Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

VBS.Heur.ObfDldr.30.6277A94D.Gen

Dynamic Analysis Report

Created on 2021-06-23T22:24:00

Miembros de la UNAB para arrestar.docx

Word Document
...

Remarks (1/1)

(0x0200003A): A task was rescheduled ahead of time to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\kEecfMwgj\Desktop\Miembros de la UNAB para arrestar.docx Sample File Word Document
malicious
...
»
Also Known As c:\users\keecfmwgj\desktop\~wrl0001.tmp (Dropped File)
MIME Type application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size 38.93 KB
MD5 f6e2c8a84bf778c239df19c3bc9d479c Copy to Clipboard
SHA1 9d029b7e83026ae8cedbf68f92b7717eeec05a27 Copy to Clipboard
SHA256 c3e56af0c0a13e8ab4e6f2269d1c15586e72f9b7a90c22980f976e6786388a03 Copy to Clipboard
SSDeep 768:I/V0eQ94LHTKkDMCS6LsGov5UODZ7ewDgxHPldQ0JN9/5NE7099992qyo8ek:chFjTKuQGeU+789dQaNx5N/99992Tp Copy to Clipboard
ImpHash -
Parser Error Remark Static engine was unable to completely parse the analyzed file
Office Information
»
Creator GEHRIUC
Last Modified By JVBRQ
Revision 2
Create Time 2019-03-16 10:47:00+00:00
Modify Time 2019-11-02 18:29:00+00:00
Application Microsoft Office Word
App Version 16.0000
Template template48.dot
Document Security NONE
Editing Time 94.0
Page Count 1
Line Count 1
Paragraph Count 1
Character Count 1
Chars With Spaces 1
ScaleCrop False
SharedDoc False
Extracted Image Texts (1)
»
Image 1: image1.png
»
]] Office ‘1 documento esta protegido 1. Abra el documento en el Microsoft Office. Para los documente sin proteccion no hay accesso on-line 2. En el caso de cargar el documento de su correo pulse la tecla “Permutir edicion” en la raya amarilla de arriba 3. Haber permitido la edicion pulse la tecla “Incluir contenido” en la raya amarilla de arriba
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://templateworkshop.site:44567/template_storage/normal_template/template48.dot
Show WHOIS
N/A
-
...
C:\Users\kEecfMwgj\AppData\Local\Microsoft\OneDriveUpdate.vbs Dropped File Text
malicious
...
»
MIME Type text/plain
File Size 11.51 KB
MD5 b2611d194588baea0b8006a680a67813 Copy to Clipboard
SHA1 18f8c02571bcd88fedb785182a541a62f4005130 Copy to Clipboard
SHA256 2aa7cfcdef49150b32da1c3202ec115601a45ac10cbe7ab12f95ce839506e359 Copy to Clipboard
SSDeep 192:XA9rwuBI3wn4EUYCyKpHHQKC7WDl0baUufb4ACERIP+I0w+wMwm7wu9n9OXrTxLI:UkqIAlnCF/D/UQGERIP+IJPxbu9n9OK Copy to Clipboard
ImpHash -
AV Matches (1)
»
Threat Name Verdict
VBS.Heur.ObfDldr.30.6277A94D.Gen
malicious
c:\users\keecfmwgj\appdata\local\microsoft\office\16.0\officefilecache\centraltable.laccdb Modified File Stream
clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 0c02ffdb7f96f0a2b76b04f72f6340e2 Copy to Clipboard
SHA1 6e46e211acfabe00b531ba801ac75c355a89cfd4 Copy to Clipboard
SHA256 eb910ff216b08c85661b22c8a540746dbc67aed19b6b5fa1381af8d50ef2717d Copy to Clipboard
SSDeep 3:lFx363l1aRo3l1aV:Dq3Sq3u Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\desktop\~wrd0000.tmp Dropped File Word Document
clean
...
»
Also Known As c:\users\keecfmwgj\desktop\miembros de la unab para arrestar.docx (Dropped File)
