ScreenShot
Created | 2023.03.16 09:26 | Machine | s1_win7_x6403_us |
Filename | extracted_at_0x1d3ad.rtf | ||
Type | ASCII text, with CRLF line terminators | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | 09f98c652f59e9ccd00d91f500634c53 | ||
sha256 | f530bdfba58ebf5526838310acd1f29404a13a9c626d1a82cea22dfbb4d057da | ||
ssdeep | 3:geRUFgKXRXGXjDBUMdvnQBWAxeXHvGNaEn:VtnXjDBnvnQg1XeN3n | ||
imphash | |||
impfuzzy |
Network IP location
Signature (2cnts)
Level | Description |
---|---|
notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
notice | Creates hidden or system file |
Rules (1cnts)
Level | Name | Description | Collection |
---|---|---|---|
warning | MS_RTF_Suspicious_documents | Suspicious documents using RTF document OLE object | binaries (upload) |
Network (0cnts) ?
Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
---|