Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Sept. 9, 2021, 9:15 p.m.	Sept. 9, 2021, 9:18 p.m.

Size	23.6KB
Type	Microsoft OOXML
MD5	`55998cb43459159a5ed4511f00ff3fc8`
SHA256	`d0e1f97dbe2d0af9342e64d460527b088d85f96d38b1d1d4aa610c0987dca745`
CRC32	`E6ED6AC9`
ssdeep	`384:Q6UDg00MWEg9fPCPyH111/elBqhveoNHfn5yAehqbhtgyhdCxi556BjsbIwRq:QcMWE04uebyvNv5yHcttg6dwc5YQb5w`
Yara	None matched

WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office15\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\court.docx
2300

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

file	C:\Users\test22\AppData\Local\Temp\~$court.docx

Time & API	Arguments	Status	Return	Repeated
NtCreateFile Sept. 9, 2021, 9:15 p.m.	create_disposition: 5 (FILE_OVERWRITE_IF) file_handle: 0x00000490 filepath: C:\Users\test22\AppData\Local\Temp\~$court.docx desired_access: 0x40100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$court.docx create_options: 4194400 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 2 (FILE_CREATED) share_access: 0 ()	1	0	0

Time & API	Arguments	Status	Return	Repeated
NtProtectVirtualMemory Sept. 9, 2021, 9:15 p.m.	process_identifier: 2300 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 length: 4096 protection: 32 (PAGE_EXECUTE_READ) base_address: 0x7ef80000 process_handle: 0xffffffff	1	0	0

Lionic	Trojan.MSOffice.Agent.4!c
McAfee	W97M/Downloader.dsf
BitDefender	Trojan.GenericKD.46912127
Arcabit	Trojan.Generic.D2CBD27F
Cyren	XML/Downldr.BE
Symantec	Trojan Horse
ESET-NOD32	DOC/TrojanDownloader.Agent.DHY
TrendMicro-HouseCall	Trojan.W97M.CVE202140444.A
Avast	Other:Malware-gen [Trj]
Kaspersky	Trojan-Downloader.MSOffice.Agent.cz
Alibaba	TrojanDownloader:Office97/Donoff.27025f3f
NANO-Antivirus	Exploit.Xml.CVE-2017-0199.equmby
ViRobot	DOC.S.ExDownloader.24178
MicroWorld-eScan	Trojan.GenericKD.46912127
Ad-Aware	Trojan.GenericKD.46912127
Emsisoft	Trojan.GenericKD.46912127 (B)
DrWeb	W97M.DownLoader.5398
TrendMicro	Trojan.W97M.CVE202140444.A
McAfee-GW-Edition	Artemis!Trojan
FireEye	Trojan.GenericKD.46912127
Sophos	Exp/2140444-A
Ikarus	Exploit.CVE-2021-40444
GData	XML.Trojan.Agent.FII1ZR
Microsoft	TrojanDownloader:O97M/Donoff.SA
AhnLab-V3	Downloader/DOC.External
MAX	malware (ai score=84)
Tencent	Office.Trojan.Agent.Swbh
Fortinet	HTML/CVE202140444.06F3!tr
AVG	Other:Malware-gen [Trj]

court.docx