Windows Analysis Report enjoin,12.27.2021.doc
Overview
General Information
Detection
Score: | 72 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Suspicious MSHTA Process Patterns | Show sources |
Source: | Author: Florian Roth: |
Jbx Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Machine Learning detection for sample | Show sources |
Source: | Joe Sandbox ML: |
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | File created: | Jump to behavior |
Source: | DNS traffic detected: |
Source: | HTTP traffic detected: |
Source: | Window created: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Document contains an embedded VBA macro which may execute processes | Show sources |
Source: | OLE, VBA macro line: |
Source: | OLE, VBA macro line: |
Source: | Key opened: |
Source: | OLE indicator, VBA macros: |
Source: | OLE, VBA macro line: |
Source: | Memory allocated: | ||
Source: | Memory allocated: |
Source: | ReversingLabs: |
Source: | Key opened: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | OLE indicator, Word Document stream: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | Binary or memory string: |
Source: | OLE document summary: | ||
Source: | OLE document summary: | ||
Source: | OLE document summary: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Stream path 'Data' entropy: |
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: | ||
Source: | Thread sleep time: |
Source: | Binary or memory string: |
Source: | Queries volume information: | ||
Source: | Queries volume information: |
Source: | Key value queried: |
Source: | Directory queried: | ||
Source: | Directory queried: | ||
Source: | Directory queried: | ||
Source: | Directory queried: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting12 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Email Collection1 | Exfiltration Over Other Network Medium | Ingress Tool Transfer2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution13 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Disable or Modify Tools1 | LSASS Memory | Virtualization/Sandbox Evasion1 | Remote Desktop Protocol | Data from Local System1 | Exfiltration Over Bluetooth | Non-Application Layer Protocol2 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Virtualization/Sandbox Evasion1 | Security Account Manager | Remote System Discovery1 | SMB/Windows Admin Shares | Clipboard Data1 | Automated Exfiltration | Application Layer Protocol12 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | File and Directory Discovery11 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting12 | LSA Secrets | System Information Discovery14 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Obfuscated Files or Information1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
44% | ReversingLabs | Document-Excel.Trojan.Valyria | ||
100% | Joe Sandbox ML |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
4% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
patelboostg.com | 45.67.229.54 | true | false |
| unknown |
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| low | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
45.67.229.54 | patelboostg.com | Moldova Republic of | 200019 | ALEXHOSTMD | false |
General Information |
---|
Joe Sandbox Version: | 34.0.0 Boulder Opal |
Analysis ID: | 546767 |
Start date: | 31.12.2021 |
