ScreenShot
| Created | 2021.10.08 11:54 | Machine | s1_win7_x6401 |
| Filename | Code_of_Conduct_2021.doc | ||
| Type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Auth | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : mailcious | ||
| VT API (file) | |||
| md5 | 8d1454096bc0e82042437d911d695a2c | ||
| sha256 | 175d13ee2b706361ae450c1705e92433216bdf52a40ea35312f4b2c393098954 | ||
| ssdeep | 6144:+7fZyHKQYIpyFR8hs4dAX5rnOAUbWtlwYC44u8XOqL5t6mEfzI/BzzRClBg+pr15:AuuIpkKhaQWMYD8eqtMmD/IYWH | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (4cnts)
| Level | Description |
|---|---|
| watch | Libraries known to be associated with a CVE were requested (may be False Positive) |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates (office) documents on the filesystem |
| notice | Creates hidden or system file |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | Malicious_Packer_Zero | Malicious Packer | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
| info | test_office | test url | scripts |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|