popup

Report - Indian Cyber Activity.docx

Word 2007 file format(docx) ZIP Format
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2024.08.12 17:29 Machine s1_win7_x6401
Filename Indian Cyber Activity.docx
Type Microsoft OOXML
AI Score Not founds Behavior Score
2.6
ZERO API file : clean
VT API (file) 3 detected (CVE-2017-0199, equmby, Probably Heur, W97OleLink, OMacro)
md5 3d9961991e7ae6ad2bae09c475a1bce8
sha256 a84b3dd5f7d29d8d257fdef0ede512ae09e6cd5be7681b9466a5c60f6f877c2b
ssdeep 6144:0zpuMrC2oYig5CHsYRVvtfEgyMSis18NGi8PwbyxiE0/ypN4:01uMnbC1VCXwR8PIKZzN4
imphash
impfuzzy
  Network IP location

Signature (6cnts)

Level Description
watch Libraries known to be associated with a CVE were requested (may be False Positive)
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice File has been identified by 3 AntiVirus engines on VirusTotal as malicious
notice Performs some HTTP requests

Rules (2cnts)

Level Name Description Collection
info docx Word 2007 file format detection binaries (upload)
info zip_file_format ZIP file format binaries (upload)

Network (5cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://x1.i.lencr.org/
whois
US Telenor Norge AS 23.52.33.11 clean
moittadvisory.pmd-offc.info
whois
LT Melbikomas UAB 213.183.55.52 clean
x1.i.lencr.org
whois
US Telenor Norge AS 23.52.33.11 clean
23.41.113.9
whois
US NTT DOCOMO, INC. 23.41.113.9 clean
213.183.55.52
whois
LT Melbikomas UAB 213.183.55.52 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure