855_28042020.doc
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
Score: 60
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
|
malicious
Score: 48
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
| IP | Country | Detection |
|---|---|---|
| 5.188.168.36 | Luxembourg |  |
| Name | IP | Detection |
|---|---|---|
| ichiseled.com | 5.188.168.36 | |
| Name | Detection |
|---|---|
| http://ichiseled.com/files/whe.exe | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4A8E8FD7-B28F-4AE5-86AD-026C320EA73C}.tmp |
data | # |  |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B9C27487-05CF-4B4D-9079-2A6225ABAACB}.tmp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\855_28042020.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Wed Aug 26 14:08:15 2020, atime=Tue Feb 23 14:44:33 2021, length=233718, window=hide | # | |
| Click to see the 3 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\Desktop\~$5_28042020.doc |
data | # | |
