ScreenShot
Created | 2021.07.12 09:44 | Machine | s1_win7_x6401 |
Filename | 08388e25.png.doc | ||
Type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last P | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : mailcious | ||
VT API (file) | 39 detected (Agentb, GenericKD, Convagent, Save, ESOV, multiple detections, NOON, UHBAZCLOC, Bulz, kkyd, Black, ivcpha, PurpleFox, CLASSIC, Generic PUA BA, Malware@#t0l7i17zf0gb, Packed2, R002C0PFG21, VMProtect, rdoco, ASMalwS, kcloud, Tiggre, Malicious, score, ZedlaF, rG4@aWpFvhd, ai score=81, TScope, PossibleThreat) | ||
md5 | b53accbf466304e55d3abdda94c1fe5d | ||
sha256 | 0e723f0f68b2800366b5abea9fa863ae89fc327c795bb8c60cf8fe087ebcf8b3 | ||
ssdeep | 24576:L6uDXXNLj04BMeRocDP1NadWsvF4e1LpDhkPTG4Mcgiwkew8vroUQGDXDNSnf6Bv:L/Xdci5ooOWyLpFeBRSw8vlQIzNSnf6l | ||
imphash | |||
impfuzzy |
Network IP location
Signature (6cnts)
Level | Description |
---|---|
danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
watch | Communicates with host for which no DNS query was performed |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Creates (office) documents on the filesystem |
notice | Creates hidden or system file |
Rules (1cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |