popup

Report - algo agreement.docx

Doc XML Downloader Word 2007 file format(docx)
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2022.12.08 13:33 Machine s1_win7_x6402
Filename algo agreement.docx
Type Microsoft Word 2007+
AI Score Not founds Behavior Score
2.8
ZERO API file : clean
VT API (file) 11 detected (CVE-2017-0199, CVE170199, Eldorado, RemoteTemplateInj, equmby, Artemis, Detected, Embed, tempurl, Probably Heur, W97OleLink)
md5 9e4b9ff1f4ac3230244f31fd2759ee0b
sha256 b0e090c3dcbb61b9c7af8da1a691e399f11a02b0937533141a75bbfc72c85ceb
ssdeep 3072:LfXifP3IFQs5q0iYnlOlIcp71k1yCfAr8x7ueRfBJWKE8utm8x0uHAJIDlxqe9sI:TX4CQmqSnEtkyVQueR1F6HASfh9sI
imphash
impfuzzy
  Network IP location

Signature (7cnts)

Level Description
watch File has been identified by 11 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice An application raised an exception which may be indicative of an exploit crash
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice Performs some HTTP requests
info One or more processes crashed

Rules (2cnts)

Level Name Description Collection
warning Doc_XML_Downloader Detect a MS Office document with embedded XML Downloader binaries (upload)
info docx Word 2007 file format detection binaries (upload)

Network (5cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://outlooksyn.com/FpUCu5h6W2/R/YHXCCUK7bk34tzd6GA2AAAATqzjlQ4FwFifvY2EpuSOyN+L1n/16mONopqdw8+w6xh4qXcxhOLWxvIZbHxRr6y5A
whois
NL Zemlyaniy Dmitro Leonidovich 185.161.208.172 clean
http://outlooksyn.com/FpUCu5h6W2/R/YHXCCUK7bk34tzd6GA2AAAATqzjlQ4FwFifvY2EpuSOyN+L1n/16mONopqdw8+w6xh4qXcxhOLWxvIZbHxRr6y5A/
whois
NL Zemlyaniy Dmitro Leonidovich 185.161.208.172 clean
http://outlooksyn.com/FpUCu5h6W2/R/YHXCCUK7bk34tzd6GA2AAAATqzjlQ4FwFifvY2EpuSOyN+L1n/16mONopqdw8+w6xh4qXcxhOLWxvIZbHxRr6y5A/kdSgdL
whois
NL Zemlyaniy Dmitro Leonidovich 185.161.208.172 mailcious
outlooksyn.com
whois
NL Zemlyaniy Dmitro Leonidovich 185.161.208.172 mailcious
185.161.208.172
whois
NL Zemlyaniy Dmitro Leonidovich 185.161.208.172 mailcious

Suricata ids


Similarity measure (PE file only) - Checking for service failure