Start time: | 12:47:58 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 3s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | enjoin,12.27.2021.doc |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 7 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal72.expl.winDOC@6/13@1/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
12:49:17 | API Interceptor | |
12:49:19 | API Interceptor |
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\SysWOW64\mshta.exe |
File Type: | |
Category: | downloaded |
Size (bytes): | 204 |
Entropy (8bit): | 5.1573981743615605 |
Encrypted: | false |
SSDEEP: | 6:pn0+Dy9xwGObRmEr6VnetdzRx3fEjZKCezocKqD:J0+oxBeRmR9etdzRxfERez1T |
MD5: | D3EB9513A9F2DD24ECDCC38FF33CA41B |
SHA1: | 37433C7BFDB800C601FCBA6F055BD01A87D26333 |
SHA-256: | 56591A120BD1C7D012554BEFD923D1AC7BF015A53A36C2808766F74FBFDCEB64 |
SHA-512: | 67960FEEC5EDA119383B9955DBD36550CE804EF1FD01F0E4D9AFC347068CA54BE4B89913AF2CC872E25C119318CBE3E137A4965E4A5A09231AFE960C1E2B844B |
Malicious: | false |
Reputation: | low |
IE Cache URL: | http://patelboostg.com/frhe/L8dclCye7SQ5WTFva78FDxOjGBOF9iJro4DRgV/5inYIaSBt0KLfMB9kXwZBv6ZpTsny6/qAhIQjrAaLKJeTLQnbCarASpMADNe9u19Kylnkoreo7/SjqMh4eEx0Hx9b4h5e2fMcQgeIbFT/kKeSzfUaenwSFB/ISkVIHedx0p/49280/SruwcI68Yb5pVaVqfvyOHztDsbEuhGxtlV6bpgPIFvGFQ277/7FkN9pAcaWDfFlGNBeuaqGed8iDibaWexT/GyAAzLRbFAU1XErrU1F/vaci3?page=V8BBaQuem65&page=XYvyd0Dcrg6fJYLGHRVWp7s1tv&page=dvZwXcjcYCjBX8tPaALshiDAx85PEq&sid=10tOgWzOZj9xyAidNJAz3d9Ob0 |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 16384 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | CE338FE6899778AACFC28414F2D9498B |
SHA1: | 897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1 |
SHA-256: | 4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE |
SHA-512: | 6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1024 |
Entropy (8bit): | 0.05390218305374581 |
Encrypted: | false |
SSDEEP: | 3:ol3lYdn:4Wn |
MD5: | 5D4D94EE7E06BBB0AF9584119797B23A |
SHA1: | DBB111419C704F116EFA8E72471DD83E86E49677 |
SHA-256: | 4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1 |
SHA-512: | 95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 895 |
Entropy (8bit): | 4.489866809978452 |
Encrypted: | false |
SSDEEP: | 24:85Y3Rb/XTTcU3xKshemtl2Y3qYZVNZVu/:85Y3Rb/XTAU8e9twY9u |
MD5: | 28DFB4AE47F7B8AA4BC15AD0659981FD |
SHA1: | E2E72F84340465FC6D4A8860C35B7A992E4B448F |
SHA-256: | 23FF02A1276523C4B394173B2D509468DFF29DD4634928DE7082CA21EE4615C1 |
SHA-512: | C24D1213F3A336EB9F1718EC850AFEEEE2C04429DFCA059556D2249A69F1317BB5E0B392673DBCC2B9C3764383D931FDD7FA764BB4905C8B6B2DA43D98B0EC16 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1049 |
Entropy (8bit): | 4.507628337122616 |
Encrypted: | false |
SSDEEP: | 12:8wA0gXg/XAlCPCHaXjByB/AVtX+WQ0F7OahaQh4icvbi4W4VaQ3DtZ3YilMMEpxX:8xk/XTTc+b17vasremr4aADv3qYQd7Qy |
MD5: | CDD02D874BC6B01C25C109C8384B736A |
SHA1: | 528886D45E0117EDD645906CCE0C9F1555602172 |
SHA-256: | D92B76A50B850F9E344EED6A4089804FBD5E7F2E3AD711F773900A9CC9A4E477 |
SHA-512: | 0C2B94EA21A8EEA4CF1B28E95491CE12B79E7FC9C03D96C8C3D00850B621A38E4C947DF78C4E661B755D902AAAA671E56E422F80AB33E48E64105B7EE1F6BE0D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 1042 |
Entropy (8bit): | 4.575754104270858 |
Encrypted: | false |
SSDEEP: | 24:8HRc/XTTc0ooKioDUA97emt70eM2Y3qYR7m:8HRc/XTA0ahUAR9t70eHYFm |
MD5: | A6551AA851F17D2C186397BEFE5659BE |
SHA1: | 9CB24AE1311B7A9C464EE1031B0ABCF556F127CD |
SHA-256: | 697D8306857ADFADAAFB96D9FBF53AD19BDB88E7F5DAC59DA177EFB3569B9C65 |
SHA-512: | CA648714947847F00E9380C2423698A651C2B0632683DF38B7D4CDD8AB96FDDB197848C6441B3977AB32E479631E546EAAC71F668F5B6C833BD6788D4B4D3E4E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 149 |
Entropy (8bit): | 4.925765021076922 |
Encrypted: | false |
SSDEEP: | 3:bDuMJlYLfzX9UAlwcXAlWCUSvngculmX1UzX9UAlmxWHRqgculv:bCHFPAkqgf9ZRqgf1 |
MD5: | 3BF4F1E7F23C02240D20AE24C8EF9AAA |
SHA1: | C5C0FDD6C3D8D7A76D4C7E4FDE645A89E7D41533 |
SHA-256: | 3A48146C4A0C943D845AE094F1FCAF679B005FD684BA0B38C0418313A63C23E8 |
SHA-512: | 92C4058FE98FF941B850CB901D38997CECB98716C0A0664897C6D7F4AC21DC0F1641E3DDBCEB77134B1EF7BFA9E4A99130172E3B67D7825D16BD680F3D71D029 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l |
MD5: | 45B1E2B14BE6C1EFC217DCE28709F72D |
SHA1: | 64E3E91D6557D176776A498CF0776BE3679F13C3 |
SHA-256: | 508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6 |
SHA-512: | 2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l |
MD5: | 45B1E2B14BE6C1EFC217DCE28709F72D |
SHA1: | 64E3E91D6557D176776A498CF0776BE3679F13C3 |
SHA-256: | 508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6 |
SHA-512: | 2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4060 |
Entropy (8bit): | 5.772579806586633 |
Encrypted: | false |
SSDEEP: | 96:gmubD4ZmjvpJN3IyP3NoEVxaOcR9+2xtIols/RWvyXqRATuh:gmywmjBrYA3OgBcRU2gjRRM |
MD5: | FBDB7848F1D9945428C0101B75811195 |
SHA1: | FE31E65196E0844CD5858F893D44428AECE6A2B4 |
SHA-256: | AEC91C78C4DC06C5BCEA7B5020C38B003FC120153D51A3ADB4F32D8000A6326A |
SHA-512: | D699D3A8123F7FCC09373F27F0A09015546ABE6BCFBEB8A75178B9EF0304F73C19BC0F27F51ED2B78A02A8CAEE89B5E268808E6C0AA981ED011FE03C573311A5 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162 |
Entropy (8bit): | 2.5038355507075254 |
Encrypted: | false |
SSDEEP: | 3:vrJlaCkWtVyEGlBsB2q/WWqlFGa1/ln:vdsCkWtYlqAHR9l |
MD5: | 45B1E2B14BE6C1EFC217DCE28709F72D |
SHA1: | 64E3E91D6557D176776A498CF0776BE3679F13C3 |
SHA-256: | 508D8C67A6B3A7B24641F8DEEBFB484B12CFDAFD23956791176D6699C97978E6 |
SHA-512: | 2EB6C22095EFBC366D213220CB22916B11B1234C18BBCD5457AB811BE0E3C74A2564F56C6835E00A0C245DF964ADE3697EFA4E730D66CC43C1C903975F6225C0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 4060 |
Entropy (8bit): | 5.772579806586633 |
Encrypted: | false |
SSDEEP: | 96:gmubD4ZmjvpJN3IyP3NoEVxaOcR9+2xtIols/RWvyXqRATuh:gmywmjBrYA3OgBcRU2gjRRM |
MD5: | FBDB7848F1D9945428C0101B75811195 |
SHA1: | FE31E65196E0844CD5858F893D44428AECE6A2B4 |
SHA-256: | AEC91C78C4DC06C5BCEA7B5020C38B003FC120153D51A3ADB4F32D8000A6326A |
SHA-512: | D699D3A8123F7FCC09373F27F0A09015546ABE6BCFBEB8A75178B9EF0304F73C19BC0F27F51ED2B78A02A8CAEE89B5E268808E6C0AA981ED011FE03C573311A5 |
Malicious: | false |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 5.843747544208076 |
TrID: |
|
File name: | enjoin,12.27.2021.doc |
File size: | 79360 |
MD5: | 7044bd240219ec2f83b01c532e2ce5ba |
SHA1: | 745cdbc4a826c5960eef3f4a9aa307ff94e4b7fb |
SHA256: | ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0 |
SHA512: | 8467fc9f63711c8fa460f1f35d42b6528c6e285799d9a19630696dd3a12e24799370eaa6d53e075e60d579a3b4ecef035cf62aac6a1bc96130b392c3931882ee |
SSDEEP: | 768:P/MMM1tMFur3Be1l3Jeq1awypEuqjuy+uqezc1GFZIdJ6jtQlQNBOTHxPIz/tZj8:Zja8IdPhW/jTEQMiebld4Kkd6t |
File Content Preview: | ........................>.......................|...........................{.................................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | e4eea2aaa4b4b4a4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "enjoin,12.27.2021.doc" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Office Word |
Encrypted Document: | False |
Contains Word Document Stream: | True |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1251 |
