Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
dl18aYTBo5.docx

Overview

General Information

Sample Name:dl18aYTBo5.docx
Analysis ID:686004
MD5:b91615355a11f5bb8b7c381a8bc4485a
SHA1:7950b1730e05a2dcdd19f1a98a697798a9edbf77
SHA256:3fdd30eb0961c98259d58327745ec253588b1553d9822d613d45d076c4b07ec1
Infos:

Detection

Follina CVE-2022-30190
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Microsoft Office Exploit Follina CVE-2022-30190
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Antivirus detection for dropped file
Contains an external reference to another file
Detected suspicious Microsoft Office reference URL
Queries the volume information (name, serial number etc) of a device
Yara signature match
Potential document exploit detected (unknown TCP traffic)
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
IP address seen in connection with other malware

Classification