Report - 조선 시장 물가 분석(회령).hwp

HWP PS PostScript MSOffice File Lnk Format GIF Format
ScreenShot
Created 2024.01.25 13:53 Machine s1_win7_x6403_us
Filename 조선 시장 물가 분석(회령).hwp
Type Hangul (Korean) Word Processor File 5.x
AI Score Not founds Behavior Score
1.6
ZERO API file : clean
VT API (file) 15 detected (Artemis, VSNW09A24, Detected, Phish, 5J5X1P, Rimw)
md5 54b3aa4b83e410f4bf28368d59a0711b
sha256 d1f81eaf48b878479065d9f04a252edca193bb0ffdd7734daad2103c17a637e9
ssdeep 1536:nPnEuKzbzkusKuYuPmAs6/COJjHXjMkgbGNZYB16:fEdYuswueAp/COtHzMkyk86
imphash
impfuzzy
  Network IP location

Signature (4cnts)

Level Description
watch File has been identified by 15 AntiVirus engines on VirusTotal as malicious
notice Creates a shortcut to an executable file
notice Creates executable files on the filesystem
info Checks if process is being debugged by a debugger

Rules (7cnts)

Level Name Description Collection
watch Win32_HWP_PostScript_Zero Detect a HWP with embedded Post Script code binaries (upload)
info HWP_file_format HWP Document File binaries (download)
info HWP_file_format HWP Document File binaries (upload)
info lnk_file_format Microsoft Windows Shortcut File Format binaries (download)
info Lnk_Format_Zero LNK Format binaries (download)
info Microsoft_Office_File_Zero Microsoft Office File binaries (download)
info Microsoft_Office_File_Zero Microsoft Office File binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids



Similarity measure (PE file only) - Checking for service failure