popup

Report - 73cceb_b5b6005e2aa74cf48cd55dca1a2ff093.docx

ZIP Format Word 2007 file format(docx)
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2023.08.04 09:20 Machine s1_win7_x6401
Filename 73cceb_b5b6005e2aa74cf48cd55dca1a2ff093.docx
Type Microsoft Word 2007+
AI Score Not founds Behavior Score
2.4
ZERO API file : malware
VT API (file) 29 detected (Dotmer, GenericKD, CVE-2017-0199, DOCX, Camelot, Subdoc, 0NA104EM23, RemoteTemplateInj, equmby, AGYV, Artemis, ai score=87, Embed, oleurl, PRCA, Detected, External, Probably Heur, W97OleLink)
md5 9932fab98f2c021632045d04966db4fd
sha256 db1185f24c56cadec1c85a33b0efeb2d803ff00abf4c9df1e00d860683068415
ssdeep 192:nmz+IH1eQyUwHpj0w1sPbxbnb25bv/0PdvwOfw5Ie9e8ebWqgj:+BVeTHpwCsDRbSGwmw5IX86tq
imphash
impfuzzy
  Network IP location

Signature (5cnts)

Level Description
warning File has been identified by 29 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice Performs some HTTP requests

Rules (2cnts)

Level Name Description Collection
info docx Word 2007 file format detection binaries (upload)
info zip_file_format ZIP file format binaries (upload)

Network (4cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
https://huskidkifklaoksikfkfijsju.blogspot.com/atom.xml
whois
US GOOGLE 142.250.199.65 clean
https://huskidkifklaoksikfkfijsju.blogspot.com/
whois
US GOOGLE 142.250.199.65 clean
huskidkifklaoksikfkfijsju.blogspot.com
whois
US GOOGLE 142.250.206.193 clean
142.250.199.65
whois
US GOOGLE 142.250.199.65 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure