Fake Microsoft Word Invoice Analysis
| VTI by Score
Try VMRay Analyzer
|
VTI Score
100 / 100
|
|
| VTI Database Version | 2.6 |
| VTI Rule Match Count | 15 |
| VTI Rule Type | Documents |
|
Injection | Write into memory of another process |
|
|
"c:\users\hjrd1k~1\appdata\local\temp\8162.exe" modifies memory of "c:\users\hjrd1k~1\appdata\local\temp\8162.exe"
|
|||
|
|
Injection | Modify control flow of another process |
|
|
"c:\users\hjrd1k~1\appdata\local\temp\8162.exe" alters context of "c:\users\hjrd1k~1\appdata\local\temp\8162.exe"
|
|||
|
|
Process | Create process |
|
|
Create process "C:\Users\HJRD1K~1\AppData\Local\Temp\8162.exe".
|
|||
|
|
Process | Read from memory of an other process |
|
|
"c:\users\hjrd1k~1\appdata\local\temp\8162.exe" reads from "C:\Users\HJRD1K~1\AppData\Local\Temp\8162.exe".
|
|||
|
|
File System | Handle with malicious files |
|
|
File "c:\users\hjrd1koky ds8lujv\appdata\local\temp\8162.exe" is a known malicious file.
|
|||
|
|
Network | Perform DNS request |
|
|
Resolve "carbeyondstore.com".
|
|||
|
Resolve "www.carbeyondstore.com".
|
|||
|
Resolve "pxpgraphics.com".
|
|||
|
|
Network | Connect to remote host |
|
|
Outgoing TCP connection to host "72.52.246.64:80".
|
|||
|
Outgoing TCP connection to host "69.65.3.206:80".
|
|||
|
|
PE | Execute dropped PE file |
|
|
Execute dropped file "c:\users\hjrd1koky ds8lujv\appdata\local\temp\8162.exe".
|
|||
|
|
PE | Drop PE file |
|
|
Drop file "c:\users\hjrd1koky ds8lujv\appdata\local\temp\8162.exe".
|
|||
|
|
VBA Macro | Execute application |
|
|
Shell WkBDLdsmW, IDI5UPj
|
|||
|
|
Process | Create system object |
|
|
Create mutex with name "Global\.net clr networking".
|
|||
|
|
VBA Macro | Execute macro on specific worksheet event |
|
|
Execute macro on "Activate Workbook" event.
|
|||
