MALICIOUS
62
Risk Score
Malware Insights
MITRE ATT&CK
T1059.007 JavaScript
T1203 Exploitation for Client Execution
T1566.001 Spearphishing Attachment
The sample contains embedded URLs and JavaScript code that attempts to exploit browser vulnerabilities and download additional content. The heuristic firing for URLDownloadToFile API indicates a direct attempt to download files from the internet. The JavaScript code dynamically generates iframe elements and attempts to instantiate ActiveX objects, suggesting an effort to exploit browser features for malicious purposes, likely to download and execute a second-stage payload.
Heuristics 2
-
Reference to URLDownloadToFile API critical SC_STR_URLDOWNLOADReference to URLDownloadToFile API
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://mybestcounter.net/progstats/index.php?UniqCook=
- http://www.daolao.ru/Confucius/Pound/it
- http://x-globstat.cc/adsview/a63?tip=user
- http://bid-assist.org/inst/index.php?id=002
- http://www.climbingthewall.info/d/wm017/counter21.php
- http://prolnx.info/lc1008.html
- http://prolnx.info/
- http://prolnx.info/?id=1008&t=other&o=2
- http://prolnx.info/?id=1008&t=other&o=4
- http://www.victim.com/vuln_image_library.asp
- http://count17.51yes.com/click.aspx?id=171044941&logo=1
- http://www.google.cn/search?num=100&hl=zh-CN&lr=lang_en&cr=countryUS&newwindow=1&as_qdr=all&
Open this report in the interactive analyzer, or submit your own file for analysis.