a14e514ddfc3a921c5a9e2fc9b931bc734b4927fa9d4b011ab77f9e46da50b34 (SHA256)
Order_Payroll_81154032.doc
Created at 2019-02-06 16:40:00
Notifications (1/1)
The overall sleep time of all monitored processes was truncated from "20 seconds" to "10 seconds" to reveal dormant functionality.
Severity | Category | Operation | Classification | |
---|---|---|---|---|
5/5
|
Anti Analysis | Tries to detect virtual machine | - | |
|
||||
5/5
|
Anti Analysis | Makes direct system call to possibly evade hooking based sandboxes | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
5/5
|
Injection | Writes into the memory of another running process | - | |
|
||||
5/5
|
Injection | Writes into the memory of a process running from a created or modified executable | - | |
|
||||
|
||||
5/5
|
Injection | Modifies control flow of a process running from a created or modified executable | - | |
|
||||
|
||||
4/5
|
Process | Creates process | - | |
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
4/5
|
Process | Reads from memory of another process | - | |
|
||||
|
||||
|
||||
4/5
|
OS | Disables a crucial system service | - | |
|
||||
|
||||
4/5
|
Network | Downloads data | Downloader | |
|
||||
3/5
|
Network | Connects to remote host | - | |
|
||||
3/5
|
PE | Executes dropped PE file | - | |
|
||||
3/5
|
YARA | YARA match | - | |
|
||||
|
||||
2/5
|
Network | Connects to HTTP server | - | |
|
||||
2/5
|
PE | Drops PE file | Dropper | |
|
||||
2/5
|
VBA Macro | Executes macro on specific worksheet event | - | |
|
||||
2/5
|
VBA Macro | Creates suspicious COM object | - | |
|
||||
1/5
|
Process | Creates system object | - | |
|
||||
|
||||
1/5
|
Static | Unparsable sections in file | - | |
|
||||
1/5
|
VBA Macro | Contains Office macro | - | |
|