Report - Лист вих. на 10.2021.docx

Word 2007 file format(docx)

ScreenShot

Info
Location map


Created	2021.09.16 09:41	Machine	s1_win7_x6402
Filename	Лист вих. на 10.2021.docx
Type	Microsoft Word 2007+
AI Score	Not founds	Behavior Score	2.4
ZERO API	file : clean
VT API (file)	2 detected (CVE-2017-0199, equmby, Probably Heur, W97OleLink)
md5	c7b9240f44af3ad5e22451618729d874
sha256	e8cc77fb98dcd5a3da22ff8269ea46a217e7c57958b28177bc10d742d737ef86
ssdeep	192:CtNC/Ym29vD7huX1/CVB0mRayOkqDs+GTjHpP2GPR0dipeg6pLiN/nZgl:aN82OX1/CEmRayl+sdfME90hpLgf+l
imphash
impfuzzy

Network IP location

Signature (6cnts)

Level	Description
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates (office) documents on the filesystem
notice	Creates hidden or system file
notice	File has been identified by 2 AntiVirus engines on VirusTotal as malicious
notice	Performs some HTTP requests
notice	Resolves a suspicious Top Level Domain (TLD)

Rules (1cnts)

Level	Name	Description	Collection
info	docx	Word 2007 file format detection	binaries (upload)

Network (5cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://navigation45.countries.hibigaru.ru/%D0%9F%D0%95%D0%A0%D0%92%D0%AB%D0%99/ whois			94.228.125.223		clean
http://navigation45.countries.hibigaru.ru/%D0%9F%D0%95%D0%A0%D0%92%D0%AB%D0%99/intention.abk whois			94.228.125.223		clean
http://navigation45.countries.hibigaru.ru/%D0%9F%D0%95%D0%A0%D0%92%D0%AB%D0%99 whois			94.228.125.223		clean
navigation45.countries.hibigaru.ru whois			94.228.125.223		clean
94.228.125.223 whois			94.228.125.223		clean

Suricata ids

Similarity measure (PE file only) - Checking for service failure