Edit tour
Windows
Analysis Report
Chapter 4 Test 4A--2013-2014.doc
Overview
General Information
| Sample name: | Chapter 4 Test 4A--2013-2014.doc (renamed file extension from doc (HS-439-27423) to doc) |
| Original sample name: | Chapter 4 Test 4A--2013-2014.doc (HS-439-27423) |
| Analysis ID: | 1428864 |
| MD5: | 56e35d09e7579ef1741ec069a6181ff1 |
| SHA1: | 079e55a9cf75724ae89dce3e324467acac21ab72 |
| SHA256: | bbe1a7e68ed8344e33aed458b3cd5e7e739311ae864b7154964e6d4527e444aa |
| Infos: |  |
 | |
Errors
| |
Detection
| Score: | 56 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Document contains Microsoft Equation 3.0 OLE entries
Document contains an ObjectPool stream indicating possible embedded files or OLE objects
Classification
- System is w7x64
WINWORD.EXE (PID: 1068 cmdline: "C:\Progra m Files\Mi crosoft Of fice\Offic e14\WINWOR D.EXE" /Au tomation - Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
- cleanup
⊘No configs have been found
⊘No yara matches
| Source: | Author: Nasreddine Bencherchali (Nextron Systems): | ||
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira: | ||
| Source: | Avira: | ||
| Source: | Stream path 'ObjectPool/_1160885555/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160885643/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890263/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890468/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890548/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890606/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890641/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1286867940/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1286868111/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160885555/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160885643/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890263/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890468/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890548/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890606/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1160890641/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1286867940/\x1CompObj' : | ||
| Source: | Stream path 'ObjectPool/_1286868111/\x1CompObj' : | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, ObjectPool: | ||
| Source: | OLE indicator, ObjectPool: | ||
| Source: | Classification label: | ||
| Source: | File created: | Jump to behavior | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE indicator, Word Document stream: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | OLE document summary: | ||
| Source: | File read: | Jump to behavior | ||
| Source: | Window detected: | ||
| Source: | Key opened: | Jump to behavior | ||
| Source: | File opened: | Jump to behavior | ||
| Source: | Initial sample: | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Source: | Process information set: | Jump to behavior | ||
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | Path Interception | Path Interception | Direct Volume Access | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 1 Ingress Tool Transfer | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
| Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | 1 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
InternetThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | EXP/CVE-2018-0798.Gen |
| Source | Detection | Scanner | Label | Link |
|---|---|---|---|---|
| 100% | Avira | EXP/CVE-2018-0798.Gen |
⊘No Antivirus matches
⊘No Antivirus matches
⊘No Antivirus matches
| Joe Sandbox version: | 40.0.0 Tourmaline |
| Analysis ID: | 1428864 |
| Start date and time: | 2024-04-19 18:37:37 +02:00 |
| Joe Sandbox product: | CloudBasic |
| Overall analysis duration: | 0h 2m 56s |
| Hypervisor based Inspection enabled: | false |
| Report type: | full |
| Cookbook file name: | defaultwindowsofficecookbook.jbs |
| Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
| Number of analysed new started processes analysed: | 2 |
| Number of new started drivers analysed: | 0 |
| Number of existing processes analysed: | 0 |
| Number of existing drivers analysed: | 0 |
| Number of injected processes analysed: | 0 |
| Technologies: |
|
| Analysis Mode: | default |
| Analysis stop reason: | Timeout |
| Sample name: | Chapter 4 Test 4A--2013-2014.doc (renamed file extension from doc (HS-439-27423) to doc) |
| Original Sample Name: | Chapter 4 Test 4A--2013-2014.doc (HS-439-27423) |
| Detection: | MAL |
| Classification: | mal56.winDOC@1/5@0/0 |
| EGA Information: | Failed |
| HCA Information: |
|
| Cookbook Comments: |
|
- Corrupt sample or wrongly selected analyzer.
- Exclude process from analysis (whitelisted): dllhost.exe
- Report size getting too big, too many NtQueryValueKey calls found.
