General Information

  • Date:16.04.2018
  • Duration:0h 2m 47s
  • Sample file name:sysinfo.T5mCOsTSVj56b5NsSeOi7Q.xml
  • Cookbook:default.jbs
  • Icon:
  • Filetype:xml

Detection

CLEAN
    • Found 1 malicious signature
    • Contacts 1 domain/IP
    • Launches 4 process
    • Drops 20 file

Signature Overview

    windows-stand
    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Contacted IPs

    IP Country Flag ASN ASN Name Malicious
    8.8.8.8 United States
    		15169 GOOGLE-GoogleIncUS false
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    behaviorgraph top1 process2 2 Behavior Graph ID: 55044 Sample: sysinfo.T5mCOsTSVj56b5NsSeOi7Q.xml Startdate: 16/04/2018 Architecture: WINDOWS Score: 2 7 MSOXMLED.EXE 2 10 2->7         started        process3 9 iexplore.exe 34 57 7->9         started        dnsIp4 16 8.8.8.8, 50323, 50900, 51075 GOOGLE-GoogleIncUS United States 9->16 12 iexplore.exe 13 9->12         started        process5 process6 14 ssvagent.exe