Malicious doc with Embedded SettingContent-ms | VMRay Analyzer Report
Logo
Try VMRay Analyzer
VTI SCORE: 91/100
Dynamic Analysis Report
Classification: Trojan

3c6a74d216e10e4ff158716cfa72984230995041c4bbb7596b8c8aaa461d76c5 (SHA256)

ggzn.doc

Word Document

Created at 2018-08-06 13:03:00

...

Top Threat Indicators (View all 4 threat indicators)

Category Operation Classification
File System Known malicious file Trojan
YARA YARA match -
Static Contains suspicious meta data -

Screenshots

Monitored Processes

Process Graph

Process Graph Legend

Analysis Information

Creation Time 2018-08-06 15:03 (UTC+2)
Analysis Duration 00:02:25
Number of Monitored Processes 1
Execution Successful True
Reputation Enabled True
WHOIS Enabled True
YARA Enabled True
Termination Reason Timeout
Tags
#SettingContentms #Deeplink

Sample Information

ID #1700025
MD5 bfff439fd127944fb77b11deaca2c1b2 Copy to Clipboard
SHA1 d72f22e0943ce68c1d69d77d9f5799f3fb540d61 Copy to Clipboard
SHA256 3c6a74d216e10e4ff158716cfa72984230995041c4bbb7596b8c8aaa461d76c5 Copy to Clipboard
SSDeep 768:NmTVK8U63Ys8mtCQRhAl2Bp3oEvuZ9v13t3wH+3P:NG48ms8mIQ/ASyEv09v13tt3P Copy to Clipboard
Filename ggzn.doc
File Size 37.37 KB
File Type Word Document
Has VBA Macros False

Analyzer Information

Dynamic Analyzer Build Date 2018-07-30 20:01 (UTC+2)
Dynamic Analyzer Version 2.3.1
Static Analyzer Version 1.0.0
VTI Ruleset Version 3.0
YARA Built-in Ruleset Version 1.0
Analysis Report Layout Version 3
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image