popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Лист вих. на 10.2021.docx

Word 2007 file format(docx)
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6402 Sept. 16, 2021, 9:38 a.m. Sept. 16, 2021, 9:41 a.m.
Size 13.2KB
Type Microsoft Word 2007+
MD5 c7b9240f44af3ad5e22451618729d874
SHA256 e8cc77fb98dcd5a3da22ff8269ea46a217e7c57958b28177bc10d742d737ef86
CRC32 07686038
ssdeep 192:CtNC/Ym29vD7huX1/CVB0mRayOkqDs+GTjHpP2GPR0dipeg6pLiN/nZgl:aN82OX1/CEmRayl+sdfME90hpLgf+l
Yara
  • docx - Word 2007 file format detection

Name Response Post-Analysis Lookup
navigation45.countries.hibigaru.ru
A 94.228.125.223
94.228.125.223
IP Address Status Action
164.124.101.2 Active Moloch
94.228.125.223 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

request OPTIONS http://navigation45.countries.hibigaru.ru/%D0%9F%D0%95%D0%A0%D0%92%D0%AB%D0%99/
request HEAD http://navigation45.countries.hibigaru.ru/%D0%9F%D0%95%D0%A0%D0%92%D0%AB%D0%99/intention.abk
request OPTIONS http://navigation45.countries.hibigaru.ru/%D0%9F%D0%95%D0%A0%D0%92%D0%AB%D0%99
request PROPFIND http://navigation45.countries.hibigaru.ru/%D0%9F%D0%95%D0%A0%D0%92%D0%AB%D0%99
request GET http://navigation45.countries.hibigaru.ru/%D0%9F%D0%95%D0%A0%D0%92%D0%AB%D0%99/intention.abk
domain navigation45.countries.hibigaru.ru description Russian Federation domain TLD
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2488
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x69eaa000
process_handle: 0xffffffff
1 0 0

NtProtectVirtualMemory

 process_identifier: 2488
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 0
length: 4096
protection: 64 (PAGE_EXECUTE_READWRITE)
base_address: 0x69744000
process_handle: 0xffffffff
1 0 0
file C:\Users\test22\AppData\Local\Temp\~$ст вих. на 10.2021.docx
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x0000044c
filepath: C:\Users\test22\AppData\Local\Temp\~$ст вих. на 10.2021.docx
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$ст вих. на 10.2021.docx
create_options: 4194400 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
NANO-Antivirus Exploit.Xml.CVE-2017-0199.equmby
Zoner Probably Heur.W97OleLink