- VT rate limit hit for: Chapter 4 Test 4A--2013-2014.doc
⊘No simulations
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AD083452-12AD-436F-8C6B-DC3A21245609}.tmp
Download File
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 1024 |
| Entropy (8bit): | 0.05390218305374581 |
| Encrypted: | false |
| SSDEEP: | 3:ol3lYdn:4Wn |
| MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
| SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
| SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
| SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 55296 |
| Entropy (8bit): | 4.736527267187577 |
| Encrypted: | false |
| SSDEEP: | 384:eKz6bHUvOKr1oGHVtrhG+WstrhG+WIa3mk7YMf+HHDwpZkJyibPVs9a3OzBzDrZz:eKz6Y1HHVFk+WsFk+WzDzBzDVP43r |
| MD5: | 56E35D09E7579EF1741EC069A6181FF1 |
| SHA1: | 079E55A9CF75724AE89DCE3E324467ACAC21AB72 |
| SHA-256: | BBE1A7E68ED8344E33AED458B3CD5E7E739311AE864B7154964E6D4527E444AA |
| SHA-512: | 9EFDA0D4B4839ED470B11F4031AA23A1A7C8358B86F800FAD524218F98691A793F359CC6AB8B15831253992C15515C92EF7147578A29A6A7DA5117E4D6637425 |
| Malicious: | true |
| Antivirus: |
|
| Reputation: | low |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 26 |
| Entropy (8bit): | 3.95006375643621 |
| Encrypted: | false |
| SSDEEP: | 3:ggPYV:rPYV |
| MD5: | 187F488E27DB4AF347237FE461A079AD |
| SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
| SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
| SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 512 |
| Entropy (8bit): | 0.0 |
| Encrypted: | false |
| SSDEEP: | 3:: |
| MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
| SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
| SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
| SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
| Malicious: | false |
| Reputation: | high, very likely benign file |
| Preview: |
| Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| File Type: | |
| Category: | dropped |
| Size (bytes): | 162 |
| Entropy (8bit): | 2.4797606462020307 |
| Encrypted: | false |
| SSDEEP: | 3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l |
| MD5: | 2CF7D3B8DED3F1D5CE1AC92F3E51D4ED |
| SHA1: | 95E13378EA9CACA068B2687F01E9EF13F56627C2 |
| SHA-256: | 60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1 |
| SHA-512: | 2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A |
| Malicious: | false |
| Reputation: | moderate, very likely benign file |
| Preview: |
| File type: | |
| Entropy (8bit): | 4.736527267187577 |
| TrID: |
|
| File name: | Chapter 4 Test 4A--2013-2014.doc |
| File size: | 55'296 bytes |
| MD5: | 56e35d09e7579ef1741ec069a6181ff1 |
| SHA1: | 079e55a9cf75724ae89dce3e324467acac21ab72 |
| SHA256: | bbe1a7e68ed8344e33aed458b3cd5e7e739311ae864b7154964e6d4527e444aa |
| SHA512: | 9efda0d4b4839ed470b11f4031aa23a1a7c8358b86f800fad524218f98691a793f359cc6ab8b15831253992c15515c92ef7147578a29a6a7da5117e4d6637425 |
| SSDEEP: | 384:eKz6bHUvOKr1oGHVtrhG+WstrhG+WIa3mk7YMf+HHDwpZkJyibPVs9a3OzBzDrZz:eKz6Y1HHVFk+WsFk+WzDzBzDVP43r |
| TLSH: | 3A43C6806B52DE03F16B363588E7C70D3625ED58DD22875B3389BB2EAEFB5512D02358 |
| File Content Preview: | ........................>...................................................................................................................................................................................................................................... |
 | |
| Icon Hash: | 2764a3aaaeb7bdbf |
| Document Type: | OLE |
| Number of OLE Files: | 1 |
| Has Summary Info: | |
| Application Name: | None |
| Encrypted Document: | False |
| Contains Word Document Stream: | True |
| Contains Workbook/Book Stream: | False |
| Contains PowerPoint Document Stream: | False |
| Contains Visio Document Stream: | False |
| Contains ObjectPool Stream: | True |
| Flash Objects Count: | 0 |
| Contains VBA Macros: | False |
| Document Code Page: | 1252 |
| Number of Lines: | 9 |
| Number of Paragraphs: | 2 |
| Thumbnail Scaling Desired: | False |
| Company: | |
| Contains Dirty Links: | False |
| Shared Document: | False |
| Changed Hyperlinks: | False |
| Application Version: | 786432 |
General | |
| Stream Path: | \x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 121 |
| Entropy: | 4.363740497830706 |
| Base64 Encoded: | True |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . F ' . . . M i c r o s o f t O f f i c e W o r d 9 7 - 2 0 0 3 D o c u m e n t . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . 9 q . . . . . . . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 27 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 57 6f 72 64 20 39 37 2d 32 30 30 33 20 44 6f 63 75 6d 65 6e 74 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | \x5DocumentSummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 372 |
| Entropy: | 3.119945438322793 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . D . . . . . . . . . . . h . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . . L C H S . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . . N a m e _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ |
| Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 44 01 00 00 0c 00 00 00 01 00 00 00 68 00 00 00 0f 00 00 00 70 00 00 00 05 00 00 00 80 00 00 00 06 00 00 00 88 00 00 00 11 00 00 00 90 00 00 00 17 00 00 00 98 00 00 00 0b 00 00 00 a0 00 00 00 10 00 00 00 a8 00 00 00 13 00 00 00 b0 00 00 00 |
General | |
| Stream Path: | \x5SummaryInformation |
| CLSID: | |
| File Type: | data |
| Stream Size: | 508 |
| Entropy: | 2.8632847729957636 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . . . . |
| Data Raw: | fe ff 00 00 06 01 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 cc 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 |
General | |
| Stream Path: | 1Table |
| CLSID: | |
| File Type: | data |
| Stream Size: | 7763 |
| Entropy: | 5.839469306066853 |
| Base64 Encoded: | True |
| Data ASCII: | ^ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 |
| Data Raw: | 5e 04 15 00 12 00 01 00 0b 01 0f 00 07 00 00 00 00 00 00 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 |
General | |
| Stream Path: | Data |
| CLSID: | |
| File Type: | dBase III DBT, version number 0, next free block index 557, 1st item "\016\346\355\001\307\035#\023\223RpeqIj.\210\307\305\240\310\320\005V\014"\376|\026b\320t:Q\216\036&\314`\375" |
| Stream Size: | 12177 |
| Entropy: | 6.745534441076183 |
| Base64 Encoded: | True |
| Data ASCII: | - . . . D . d . . . . . . . . . . . . . . . . . . . . . . h . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . J . . . . . . . . . . . . . . . . . C . . . . . . . A . . . . ? . . . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . 2 . . . . . . . . . I n . . n U Q . k . . . . . . . D . . . . . . . ` ! . c . . . . . I n . . n U Q : . . . . . . . . . . . ` . . . @ . . . . . | . . 1 . . . . x c d d ` ` e d ` ` b a . . V d . . , F Y z . P 1 n : . & . . 6 ! K A ? H 1 |
| Data Raw: | 2d 02 00 00 44 00 64 00 00 00 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 fc 03 68 01 e8 03 e8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 4a 00 00 00 b2 04 0a f0 08 00 00 00 01 04 00 00 00 0a 00 00 43 00 0b f0 18 00 00 00 04 41 01 00 00 00 3f 01 00 00 06 00 bf 01 0c 00 1f 00 ff 01 00 00 08 00 13 00 22 f1 |
General | |
| Stream Path: | ObjectPool/_1160885555/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 102 |
| Entropy: | 5.364993171803678 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E q u a t i o n 3 . 0 . . . . . D S E q . @ . + . 3 . . . W , | ! . T j L | + . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 71 75 61 74 69 6f 6e 20 33 2e 30 00 0c 00 00 00 44 53 20 45 71 c5 1c 40 da 88 2b 81 91 8b 07 a4 33 b7 12 c6 9f c0 05 e2 57 c1 f9 2c 9c a8 7c 21 16 54 f5 6a 4c a8 7c 2b 06 08 1f |
General | |
| Stream Path: | ObjectPool/_1160885555/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.8475846798245739 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | ObjectPool/_1160885555/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 4 |
| Entropy: | 0.8112781244591328 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . |
| Data Raw: | 00 00 03 00 |
General | |
| Stream Path: | ObjectPool/_1160885555/Equation Native |
| CLSID: | |
| File Type: | Matlab v4 mat-file (little endian) \264\376\026, rows 3250388994, columns 91 |
| Stream Size: | 119 |
| Entropy: | 3.6802979262348687 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . [ . . . . . . . H . . . . . . . . . . . . . . . . ( . . 5 . . x . . . . . . . . . 2 . . . . . y |
| Data Raw: | 1c 00 00 00 02 00 bd c1 5b 00 00 00 00 00 00 00 48 b2 15 00 b4 fe 16 00 00 00 00 00 03 01 01 03 01 0a 01 02 82 28 00 02 88 35 00 12 83 78 00 03 0f 00 00 0b 11 01 02 88 32 00 00 00 0a 12 83 79 |
General | |
| Stream Path: | ObjectPool/_1160885643/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 102 |
| Entropy: | 4.16737863098246 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E q u a t i o n 3 . 0 . . . . . D S E q . . . . . . . . . . . . . . C . . . . . . . A . . . . ? . . . . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 71 75 61 74 69 6f 6e 20 33 2e 30 00 0c 00 00 00 44 53 20 45 71 b2 04 0a f0 08 00 00 00 05 04 00 00 00 0a 00 00 43 00 0b f0 18 00 00 00 04 41 05 00 00 00 3f 01 00 00 06 00 bf 01 |
General | |
| Stream Path: | ObjectPool/_1160885643/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.8475846798245739 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | ObjectPool/_1160885643/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 4 |
| Entropy: | 0.8112781244591328 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . |
| Data Raw: | 00 00 03 00 |
General | |
| Stream Path: | ObjectPool/_1160885643/Equation Native |
| CLSID: | |
| File Type: | Matlab v4 mat-file (little endian) \324\034\026, rows 3250388994, columns 117 |
| Stream Size: | 145 |
| Entropy: | 3.6490479262348687 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . u . . . . . . . ` . . . . . . . . . . . . . . . . . ( . . a . . b . . . . . . . . . 2 . . . . . ) |
| Data Raw: | 1c 00 00 00 02 00 bd c1 75 00 00 00 00 00 00 00 60 f8 15 00 d4 1c 16 00 00 00 00 00 03 01 01 03 01 0a 01 02 82 28 00 12 83 61 00 12 83 62 00 03 0f 00 00 0b 11 01 02 88 32 00 00 00 0a 02 82 29 |
General | |
| Stream Path: | ObjectPool/_1160890263/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 102 |
| Entropy: | 4.072529978795036 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E q u a t i o n 3 . 0 . . . . . D S E q |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 71 75 61 74 69 6f 6e 20 33 2e 30 00 0c 00 00 00 44 53 20 45 71 |
General | |
| Stream Path: | ObjectPool/_1160890263/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.8475846798245739 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | ObjectPool/_1160890263/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 4 |
| Entropy: | 0.8112781244591328 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . |
| Data Raw: | 00 00 03 00 |
General | |
| Stream Path: | ObjectPool/_1160890263/Equation Native |
| CLSID: | |
| File Type: | Matlab v4 mat-file (little endian) \264\376\026, rows 3250388994, columns 52 |
| Stream Size: | 80 |
| Entropy: | 3.6238972938217935 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . 4 . . . . . . . H . . . . . . . . . . . . . . . . ( . . 4 . . x . . . . . . . . . 2 . . . . . ) |
| Data Raw: | 1c 00 00 00 02 00 bd c1 34 00 00 00 00 00 00 00 48 b6 15 00 b4 fe 16 00 00 00 00 00 03 01 01 03 01 0a 01 02 82 28 00 02 88 34 00 12 83 78 00 03 0f 00 00 0b 11 01 02 88 32 00 00 00 0a 02 82 29 |
General | |
| Stream Path: | ObjectPool/_1160890468/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 102 |
| Entropy: | 5.364993171803678 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E q u a t i o n 3 . 0 . . . . . D S E q . @ . + . 3 . . . W , | ! . T j L | + . . . |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 71 75 61 74 69 6f 6e 20 33 2e 30 00 0c 00 00 00 44 53 20 45 71 c5 1c 40 da 88 2b 81 91 8b 07 a4 33 b7 12 c6 9f c0 05 e2 57 c1 f9 2c 9c a8 7c 21 16 54 f5 6a 4c a8 7c 2b 06 08 1f |
General | |
| Stream Path: | ObjectPool/_1160890468/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.8475846798245739 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | ObjectPool/_1160890468/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 4 |
| Entropy: | 0.8112781244591328 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . |
| Data Raw: | 00 00 03 00 |
General | |
| Stream Path: | ObjectPool/_1160890468/Equation Native |
| CLSID: | |
| File Type: | Matlab v4 mat-file (little endian) \244\016\027, rows 3250388994, columns 109 |
| Stream Size: | 137 |
| Entropy: | 3.6121021766004895 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . m . . . . . . . h . . . . . . . . . . . . . . . . . 6 . . r . . . . . . . . . 2 . . . . . ( . . 2 |
| Data Raw: | 1c 00 00 00 02 00 bd c1 6d 00 00 00 00 00 00 00 68 f9 16 00 a4 0e 17 00 00 00 00 00 03 01 01 03 01 0a 01 02 88 36 00 12 83 72 00 03 0f 00 00 0b 11 01 02 88 32 00 00 00 0a 02 82 28 00 02 88 32 |
General | |
| Stream Path: | ObjectPool/_1160890548/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 102 |
| Entropy: | 4.072529978795036 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E q u a t i o n 3 . 0 . . . . . D S E q |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 71 75 61 74 69 6f 6e 20 33 2e 30 00 0c 00 00 00 44 53 20 45 71 |
General | |
| Stream Path: | ObjectPool/_1160890548/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.8475846798245739 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | ObjectPool/_1160890548/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 4 |
| Entropy: | 0.8112781244591328 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . |
| Data Raw: | 00 00 03 00 |
General | |
| Stream Path: | ObjectPool/_1160890548/Equation Native |
| CLSID: | |
| File Type: | Matlab v4 mat-file (little endian) \254\361\026, rows 3250388994, columns 57 |
| Stream Size: | 85 |
| Entropy: | 3.5500939450082623 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . 9 . . . . . . . . . . . . . . . . . . . . . . . ( . . 5 . . k . . + . . 2 . . ) . . ( . . |
| Data Raw: | 1c 00 00 00 02 00 bd c1 39 00 00 00 00 00 00 00 80 f1 16 00 ac f1 16 00 00 00 00 00 03 01 01 03 01 0a 01 02 82 28 00 02 88 35 00 12 83 6b 00 02 86 2b 00 02 88 32 00 02 82 29 00 02 82 28 00 02 |
General | |
| Stream Path: | ObjectPool/_1160890606/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 102 |
| Entropy: | 4.072529978795036 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E q u a t i o n 3 . 0 . . . . . D S E q |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 71 75 61 74 69 6f 6e 20 33 2e 30 00 0c 00 00 00 44 53 20 45 71 |
General | |
| Stream Path: | ObjectPool/_1160890606/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.8475846798245739 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | ObjectPool/_1160890606/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 4 |
| Entropy: | 0.8112781244591328 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . |
| Data Raw: | 00 00 03 00 |
General | |
| Stream Path: | ObjectPool/_1160890606/Equation Native |
| CLSID: | |
| File Type: | Matlab v4 mat-file (little endian) $\252\025, rows 3250388994, columns 71 |
| Stream Size: | 99 |
| Entropy: | 3.6591193359354905 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . G . . . . . . . 8 . . . $ . . . . . . . . . . . . . . ( . . m . . . " . 1 . . ) . . ( . . m . . |
| Data Raw: | 1c 00 00 00 02 00 bd c1 47 00 00 00 00 00 00 00 38 0a 17 00 24 aa 15 00 00 00 00 00 03 01 01 03 01 0a 01 02 82 28 00 12 83 6d 00 02 86 12 22 02 88 31 00 02 82 29 00 02 82 28 00 12 83 6d 00 03 |
General | |
| Stream Path: | ObjectPool/_1160890641/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 102 |
| Entropy: | 4.072529978795036 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E q u a t i o n 3 . 0 . . . . . D S E q |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 71 75 61 74 69 6f 6e 20 33 2e 30 00 0c 00 00 00 44 53 20 45 71 |
