540b64d8...467b | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Spyware
Keylogger
Exploit
...
Threat Names:
Exploit.RTF-ObfsStrm.Gen
Gen:Variant.Graftor.807433
VBS.Heur.Laburrak.7.Gen
...

tmpeml_attach_for_scan8939506995a312b8dcb233913095b87d.file.rtf

RTF Document

Created at 2020-08-04T23:24:00

...

Remarks (2/2)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "2 hours, 8 minutes, 9 seconds" to "1 minute, 20 seconds" to reveal dormant functionality.

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
Filename Category Type Severity Actions
C:\Users\aETAdzjz\Desktop\tmpeml_attach_for_scan8939506995a312b8dcb233913095b87d.file.rtf Sample File RTF
Malicious
...
»
Mime Type text/rtf
File Size 876.98 KB
MD5 8939506995a312b8dcb233913095b87d Copy to Clipboard
SHA1 e2cbde1aed4d883cf323c38f6815880cfc0ac2b3 Copy to Clipboard
SHA256 540b64d8ff20e06cbed0655940f17cd6713b0196b8dab56cd5e54682bbf0467b Copy to Clipboard
SSDeep 24576:HORRl63w6w18cq14GnDFVFMj/igpoSHi/bXNYWLJ7MUrqrp9XWl:/ Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
Office Information
»
Controls (1)
»
CLSID Control Name Associated Vulnerability
{00021700-0000-0000-C000-000000000046} Equation3 CVE-2017-11882
Local AV Matches (1)
»
Threat Name Severity
Exploit.RTF-ObfsStrm.Gen
Malicious
C:\Users\aETAdzjz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\web.vbs Dropped File Text
Malicious
...
»
Mime Type text/x-vbscript
File Size 131 Bytes
MD5 cfffb3e4972e59619a12081ace8aa890 Copy to Clipboard
SHA1 50047955493523edd640cb292381d51b43500ae7 Copy to Clipboard
SHA256 d4dda2967d6f0519cf34375eb713f1886258b6d44fe9661f3e6dfe262ad47fa5 Copy to Clipboard
SSDeep 3:xLadGEm0lG81xuMJHMw1PvHHoJxzp4EaKC5vE5+NwNHRkn:xLMGN0l7xkw1PvHI/zpJaZ5csw4n Copy to Clipboard
ImpHash -
Local AV Matches (1)
»
Threat Name Severity
VBS.Heur.Laburrak.7.Gen
Malicious
C:\Users\aETAdzjz\AppData\Roaming\appdata\sjfhjjskfsf.exe Downloaded File Binary
Malicious
...
»
Also Known As c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\x9ohk109\eic[1].exe (Downloaded File)
C:\Users\aETAdzjz\AppData\Roaming\DUE.exe (Downloaded File)
Parent File analysis.pcap
Mime Type application/vnd.microsoft.portable-executable
File Size 922.00 KB
MD5 93432a3dd327449aad876325370d6daa Copy to Clipboard
SHA1 643c0f418f5c5e53e079a710518814acc7e911c9 Copy to Clipboard
SHA256 5caf50c8907738643bd5648927c52306bf9177cb178065d1ee08590a0d37f0c9 Copy to Clipboard
SSDeep 24576:+nczvIYl83a2LAe2o99i7a+o+tw9BBN9Xk:+mA22se2c07d5w9BB/k Copy to Clipboard
ImpHash -
Local AV Matches (1)
»
Threat Name Severity
Gen:Variant.Graftor.807433
Malicious
aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13/Screenshot.jpeg Embedded File Image
Unknown
...
»
Parent File C:\Users\aETAdzjz\AppData\Local\A8D24E6933\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip
Mime Type image/jpeg
File Size 50.19 KB
MD5 9884e492bf1feb21d364bb323a173123 Copy to Clipboard
