Report - extracted_at_0x1d3ad.rtf

MS_RTF_Obfuscation_Objects
ScreenShot
Created 2023.03.16 09:26 Machine s1_win7_x6403_us
Filename extracted_at_0x1d3ad.rtf
Type ASCII text, with CRLF line terminators
AI Score Not founds Behavior Score
0.8
ZERO API file : clean
VT API (file)
md5 09f98c652f59e9ccd00d91f500634c53
sha256 f530bdfba58ebf5526838310acd1f29404a13a9c626d1a82cea22dfbb4d057da
ssdeep 3:geRUFgKXRXGXjDBUMdvnQBWAxeXHvGNaEn:VtnXjDBnvnQg1XeN3n
imphash
impfuzzy
  Network IP location

Signature (2cnts)

Level Description
notice Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice Creates hidden or system file

Rules (1cnts)

Level Name Description Collection
warning MS_RTF_Suspicious_documents Suspicious documents using RTF document OLE object binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids



Similarity measure (PE file only) - Checking for service failure