PO-0814.doc
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
Score: 56
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
|
malicious
Score: 48
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
| IP | Country | Detection |
|---|---|---|
| 188.165.215.31 | France |  |
| Name | IP | Detection |
|---|---|---|
| femto.pw | 188.165.215.31 | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{1BF24CA3-025D-4403-9DBE-B492A11253DC}.tmp |
data | # |  |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3A3DB071-4F03-4D2B-8C5C-F1ADB9722678}.tmp |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\PO-0814.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:14 2020, mtime=Wed Aug 26 14:08:14 2020, atime=Wed Jun 16 18:07:31 2021, length=1710047, window=hide | # | |
| Click to see the 3 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm |
data | # | |
C:\Users\user\Desktop\~$O-0814.doc |
data | # | |
