3692f99b76663e864b3fae22828ab01021dcc50c33f5ec041aa3b055478a4ab2 (SHA256)
receipt_FedEX_4028873.doc
Created at 2018-12-06 22:25:00
Notifications (1/1)
The overall sleep time of all monitored processes was truncated from "45 seconds" to "30 seconds" to reveal dormant functionality.
Severity | Category | Operation | Classification | |
---|---|---|---|---|
5/5
|
Anti Analysis | Tries to detect virtual machine | - | |
|
||||
5/5
|
Injection | Writes into the memory of another running process | - | |
|
||||
4/5
|
Process | Creates process | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
4/5
|
Process | Reads from memory of another process | - | |
|
||||
4/5
|
OS | Disables a crucial system service | - | |
|
||||
|
||||
4/5
|
Process | Executes encoded PowerShell script | - | |
|
||||
4/5
|
Network | Downloads data | Downloader | |
|
||||
|
||||
|
||||
4/5
|
YARA | YARA match | - | |
|
||||
|
||||
3/5
|
Network | Checks external IP address | - | |
|
||||
3/5
|
Network | Connects to remote host | - | |
|
||||
3/5
|
PE | Executes dropped PE file | - | |
|
||||
2/5
|
File System | Known suspicious file | Exploit | |
|
||||
2/5
|
Network | Connects to HTTP server | - | |
|
||||
|
||||
|
||||
2/5
|
PE | Drops PE file | Dropper | |
|
||||
2/5
|
VBA Macro | Executes macro on specific worksheet event | - | |
|
||||
1/5
|
Process | Creates system object | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
1/5
|
Static | Contains suspicious meta data | - | |
|
||||
1/5
|
VBA Macro | Contains Office macro | - | |
|