Title: | |
Subject: | |
Author: | |
Keywords: | |
Comments: | |
Template: | |
Last Saved By: | |
Revion Number: | 2 |
Total Edit Time: | 0 |
Create Time: | 2021-12-27 11:02:00 |
Last Saved Time: | 2021-12-27 11:02:00 |
Number of Pages: | 1 |
Number of Words: | 116 |
Number of Characters: | 16118 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1251 |
Category: | |
Number of Bytes: | 26624 |
Number of Lines: | 65 |
Number of Paragraphs: | 1 |
Thumbnail Scaling Desired: | False |
Manager: | |
Company: | |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 1048576 |
Streams with VBA |
---|
VBA File Name: ThisDocument.cls, Stream Size: 2420 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/ThisDocument |
VBA File Name: | ThisDocument.cls |
Stream Size: | 2420 |
Data ASCII: | . . . . . . . . . T . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . p . . . . . . . . . Y . $ N . . ! . . . . . . . . . . . . N . K . N . . 5 . . . . . . . . . . . . . . . . . . . . . B 4 . + : r , L . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . B 4 . + : r , L . . . . . . x . . . . . Y . $ N . . ! . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 06 00 01 00 00 54 05 00 00 e4 00 00 00 ea 01 00 00 82 05 00 00 90 05 00 00 a0 07 00 00 04 00 00 00 01 00 00 00 40 9d 90 12 00 00 ff ff a3 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 70 00 ff ff 00 00 d3 15 f5 98 59 c8 24 4e 9f 86 21 a3 de d2 ab eb 81 1c 87 c8 ad b2 15 4e 82 4b ba 4e ad 1e 35 87 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code |
---|
|
VBA File Name: main.bas, Stream Size: 1103 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/main |
VBA File Name: | main.bas |
Stream Size: | 1103 |
Data ASCII: | . . . . . . . . . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 7a 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 81 02 00 00 89 03 00 00 00 00 00 00 01 00 00 00 40 9d 65 e5 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code |
---|
|
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 114 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.42107393569 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . . . . . . . . M i c r o s o f t W o r d 9 7 - 2 0 0 3 . . . . . M S W o r d D o c . . . . . W o r d . D o c u m e n t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 06 09 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 c4 ee ea f3 ec e5 ed f2 20 4d 69 63 72 6f 73 6f 66 74 20 57 6f 72 64 20 39 37 2d 32 30 30 33 00 0a 00 00 00 4d 53 57 6f 72 64 44 6f 63 00 10 00 00 00 57 6f 72 64 2e 44 6f 63 75 6d 65 6e 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.337221095365 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . e x p l o r e r . . . . . . . . . . . . . . . . . . . . . . . . r i p t . s h . . . . . . h . . . . . . A . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 30 01 00 00 0f 00 00 00 01 00 00 00 80 00 00 00 02 00 00 00 88 00 00 00 0e 00 00 00 9c 00 00 00 0f 00 00 00 a8 00 00 00 04 00 00 00 b8 00 00 00 05 00 00 00 c0 00 00 00 06 00 00 00 c8 00 00 00 11 00 00 00 d0 00 00 00 17 00 00 00 d8 00 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 4096 |
Entropy: | 0.475702379357 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . < . . . . . . . H . . . . . . . T . . . . . . . \\ . . . . . . . d . . . . . . . l . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 74 01 00 00 11 00 00 00 01 00 00 00 90 00 00 00 02 00 00 00 98 00 00 00 03 00 00 00 a4 00 00 00 04 00 00 00 b0 00 00 00 05 00 00 00 bc 00 00 00 06 00 00 00 c8 00 00 00 07 00 00 00 d4 00 00 00 08 00 00 00 e4 00 00 00 09 00 00 00 04 01 00 00 |
Stream Path: 1Table, File Type: data, Stream Size: 7224 |
---|
General | |
---|---|
Stream Path: | 1Table |
File Type: | data |
Stream Size: | 7224 |
Entropy: | 5.92567062364 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . s . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . v . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . > . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . 6 . . . |
Data Raw: | 0a 06 0f 00 12 00 01 00 73 01 0f 00 07 00 03 00 03 00 03 00 00 00 04 00 08 00 00 00 98 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 9e 00 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 36 06 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 76 02 00 00 |
Stream Path: Data, File Type: data, Stream Size: 26648 |
---|
General | |
---|---|
Stream Path: | Data |
File Type: | data |
Stream Size: | 26648 |
Entropy: | 7.93699752134 |
Base64 Encoded: | False |
Data ASCII: | . h . . D . d . . . . . . . . . . . . . . . . . . . . . Z - . % . % . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D . . . . . . . . . . . . . . . . . . . C . . . . . . . A . . . . . . . . . . . . . . . . . . . . . . u . s . _ . . . . . . . . . . . . . . . b . . . . g . . . . . . . \\ u . V . . l o . + I . . . . \\ g . . . . . . D . . . . . . . . n . . T g . . . . . \\ u . V . . l o . + I . . . . P N G . . . . . . . . I H D R . . . . . . . . . . . . . . . . . . . . . g I F x N E |
Data Raw: | 18 68 00 00 44 00 64 00 00 00 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 5a 2d 20 0d 25 03 25 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 04 f0 44 00 00 00 b2 04 0a f0 08 00 00 00 01 04 00 00 00 0a 00 00 43 00 0b f0 20 00 00 00 04 41 01 00 00 00 05 c1 08 00 00 00 06 01 02 00 00 00 ff 01 00 00 08 00 75 00 73 00 |
Stream Path: Macros/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 398 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 398 |
Entropy: | 5.34409853619 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 6 6 C 4 7 8 6 9 - 5 3 2 7 - 4 B B 0 - A 8 5 4 - 1 C 9 A 9 1 5 0 0 5 8 1 } " . . D o c u m e n t = T h i s D o c u m e n t / & H 0 0 0 0 0 0 0 0 . . M o d u l e = m a i n . . N a m e = " a t J H O i j " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " A C A E 3 F 7 6 4 1 A 9 4 5 A 9 4 5 A 9 4 5 A 9 4 5 " . . D P B = " E 3 E 1 7 0 4 3 A 6 4 4 A 6 4 4 A 6 " . . G C = " 1 A 1 8 8 9 9 C C 1 9 D C 1 9 D 3 E " . . . . [ H o s t E x t |
Data Raw: | 49 44 3d 22 7b 36 36 43 34 37 38 36 39 2d 35 33 32 37 2d 34 42 42 30 2d 41 38 35 34 2d 31 43 39 41 39 31 35 30 30 35 38 31 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 44 6f 63 75 6d 65 6e 74 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 6d 61 69 6e 0d 0a 4e 61 6d 65 3d 22 61 74 4a 48 4f 69 6a 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d 22 30 22 0d 0a 56 |
Stream Path: Macros/PROJECTwm, File Type: data, Stream Size: 56 |
---|
General | |
---|---|
Stream Path: | Macros/PROJECTwm |
File Type: | data |
Stream Size: | 56 |
Entropy: | 3.05665670746 |
Base64 Encoded: | False |
Data ASCII: | T h i s D o c u m e n t . T . h . i . s . D . o . c . u . m . e . n . t . . . m a i n . m . a . i . n . . . . . |
Data Raw: | 54 68 69 73 44 6f 63 75 6d 65 6e 74 00 54 00 68 00 69 00 73 00 44 00 6f 00 63 00 75 00 6d 00 65 00 6e 00 74 00 00 00 6d 61 69 6e 00 6d 00 61 00 69 00 6e 00 00 00 00 00 |
