popup

Report - INVESTIGATION_OF_SEXUAL_HARASSMENT.docx

ZIP Format Word 2007 file format(docx)
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.07.08 14:24 Machine s1_win7_x6402
Filename INVESTIGATION_OF_SEXUAL_HARASSMENT.docx
Type Microsoft OOXML
AI Score Not founds Behavior Score
2.6
ZERO API file : clean
VT API (file) 4 detected (Dotmer, CVE-2017-0199, equmby, Probably Heur, W97OleLink)
md5 9345d52abd5bab4320c1273eb2c90161
sha256 b72ac58d599e6e1080251b1ac45a521b33c08d7d129828a4e82a7095e9f93e53
ssdeep 24576:VoNQ1+/W3rFh9SgVD3rhsIcll1VjjSfeKLTnrvSOJh+zu8vOuW4ZhlQK9Wd:VoNQKW3rFh9l2hlHHBKLbrvhUiCOuWAK
imphash
impfuzzy
  Network IP location

Signature (7cnts)

Level Description
notice Allocates read-write-execute memory (usually to unpack itself)
notice An application raised an exception which may be indicative of an exploit crash
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice File has been identified by 4 AntiVirus engines on VirusTotal as malicious
notice Performs some HTTP requests
info One or more processes crashed

Rules (2cnts)

Level Name Description Collection
info docx Word 2007 file format detection binaries (upload)
info zip_file_format ZIP file format binaries (upload)

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://x1.i.lencr.org/
whois
US Telenor Norge AS 23.52.33.11 clean
https://investigation04.session-out.com/fbd901_harassment/doc.rtf
whois
IT Reti Telematiche Italiane S.p.A. (Retelit S.p.A.) 89.150.40.43 41091 mailcious
investigation04.session-out.com
whois
IT Reti Telematiche Italiane S.p.A. (Retelit S.p.A.) 89.150.40.43 mailcious
x1.i.lencr.org
whois
US Telenor Norge AS 23.52.33.11 clean
89.150.40.43
whois
IT Reti Telematiche Italiane S.p.A. (Retelit S.p.A.) 89.150.40.43 mailcious
23.41.113.9
whois
US NTT DOCOMO, INC. 23.41.113.9 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure