Windows Analysis Report
Ziraat Bankas#U0131 Swift Mesaji2.docx.doc

Overview

General Information

Sample name: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc
renamed because original name is a hash value
Original sample name: Ziraat Bankas Swift Mesaji2.docx.doc
Analysis ID: 1432092
MD5: 6b558989d2d86cdefeec7f4870728234
SHA1: f272ce3666af298c1bfcdc35b417a38a3e7c7a09
SHA256: a0c344097b361f848249cda8b87539627f640f84e2d06b305757d7e60183e636
Tags: doc
Errors
  • Unable to connect to analysis machine: w7x64, esxi07-W7x64_Office, timeout exceeded, no analysis of the sample was performed
  • No process behavior to analyse as no analysis process or sample was found

Detection

Score: 52
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Contains an external reference to another file

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc Virustotal: Detection: 9% Perma Link
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc ReversingLabs: Detection: 13%
Source: classification engine Classification label: mal52.evad.winDOC@0/0@0/0
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc OLE indicator, Word Document stream: true
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc OLE indicator, Word Document stream: true
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc OLE document summary: title field not present or empty
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc OLE document summary: title field not present or empty
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc Virustotal: Detection: 9%
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc ReversingLabs: Detection: 13%
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc Initial sample: OLE zip file path = word/embeddings/oleObject2.bin
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc Initial sample: OLE zip file path = word/media/image2.emf
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc Initial sample: OLE zip file path = word/_rels/settings.xml.rels
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc Initial sample: OLE indicators vbamacros = False

Persistence and Installation Behavior
barindex
Contains an external reference to another file
Source: settings.xml.rels Extracted files from sample: http://wheel.to/sewtek
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc Stream path 'CONTENTS' entropy: 7.91669502048 (max. 8.0)
Source: Ziraat Bankas#U0131 Swift Mesaji2.docx.doc Stream path 'CONTENTS' entropy: 7.91598386737 (max. 8.0)

No Screenshots

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1432092 Sample: Ziraat Bankas#U0131 Swift M... Startdate: 26/04/2024 Architecture: WINDOWS Score: 52 5 Multi AV Scanner detection for submitted file 2->5 7 Contains an external reference to another file 2->7
No contacted IP infos