| Source: Network traffic |
Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.7:49790 |
| Source: Network traffic |
Suricata IDS: 2022930 - Severity 1 - ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow : 20.109.210.53:443 -> 192.168.2.7:49975 |
| Source: notepad.exe, 00000001.00000003.1313683575.000001DD6B251000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000001.00000002.2570826877.000001DD6B251000.00000004.00000020.00020000.00000000.sdmp, Headers.txt |
String found in binary or memory: https://info.nhanow.com/hs/subscription-preferences/v2/unsubscribe-all?data=W2nXS-N30h-H8W34gPnK3LG4 |
| Source: notepad.exe, 00000001.00000003.1313683575.000001DD6B251000.00000004.00000020.00020000.00000000.sdmp, notepad.exe, 00000001.00000002.2570826877.000001DD6B251000.00000004.00000020.00020000.00000000.sdmp, Headers.txt |
String found in binary or memory: https://policy.hubspot.com/abuse-complaints) |
| Source: classification engine |
Classification label: clean1.winTXT@1/0@0/0 |
| Source: C:\Windows\System32\notepad.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: mrmcorer.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: wldp.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: textshaping.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: efswrt.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: mpr.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: wintypes.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: oleacc.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: urlmon.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: iertutil.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: srvcli.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: netutils.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: propsys.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: policymanager.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11659a23-5884-4d1b-9cf6-67d6f4f90b36}\InProcServer32 |
Jump to behavior |
| Source: C:\Windows\System32\notepad.exe |
Queries volume information: C:\Users\user\Desktop\Headers.txt VolumeInformation |
Jump to behavior |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet