ScreenShot
| Created | 2021.07.12 09:44 | Machine | s1_win7_x6401 |
| Filename | 08388e25.png.doc | ||
| Type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last P | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | 39 detected (Agentb, GenericKD, Convagent, Save, ESOV, multiple detections, NOON, UHBAZCLOC, Bulz, kkyd, Black, ivcpha, PurpleFox, CLASSIC, Generic PUA BA, Malware@#t0l7i17zf0gb, Packed2, R002C0PFG21, VMProtect, rdoco, ASMalwS, kcloud, Tiggre, Malicious, score, ZedlaF, rG4@aWpFvhd, ai score=81, TScope, PossibleThreat) | ||
| md5 | b53accbf466304e55d3abdda94c1fe5d | ||
| sha256 | 0e723f0f68b2800366b5abea9fa863ae89fc327c795bb8c60cf8fe087ebcf8b3 | ||
| ssdeep | 24576:L6uDXXNLj04BMeRocDP1NadWsvF4e1LpDhkPTG4Mcgiwkew8vroUQGDXDNSnf6Bv:L/Xdci5ooOWyLpFeBRSw8vlQIzNSnf6l | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
| danger | File has been identified by 39 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates (office) documents on the filesystem |
| notice | Creates hidden or system file |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
