General Information

  • Date:08.11.2019
  • Duration:0h 12m 11s
  • Sample file name:a.doc
  • Cookbook:defaultwindowsofficecookbook.jbs
  • Icon:
  • Filetype:doc

Detection

MALICIOUS
Get2Downloader
    • Found 11 malicious signatures
    • Contacts 2 domains/IPs
    • Launches 1 processes
    • Drops 16 files

Signature Overview

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Contacted Public IPs

    IP Country Flag ASN ASN Name Malicious
    195.123.246.12
    Bulgaria
    204957 unknown false

    Contacted Domains

    Name IP Active
    microsoft-hub-us.com 195.123.246.12 true
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 signatures2 2 Behavior Graph ID: 188550 Sample: a.doc Startdate: 08/11/2019 Architecture: WINDOWS Score: 100 16 Antivirus or Machine Learning detection for dropped file 2->16 18 Antivirus or Machine Learning detection for sample 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 6 other signatures 2->22 5 WINWORD.EXE 36 54 2->5         started        process3 dnsIp4 14 microsoft-hub-us.com 195.123.246.12, 443, 49221 unknown Bulgaria 5->14 10 C:\Users\user\AppData\...\scheduler_a.dll, PE32 5->10 dropped 12 C:\Users\user\Desktop\~$a.doc, data 5->12 dropped 24 Document exploit detected (creates forbidden files) 5->24 26 DLL side loading technique detected 5->26 file5 signatures6