a7d5e07a...fa3f | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 94/100
Dynamic Analysis Report
Classification: -

Edwin Dewitt - CV.doc

Word Document

Created at 2019-07-26T16:45:00

...

Remarks (1/1)

(0x200002e). Some of the analysis artifacts were not scanned by local AV due to an error. Check logs or contact support for further info.

VMRay Threat Indicators (5 rules, 6 matches)

Severity Category Operation Count Classification
4/5
Process Tries to create process 2 -
  • Creates process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe".
    ...
4/5
YARA YARA match 1 -
  • Rule "JS_Eval" from ruleset "Generic" has matched on the embedded file "f2db835de6dd98cd3f8e9dffe664f3d879c3587737ba7196f76b3a00786f009a".
    ...
1/5
Static Contains suspicious meta data 1 -
1/5
Static Contains embedded files 1 -
1/5
Static Contains known suspicious class identifier 1 -
  • Office document contains suspicious class identifier "{F20DA720-C02F-11CE-927B-0800095AE340}" with IOCs.
    ...

Screenshots

Monitored Processes

Process Graph

Process Graph Legend

Sample Information

ID #125587
MD5 9101eab7cffc2c51521e487931351a27 Copy to Clipboard
SHA1 b84fb3dcd385ca64ca048d0f9eebb258931bd0bc Copy to Clipboard
SHA256 a7d5e07a01541e7f37a9843996b35e821cd5301749ad7ada36e32a9d4c84fa3f Copy to Clipboard
SSDeep 1536:NfOAUqlwiUsAxEt5sYSDRl31iaM6sY3DQ3yIu:NfOqzjtKYSleNYv1 Copy to Clipboard
Filename Edwin Dewitt - CV.doc
File Size 78.00 KB
Sample Type Word Document
Has VBA Macros False

Analysis Information

Creation Time 2019-07-26 18:45 (UTC+2)
Analysis Duration 00:04:27
Number of Monitored Processes 46
Execution Successful True
Reputation Enabled True
WHOIS Enabled False
Local AV Enabled True
YARA Enabled True
Number of AV Matches 0
Number of YARA Matches 2
Termination Reason Timeout
Tags
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image