Report - Ops Afg post 9-11.doc

ScreenShot

Info
Location map


Created	2021.07.12 18:07	Machine	s1_win7_x6402
Filename	Ops Afg post 9-11.doc
Type	Rich Text Format data, version 1, unknown character set
AI Score	Not founds	Behavior Score	2.4
ZERO API	file : clean
VT API (file)	4 detected (T1221, CLASSIC, BadFile)
md5	9100c65e4ed1ccf2fd148a70ff21c97f
sha256	f98ac9d15be2d5a06e475b98c663b543ea5504df7a231a5b006031cfe9f440a0
ssdeep	1536:zNpVeQZ6R8aNlZ6u7irXVjqZJOwlq6DCHbFXKRTwdrJNYlVGyA:zXEQZ6RXlZ6umBqZ1lq6OVKBwdrJ+lV0
imphash
impfuzzy

Network IP location

Signature (6cnts)

Level	Description
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates (office) documents on the filesystem
notice	Creates hidden or system file
notice	File has been identified by 4 AntiVirus engines on VirusTotal as malicious
notice	Performs some HTTP requests
notice	RTF file has an unknown character set

Rules (0cnts)

Level	Name	Description	Collection

Network (5cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://designerzebra.com/services/ whois		LEASEWEB-USA-LAX-11	108.177.235.105		clean
http://designerzebra.com/services/check6 whois		LEASEWEB-USA-LAX-11	108.177.235.105		clean
http://designerzebra.com/services whois		LEASEWEB-USA-LAX-11	108.177.235.105		clean
designerzebra.com whois		LEASEWEB-USA-LAX-11	108.177.235.105		clean
108.177.235.105 whois		LEASEWEB-USA-LAX-11	108.177.235.105		clean

Suricata ids

Similarity measure (PE file only) - Checking for service failure