Stream Path: Macros/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2896 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 2896 |
Entropy: | 4.3263453539 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . |
Data Raw: | cc 61 b2 00 00 03 00 ff 19 04 00 00 09 04 00 00 e3 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 fe 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
Stream Path: Macros/VBA/__SRP_0, File Type: data, Stream Size: 1708 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_0 |
File Type: | data |
Stream Size: | 1708 |
Entropy: | 3.55295478383 |
Base64 Encoded: | False |
Data ASCII: | . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * \\ C N o r m a l r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ Z . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . A . < . M . . @ . Y . . . J . . . . . . . . . . . . . |
Data Raw: | 93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 01 00 09 00 00 00 2a 5c 43 4e 6f 72 6d 61 6c 72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00 |
Stream Path: Macros/VBA/__SRP_1, File Type: data, Stream Size: 241 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_1 |
File Type: | data |
Stream Size: | 241 |
Entropy: | 2.39835412071 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i 7 C o m p u t e r M o n i t o r . . . . . . . . . . . . . . . . m o u s e V i d e o T . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 02 00 00 00 00 00 00 7e 7a 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 ff ff ff ff ff ff ff ff 06 00 00 00 00 00 |
Stream Path: Macros/VBA/__SRP_2, File Type: data, Stream Size: 983 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_2 |
File Type: | data |
Stream Size: | 983 |
Entropy: | 2.01453026658 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P . . . . . . . . . . . . . . . . . . . . . . . . . . . q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ` ) . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 38 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 50 00 00 00 00 00 00 00 00 00 00 00 04 00 04 00 00 00 00 00 01 00 01 00 00 00 01 00 71 07 00 00 00 00 00 00 00 00 00 00 a1 07 00 00 00 00 00 00 00 00 00 00 d1 07 |
Stream Path: Macros/VBA/__SRP_3, File Type: data, Stream Size: 364 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/__SRP_3 |
File Type: | data |
Stream Size: | 364 |
Entropy: | 2.2617201917 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . @ . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O . P . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O . O . P . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 78 00 00 00 08 00 40 00 e1 01 00 00 00 00 00 00 00 00 02 00 00 00 04 60 04 01 e1 0d ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
Stream Path: Macros/VBA/dir, File Type: data, Stream Size: 553 |
---|
General | |
---|---|
Stream Path: | Macros/VBA/dir |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.34791185753 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . P r o j e c t . Q . ( . . @ . . . . . = . . . . . l . . . . . . . . . . . . c . . . . J . < . . . . . r s t d . o l e > . . s . t . . d . o . l . e P . . . h . % ^ . . * . \\ G { 0 0 0 2 0 . 4 3 0 - . . . . C . . . . . . . 0 0 4 6 } # . 2 . 0 # 0 # C : . \\ W i n d o w s . \\ S y s t e m 3 . 2 \\ . e 2 . t l b . # O L E A u t . o m a t i o n . ` . . . . E N o r m a l . . E N . C r . m . a Q . F . . . . . . . * , \\ C . . . . . . m . . |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e3 04 04 00 07 00 1c 00 50 72 6f 6a 65 63 74 05 51 00 28 00 00 40 02 14 06 02 14 3d ad 02 0a 07 02 6c 01 14 08 06 12 09 02 12 80 ef b5 c2 63 0e 00 0c 02 4a 12 3c 02 0a 16 00 01 72 73 74 64 10 6f 6c 65 3e 02 19 73 00 74 00 00 64 00 6f 00 6c 00 65 50 00 0d 00 68 00 25 5e 00 03 2a 00 5c 47 7b 30 30 |
