Edit tour
Windows
Analysis Report
1OKxfJHrBN.doc
Overview
General Information
| Sample Name: | 1OKxfJHrBN.doc |
| Original Sample Name: | ba709c69ec263ef09b599307e5ad4402e7bb8b49991a58cdc16ba21289112ac3 |
| Analysis ID: | 1311693 |
| MD5: | ec2a6d3f0877860809def944731f845e |
| SHA1: | ce213f0757189ce6a39ef9b6e4344bdc55146406 |
| SHA256: | ba709c69ec263ef09b599307e5ad4402e7bb8b49991a58cdc16ba21289112ac3 |
| Infos: | |
 | |
Detection
| Score: | 21 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 60% |
Signatures
Document embeds suspicious OLE2 link
Found detection on Joe Sandbox Cloud Basic
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Classification
Analysis Advice
| Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior. |
| No malicious behavior found, analyze the document also on other version of Office / Acrobat |
- System is w10x64
WINWORD.EXE (PID: 6792 cmdline: "C:\Progra m Files (x 86)\Micros oft Office \Office16\ WINWORD.EX E" /Automa tion -Embe dding MD5: 0B9AB9B9C4DE429473D6450D4297A123)
chrome.exe (PID: 7144 cmdline: C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" --sta rt-maximiz ed "about: blank MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA) - chrome.exe (PID: 6624 cmdline:
"C:\Progra m Files\Go ogle\Chrom e\Applicat ion\chrome .exe" --ty pe=utility --utility -sub-type= network.mo jom.Networ kService - -lang=en-U S --servic e-sandbox- type=none --mojo-pla tform-chan nel-handle =1920 --fi eld-trial- handle=185 2,i,131425 8376578344 6949,18296 7861824956 1273,26214 4 --disabl e-features =Optimizat ionGuideMo delDownloa ding,Optim izationHin ts,Optimiz ationHints Fetching,O ptimizatio nTargetPre diction /p refetch:8 MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- chrome.exe (PID: 4960 cmdline:
C:\Program Files\Goo gle\Chrome \Applicati on\chrome. exe" "http ://www.nav eencollege .com/ MD5: 8D1C4713ACB7CC2AAAEE4477C58A80BA)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
| Source: | Directory created: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Memory has grown: | ||
| Source: | HTTP traffic detected: | ||