19946f67da2384266eeac70e3956c213dce0958f3af7d6bfa5e28ea13cfb3912 (SHA256)
dhl_invoice_18553.doc
Created at 2018-05-29 01:38:00
Notifications (2/2)
Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.
The overall sleep time of all monitored processes was truncated from "10 seconds" to "10 seconds" to reveal dormant functionality.
Severity | Category | Operation | Classification | |
---|---|---|---|---|
5/5
|
Anti Analysis | Tries to detect virtual machine | - | |
|
||||
5/5
|
File System | Modifies application directory | - | |
|
||||
|
||||
5/5
|
OS | Modifies certificate store | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
5/5
|
File System | Creates an unusually large number of files | - | |
|
||||
5/5
|
File System | Encrypts content of user files | Ransomware | |
|
||||
4/5
|
Process | Creates process | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
4/5
|
Network | Downloads data | Downloader | |
|
||||
|
||||
|
||||
|
||||
3/5
|
Persistence | Installs system startup script or application | - | |
|
||||
3/5
|
Network | Performs DNS request | - | |
|
||||
3/5
|
Browser | Reads data related to browser cookies | - | |
|
||||
3/5
|
Browser | Reads data related to browsing history | - | |
|
||||
3/5
|
Network | Checks external IP address | - | |
|
||||
3/5
|
PE | Executes dropped PE file | - | |
|
||||
2/5
|
File System | Associated with suspicious files | - | |
|
||||
2/5
|
Network | Associated with known malicious/suspicious URLs | - | |
|
||||
|
||||
|
||||
2/5
|
Network | Connects to HTTP server | - | |
|
||||
|
||||
|
||||
|
||||
2/5
|
PE | Drops PE file | Dropper | |
|
||||
|
||||
2/5
|
VBA Macro | Creates suspicious COM object | - | |
|
||||
2/5
|
VBA Macro | Contains ability to read/write files | - | |
|
||||
1/5
|
Process | Creates system object | - | |
|
||||
1/5
|
Process | Overwrites code | - | |
|
||||
1/5
|
VBA Macro | Executes macro on specific worksheet event | - | |
|