Stream Path: WordDocument, File Type: data, Stream Size: 19522 |
---|
General | |
---|---|
Stream Path: | WordDocument |
File Type: | data |
Stream Size: | 19522 |
Entropy: | 3.66495069994 |
Base64 Encoded: | False |
Data ASCII: | . . . . U . . . . . . . . . . . . . . . . . . . . . . . j G . . . . b j b j . n . n . . . . . . . . . . . . . . . . . . . . . . . L . . . . . a . . . a j ? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > . . . . . . . > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | ec a5 c1 00 55 00 09 04 00 00 f8 12 bf 00 00 00 00 00 00 10 00 00 00 00 00 08 00 00 6a 47 00 00 0e 00 62 6a 62 6a eb 6e eb 6e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 04 16 00 2e 4c 00 00 89 04 e9 61 89 04 e9 61 6a 3f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 00 00 00 00 ff ff 0f 00 00 00 00 00 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 31, 2021 12:48:50.565393925 CET | 49165 | 80 | 192.168.2.22 | 45.67.229.54 |
Dec 31, 2021 12:48:50.620126009 CET | 80 | 49165 | 45.67.229.54 | 192.168.2.22 |
Dec 31, 2021 12:48:50.620259047 CET | 49165 | 80 | 192.168.2.22 | 45.67.229.54 |
Dec 31, 2021 12:48:50.694802046 CET | 49165 | 80 | 192.168.2.22 | 45.67.229.54 |
Dec 31, 2021 12:48:50.751616001 CET | 80 | 49165 | 45.67.229.54 | 192.168.2.22 |
Dec 31, 2021 12:48:50.957160950 CET | 80 | 49165 | 45.67.229.54 | 192.168.2.22 |
Dec 31, 2021 12:48:50.957293034 CET | 49165 | 80 | 192.168.2.22 | 45.67.229.54 |
Dec 31, 2021 12:48:55.483177900 CET | 49165 | 80 | 192.168.2.22 | 45.67.229.54 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Dec 31, 2021 12:48:50.508971930 CET | 52167 | 53 | 192.168.2.22 | 8.8.8.8 |
Dec 31, 2021 12:48:50.537548065 CET | 53 | 52167 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Dec 31, 2021 12:48:50.508971930 CET | 192.168.2.22 | 8.8.8.8 | 0x9c56 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Dec 31, 2021 12:48:50.537548065 CET | 8.8.8.8 | 192.168.2.22 | 0x9c56 | No error (0) | 45.67.229.54 | A (IP address) | IN (0x0001) |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49165 | 45.67.229.54 | 80 | C:\Windows\SysWOW64\mshta.exe |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Dec 31, 2021 12:48:50.694802046 CET | 1 | OUT | |
Dec 31, 2021 12:48:50.957160950 CET | 1 | IN |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:49:13 |
Start date: | 31/12/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f8d0000 |
File size: | 1423704 bytes |
MD5 hash: | 9EE74859D22DAE61F1750B3A1BACB6F5 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:49:17 |
Start date: | 31/12/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffa10000 |
File size: | 3229696 bytes |
MD5 hash: | 38AE1B3C38FAEF56FE4907922F0385BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:49:18 |
Start date: | 31/12/2021 |
Path: | C:\Windows\explorer.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffa10000 |
File size: | 3229696 bytes |
MD5 hash: | 38AE1B3C38FAEF56FE4907922F0385BA |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:49:18 |
Start date: | 31/12/2021 |
Path: | C:\Windows\SysWOW64\mshta.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x270000 |
File size: | 13312 bytes |
MD5 hash: | ABDFC692D9FE43E2BA8FE6CB5A8CB95A |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|