RTF drops file to XLSTART | Network
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Trojan, Spyware

83b0d7926fb2c5bc0708d9201043107e8709d77f2cd2fb5cb7693b2d930378d2 (SHA256)

Invitation CBS 2018 .doc.rtf

RTF Document

Created at 2018-08-05 19:04:00

...
Hosts (3)
»
Hostname IP Address Location Protocols Reputation Status WHOIS Data
ipv4only.arpa 192.0.0.170 - UDP
Unknown
Show WHOIS
- 157.56.120.207 - UDP
Not Queried
Not Queried
- 51.144.52.224 - TCP
Not Queried
Not Queried
DNS Queries (1)
»
Hostname Categories Names Source Reputation Status
ipv4only.arpa - - PCAP
Unknown

Connections

DNS (1)
»
Operation Additional Information Success Count Logfile
Resolve Name host = ipv4only.arpa, address_out = 192.0.0.170 True 1 -
TCP Sessions (1)
»
Information Value
Total Data Sent 0.11 KB
Total Data Received 0.05 KB
Contacted Host Count 1
Contacted Hosts 51.144.52.224
TCP Session #1
»
Information Value
Source PCAP
Stream ID 9
Remote Address 51.144.52.224
Remote Port 443
Local Address 192.168.0.105
Local Port 49693
Data Sent 0.11 KB
Data Received 0.05 KB
Time Highest Layer Additional Information Success
95.844985 s TCP Data Sent: 0.05 KB, Data Received: 0.05 KB True
95.874100 s TCP Data Sent: 0.05 KB, Data Received: 0.00 KB False
UDP Sessions (2)
»
Total Data Sent 0.27 KB
Total Data Received 0.40 KB
Contacted Host Count 2
Contacted Hosts 157.56.120.207, 192.168.0.1
UDP Session #1
»
Information Value
Source PCAP
Stream ID 22
Remote Address 157.56.120.207
Remote Port 3544
Local Address 192.168.0.105
Local Port 58526
Data Sent 0.20 KB
Data Received 0.29 KB
Time Highest Layer Additional Information Success
29.464906 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
72.806422 s ICMPV6 Data Sent: 0.10 KB, Data Received: 0.15 KB True
UDP Session #2
»
Information Value
Source PCAP
Stream ID 55
Remote Address 192.168.0.1
Remote Port 53
Local Address 192.168.0.105
Local Port 60308
Data Sent 0.07 KB
Data Received 0.10 KB
Time Highest Layer Additional Information Success
51.963786 s DNS Data Sent: 0.07 KB, Data Received: 0.10 KB True
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image