4ef2c020a2f45b6891a9094d5a042472417657961c05358f67ef58e7e8f9d4c4 (SHA256)
RFQ13262.docx
Created at 2018-11-27 09:36:00
Notifications (2/3)
The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.
Severity | Category | Operation | Classification | |
---|---|---|---|---|
5/5
|
Anti Analysis | Makes undocumented API calls to possibly evade hooking based sandboxes | - | |
|
||||
|
||||
|
||||
|
||||
5/5
|
File System | Modifies operating system directory | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
5/5
|
Anti Analysis | Tries to detect kernel debugger | - | |
|
||||
5/5
|
Anti Analysis | Tries to detect virtual machine | - | |
|
||||
5/5
|
File System | Creates an unusually large number of files | - | |
|
||||
5/5
|
Anti Analysis | Makes direct system call to possibly evade hooking based sandboxes | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
5/5
|
Injection | Writes into the memory of another running process | - | |
|
||||
|
||||
|
||||
|
||||
5/5
|
Injection | Modifies control flow of another process | - | |
|
||||
|
||||
5/5
|
Injection | Modifies control flow of a process running from a created or modified executable | - | |
|
||||
5/5
|
YARA | YARA match | Exploit | |
|
||||
4/5
|
Process | Creates process | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
4/5
|
Process | Reads from memory of another process | - | |
|
||||
|
||||
|
||||
4/5
|
Network | Reads network configuration | - | |
|
||||
4/5
|
Network | Downloads data | Downloader | |
|
||||
3/5
|
Anti Analysis | Delays execution | - | |
|
||||
3/5
|
Network | Performs DNS request | - | |
|
||||
|
||||
|
||||
3/5
|
Persistence | Installs system startup script or application | - | |
|
||||
3/5
|
Browser | Reads data related to saved browser credentials | - | |
|
||||
3/5
|
Network | Connects to remote host | - | |
|
||||
3/5
|
PE | Executes dropped PE file | - | |
|
||||
3/5
|
Process | Process crashed | - | |
|
||||
2/5
|
Anti Analysis | Tries to detect debugger | - | |
|
||||
2/5
|
Static | Possible phishing document | - | |
|
||||
2/5
|
Network | Associated with known malicious/suspicious URLs | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
2/5
|
Network | Connects to HTTP server | - | |
|
||||
|
||||
2/5
|
PE | Drops PE file | Dropper | |
|
||||
1/5
|
Process | Creates system object | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
1/5
|
Process | Overwrites code | - | |
|
||||
1/5
|
Static | Unparsable sections in file | - | |
|
||||
1/5
|
Static | Contains suspicious meta data | - | |
|