Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
AV Detection: |
---|
Found malware configuration |
Source: |
Malware Configuration Extractor: |
Multi AV Scanner detection for submitted file |
Source: |
ReversingLabs: |
Multi AV Scanner detection for dropped file |
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
Exploits: |
---|
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) |
Source: |
Process created: |
|||
Source: |
Process created: |
Jump to behavior |
Office Equation Editor has been started |
Source: |
Process created: |
Source: |
File opened: |
Jump to behavior |
Software Vulnerabilities: |
---|
Found inlined nop instructions (likely shell or obfuscated code) |
Source: |
Code function: |
6_2_00401500 | |
Source: |
Code function: |
6_2_00401500 | |
Source: |
Code function: |
6_2_0040285A | |
Source: |
Code function: |
6_2_0040285A | |
Source: |
Code function: |
6_2_00402C37 | |
Source: |
Code function: |
6_2_004028E2 | |
Source: |
Code function: |
6_2_00402CBF | |
Source: |
Code function: |
6_2_00402D4E | |
Source: |
Code function: |
6_2_00402DC9 | |
Source: |
Code function: |
6_2_00402E4B | |
Source: |
Code function: |
6_2_00402A14 | |
Source: |
Code function: |
6_2_00402EDD | |
Source: |
Code function: |
6_2_00402A97 | |
Source: |
Code function: |
6_2_00402F51 | |
Source: |
Code function: |
6_2_00402B19 | |
Source: |
Code function: |
6_2_004027D8 | |
Source: |
Code function: |
6_2_004027D8 | |
Source: |
Code function: |
6_2_00402B9A |
Potential document exploit detected (unknown TCP traffic) |
Source: |
TCP traffic: |
Potential document exploit detected (performs HTTP gets) |
Source: |
TCP traffic: |
Source: |
Memory has grown: |
Networking: |
---|
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) |
Source: |
Snort IDS: |
C2 URLs / IPs found in malware configuration |
Source: |
URLs: |
Internet Provider seen in connection with other malware |
Source: |
ASN Name: |
Downloads executable code via HTTP |
Source: |
HTTP traffic detected: |