General | |
| Stream Path: | ObjectPool/_1160890641/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.8475846798245739 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | ObjectPool/_1160890641/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 4 |
| Entropy: | 0.8112781244591328 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . |
| Data Raw: | 00 00 03 00 |
General | |
| Stream Path: | ObjectPool/_1160890641/Equation Native |
| CLSID: | |
| File Type: | Matlab v4 mat-file (little endian) \344\265\025, rows 3250388994, columns 83 |
| Stream Size: | 111 |
| Entropy: | 3.643799804820707 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . S . . . . . . . . . . . . . . . . . . . . . . . ( . . 2 . . n . . . " . 3 . . ) . . ( . . |
| Data Raw: | 1c 00 00 00 02 00 bd c1 53 00 00 00 00 00 00 00 c8 d5 15 00 e4 b5 15 00 00 00 00 00 03 01 01 03 01 0a 01 02 82 28 00 02 88 32 00 12 83 6e 00 02 86 12 22 02 88 33 00 02 82 29 00 02 82 28 00 02 |
General | |
| Stream Path: | ObjectPool/_1286867940/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 102 |
| Entropy: | 4.072529978795036 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E q u a t i o n 3 . 0 . . . . . D S E q |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 71 75 61 74 69 6f 6e 20 33 2e 30 00 0c 00 00 00 44 53 20 45 71 |
General | |
| Stream Path: | ObjectPool/_1286867940/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.8475846798245739 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | ObjectPool/_1286867940/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 6 |
| Entropy: | 1.2516291673878228 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . |
| Data Raw: | 00 00 03 00 04 00 |
General | |
| Stream Path: | ObjectPool/_1286867940/Equation Native |
| CLSID: | |
| File Type: | data |
| Stream Size: | 118 |
| Entropy: | 3.6936534414266395 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . ~ Z . . . . . . . . . . . . . . . . . . . . . . . . ( . . 3 . . x . . . . . . . . . 2 . . . . . y |
| Data Raw: | 1c 00 00 00 02 00 7e c1 5a 00 00 00 00 00 00 00 c8 e5 18 00 0c ca 16 00 00 00 00 00 03 01 01 03 0a 0a 01 02 82 28 00 02 88 33 00 12 83 78 00 03 0f 00 00 0b 11 01 02 88 32 00 00 00 0a 12 83 79 |
General | |
| Stream Path: | ObjectPool/_1286868111/\x1CompObj |
| CLSID: | |
| File Type: | data |
| Stream Size: | 102 |
| Entropy: | 4.072529978795036 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E q u a t i o n 3 . 0 . . . . . D S E q |
| Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 02 ce 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 17 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 45 71 75 61 74 69 6f 6e 20 33 2e 30 00 0c 00 00 00 44 53 20 45 71 |
General | |
| Stream Path: | ObjectPool/_1286868111/\x1Ole |
| CLSID: | |
| File Type: | data |
| Stream Size: | 20 |
| Entropy: | 0.8475846798245739 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . . . . . . . . . . . . . . . |
| Data Raw: | 01 00 00 02 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
| Stream Path: | ObjectPool/_1286868111/\x3ObjInfo |
| CLSID: | |
| File Type: | data |
| Stream Size: | 6 |
| Entropy: | 1.2516291673878228 |
| Base64 Encoded: | False |
| Data ASCII: | . . . . . . |
| Data Raw: | 00 00 03 00 04 00 |
Key Decision
Richest Path
Thread / callback creation
Lower opacity -> Library Node⊘No network behavior found
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
| Target ID: | 0 |
| Start time: | 18:38:23 |
| Start date: | 19/04/2024 |
| Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
| Wow64 process (32bit): | false |
| Commandline: | |
| Imagebase: | 0x13f290000 |
| File size: | 1'423'704 bytes |
| MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
| Has elevated privileges: | true |
| Has administrator privileges: | true |
| Programmed in: | C, C++ or other language |
| Reputation: | high |
| Has exited: | true |
⊘No disassembly