RTF Doc. Uses CVE-2017-8759 Exploit to Execute Code | VMRay | VTI by Category
Try VMRay Analyzer
VTI Information
VTI Score
96 / 100
VTI Database Version 2.6
VTI Rule Match Count 11
VTI Rule Type Documents
Detected Threats
Arrow Device
Arrow
Monitor keyboard input
Frequently read the state of a keyboard key by API.
Arrow Network
Arrow
Download data
URL "www.samyrai777m.p-host.in/t/tp.php?thread=0".
Arrow
Perform DNS request
Resolve host name "www.samyrai777m.p-host.in".
Arrow
Connect to remote host
Outgoing TCP connection to host "185.211.244.133:80".
Arrow
Connect to HTTP server
URL "www.samyrai777m.p-host.in/t/tp.php?thread=0".
Arrow Process
Arrow
Create process
Create process ""C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\aETAdzjz\AppData\Local\Temp\91rxrejg.cmdline"".
Create process "C:\Windows\System32\mshta.exe".
Create process "C:\Windows\SYSteM32\windowspOweRSHeLL\V1.0\PoWErSHELL.Exe".
Create process ""C:\Windows\system32\taskkill.exe" /f /im winword.exe".
Arrow
Execute encoded PowerShell script
Execute encoded PowerShell script to possibly hide malicious payload.
Arrow
Create system object
Create mutex with name "Global\.net clr networking".
Create mutex with name "Local\!PrivacIE!SharedMemory!Mutex".
- Anti Analysis
- Browser
- OS
- File System
- Hide Tracks
- Information Stealing
- Injection
- Kernel
- Masquerade
- PE
- Persistence
- User
- VBA Macro
- YARA
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image