Edit tour
Windows
Analysis Report
1OKxfJHrBN.doc
Overview
General Information
Detection
Score: | 21 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 60% |
Signatures
Document embeds suspicious OLE2 link
Found detection on Joe Sandbox Cloud Basic
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Classification
Analysis Advice
Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior. |
No malicious behavior found, analyze the document also on other version of Office / Acrobat |
- System is w10x64
- WINWORD.EXE (PID: 6792 cmdline:
"C:\Progra m Files (x 86)\Micros oft Office \Office16\ WINWORD.EX E" /Automa tion -Embe dding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
- chrome.exe (PID: 7144 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA) - chrome.exe (PID: 6624 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1920 --fi eld-trial- handle=185 2,i,131425 8376578344 6949,18296 7861824956 1273,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- chrome.exe (PID: 4960 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http ://www.nav eencollege .com/ MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
Source: | Directory created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Memory has grown: |
Source: | HTTP traffic detected: |