popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

New Profits Distributions.docx

MSOffice File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us Oct. 13, 2021, 5:45 p.m. Oct. 13, 2021, 5:47 p.m.
Size 24.5KB
Type CDFV2 Encrypted
MD5 dec25c57bdc8c945ba975d0f693243cb
SHA256 a6c9e9a9a4a05249502dee5d21dc92b3cdd44a0d0f044678715a6ecd907a938c
CRC32 E6DBA4E2
ssdeep 384:FSrbBU+0iVgykPdl0Mr3BhHmJiQBOJxhoWpA4/v+VrKL638DqdO02dm:FMbBCtykPdNTPQBOJroWPvM18Dqd6m
Yara
  • Microsoft_Office_File_Zero - Microsoft Office File

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

file C:\Users\test22\AppData\Local\Temp\~$w Profits Distributions.docx
Time & API Arguments Status Return Repeated

NtCreateFile

 create_disposition: 5 (FILE_OVERWRITE_IF)
file_handle: 0x000004a8
filepath: C:\Users\test22\AppData\Local\Temp\~$w Profits Distributions.docx
desired_access: 0x40100080 (FILE_READ_ATTRIBUTES|SYNCHRONIZE|GENERIC_WRITE)
file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN)
filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$w Profits Distributions.docx
create_options: 4194400 (FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_NONALERT)
status_info: 2 (FILE_CREATED)
share_access: 0 ()
1 0 0
Lionic Trojan.MSOffice.Agent.4!c
Kaspersky HEUR:Trojan.MSOffice.Agent.gen
Time & API Arguments Status Return Repeated

NtProtectVirtualMemory

 process_identifier: 2284
stack_dep_bypass: 0
stack_pivoted: 0
heap_dep_bypass: 1
length: 4096
protection: 32 (PAGE_EXECUTE_READ)
base_address: 0x7ef80000
process_handle: 0xffffffff
1 0 0