted File Stream
Clean
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\ed248657afc15600a6b8e5b9cfa94203f9bfeda0ebd1a3007356e99836adeddf.rtf
MIME Type application/octet-stream
File Size 2.50 KB
MD5 eaf3197d1551c1bd69c4fbacfe624682 Copy to Clipboard
SHA1 5c8eed91fdb68eeebff3ada76337c0d01afcf7ee Copy to Clipboard
SHA256 6bbd7a5c0862f58e8d3f08a5267cf794edbef4661e58bd17cfdd7cafc879b47f Copy to Clipboard
SSDeep 48:HYkPbj1Kt1Bo5Lb/UCNLKR/UIu+9peak6p:HnPElMjUmKdUWTeafp Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image