SHA1 67194dae5c9d1f890c2211b5b73173cb0bdbc281 Copy to Clipboard
SHA256 000d10d343a03d9d2c3a8874fd941f53003efb7e03b81314fdc96695126001b5 Copy to Clipboard
SSDeep 768:/TcP1v6TKNQnYmkqBfEG/RnBHCptqZ3lVB5SmiCZYDwCMmQ1ft0ABq5+U1gnUx3B:bgVQYPqT3HCPwHB5kCblXq58ofp Copy to Clipboard
ImpHash -
aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13/Log.txt Embedded File Text
Unknown
...
»
Parent File C:\Users\aETAdzjz\AppData\Local\A8D24E6933\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip
Mime Type text/plain
File Size 1.32 KB
MD5 eea5a49b6e215e2a1d8bce76160e13b0 Copy to Clipboard
SHA1 452ddeebfe4efc0e4cfb113931b3287909a89712 Copy to Clipboard
SHA256 115295b594528e5b5e5c38023124ac2d0e7c7938ab3d7d7fefd6321e9f99268b Copy to Clipboard
SSDeep 24:zxnNMZxB44/SZlZyS7fPRiy2WsnGyJkdEiJWFiKVj5J80:ztA7B8ZZYCsGJjJWFttJ80 Copy to Clipboard
ImpHash -
C:\Users\aETAdzjz\AppData\Local\A8D24E6933\aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13.zip Dropped File ZIP
Unknown
...
»
Also Known As C:\Users\aETAdzjz\AppData\Local\A8D24E6933\DotNetZip-trk1nfn0.tmp (Dropped File)
Mime Type application/zip
File Size 40.80 KB
MD5 4df391c23ff34c4b4edd6a8a58ce1cd5 Copy to Clipboard
SHA1 c935abca7c85516230d862ece877a32a37427829 Copy to Clipboard
SHA256 5f33dd0a78b3eda2ccc3f70e50b775cd33e1cb5f061319bc2bba1665f7af0db7 Copy to Clipboard
SSDeep 768:UfrK/PiI0aXG3pnAnHh5hXjeBXRMyu+eZOcjEZm1tsXtGjnrs7T6Us2ylL25VG:crK/PFHeJXBeZOcIZ+tscjG6HhsVG Copy to Clipboard
ImpHash -
Archive Information
»
Number of Files 2
Number of Folders 1
Size of Packed Archive Contents 39.98 KB
Size of Unpacked Archive Contents 51.51 KB
File Format zip
Contents (2)
»
Filename Packed Size Unpacked Size Compression Is Encrypted Modify Time Actions
aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13/Screenshot.jpeg 39.33 KB 50.19 KB Deflate False 2020-08-05 01:28 (UTC+2)
...
aETAdzjz_United States_A8D24E6933_08-04-2020 23.28.13/Log.txt 672 Bytes 1.32 KB Deflate False 2020-08-05 01:28 (UTC+2)
...
fd41cd2f48623ceb8d6d4fa774c80efa5c3f22c94bfd7a7c59543772b585d9a1 Downloaded File Text
Unknown
...
»
Parent File analysis.pcap
Mime Type text/plain
File Size 12 Bytes
MD5 5f61ad2e35e8d07aacb241664824725e Copy to Clipboard
SHA1 610a4f50b05d5f664c5cc47b6b3b86ca6cb4ced1 Copy to Clipboard
SHA256 fd41cd2f48623ceb8d6d4fa774c80efa5c3f22c94bfd7a7c59543772b585d9a1 Copy to Clipboard
SSDeep 3:gRtWu:g73 Copy to Clipboard
ImpHash -
Equation3_1 Embedded File Stream
Unknown
...
»
Parent File C:\Users\aETAdzjz\Desktop\tmpeml_attach_for_scan8939506995a312b8dcb233913095b87d.file.rtf
Mime Type application/octet-stream
File Size 438.07 KB
MD5 8ad0eab8ef36589282ada2209bfbb183 Copy to Clipboard
SHA1 9096a7591b526a27558f2b146fab44dfaecd36ea Copy to Clipboard
SHA256 936a70c027713d35f94d81ad93ab231e99cdff7b3ec20fb796e20187537301ac Copy to Clipboard
SSDeep 12288:6w+ZnsJr2UIHXzu2B+HgHJKEruCe5DIy9ZVAhMUhsEYw7SIr:br3IHqgJPruCgIyveMUhV5r Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image