MIME Type application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size 68.13 KB
MD5 1148877ce0d0fefd034396b8a8f10181 Copy to Clipboard
SHA1 f83afe49dc30044d471e194cd959ae849ad06a06 Copy to Clipboard
SHA256 781f2723cbf154805d650a9fbe57f4e7a8de4875b022763991a89a3f9274b733 Copy to Clipboard
SSDeep 1536:DRz/cbcjzDoQGtTvZ4KuoG/pkgZsDpf/Rc8s3IkdUxLa:DhcofDSTvivxdZsDpX04kka Copy to Clipboard
ImpHash -
Office Information
»
Creator GEHRIUC
Last Modified By kEecfMwgj
Revision 3
Create Time 2019-03-16 10:47:00+00:00
Modify Time 2021-06-23 22:25:00+00:00
Application Microsoft Office Word
App Version 16.0000
Template template48
Document Security NONE
Editing Time 94.0
Page Count 1
Line Count 1
Paragraph Count 1
Character Count 1
Chars With Spaces 1
ScaleCrop False
SharedDoc False
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://templateworkshop.site:44567/template_storage/normal_template/template48.dot
Show WHOIS
N/A
-
...
c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.mso\d8b38049.png Dropped File Unknown
clean
...
  • Actions
»
MIME Type -
File Size 0 Bytes
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
c:\users\keecfmwgj\appdata\local\temp\tryrthhfghfhgffgg.tmp Dropped File Stream
clean
...
»
MIME Type application/octet-stream
File Size 1.12 MB
MD5 7412f65d54bc2ef12b776383dbce729b Copy to Clipboard
SHA1 57ef7b122819eea97e8ceef140b48f801caf94c5 Copy to Clipboard
SHA256 9c3fee047908bf9fa622081ac1ca885bc38ecc5e664986c17c900716dd237b36 Copy to Clipboard
SSDeep 3072:2qfpfR+1miAl88ZT6kWTef7esTRpufgR+1miAlkJ5wal7X2OhitByE2QwQ/8JpzC:rxD Copy to Clipboard
ImpHash -
C:\Users\KEECFM~1\AppData\Local\Temp\nohitatusbkwu.tmp Dropped File Image
clean
...
»
Also Known As image1.tmp (Embedded File)
Parent File c:\users\keecfmwgj\desktop\~wrd0000.tmp
MIME Type image/jpeg
File Size 55.96 KB
MD5 e62e8ca6ba3083d9fefabd8bb855648a Copy to Clipboard
SHA1 89726af943791f61fe3a69825989aa24b47d52c8 Copy to Clipboard
SHA256 c1f383fd6b36cee26c861b3d8c253308bb8d8cdb1869c27e2008bf1daf1031ce Copy to Clipboard
SSDeep 1536:vz/cbcjzDoQGtTvZ4KuoG/pkgZsDpf/RB:zcofDSTvivxdZsDpXz Copy to Clipboard
ImpHash -
e238799016988449395e1588f65a75c996efb887d5395f5807527910239e7416 Downloaded File Text
clean
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 480 Bytes
MD5 f6385c8cd7a5e1235e33073fa7811550 Copy to Clipboard
SHA1 ba889a5fca4951fed3aae3598b57117659198f28 Copy to Clipboard
SHA256 e238799016988449395e1588f65a75c996efb887d5395f5807527910239e7416 Copy to Clipboard
SSDeep 6:jpN4GVoRl6V5bWfLAXAOHPcJmP0koqVWZIjzDcdUuLPETdGTXW5RMdybffW0qMCc:jls6V5yfLyAXmPvVuLCdeXW5dz8c Copy to Clipboard
ImpHash -
74188468490e859f321fa79343591c6c0a4880d3f77a5cab99298d5e2d6c2c42 Downloaded File Text
clean
Known to be clean.
...
»
Parent File analysis.pcap
MIME Type text/plain
File Size 77 Bytes
MD5 c51f261f1b9b123ddfc4a54cfd16cc8e Copy to Clipboard
SHA1 bbaf20c41b68c48a9ed1292d349d973638f5ca3e Copy to Clipboard
SHA256 74188468490e859f321fa79343591c6c0a4880d3f77a5cab99298d5e2d6c2c42 Copy to Clipboard
SSDeep 3:sbe0GlSwzRWWkRUezQF7hXW2:eetlSwzR/kCezoB Copy to Clipboard
ImpHash -
image1.png Embedded File Image
clean
...
»
Parent File C:\Users\kEecfMwgj\Desktop\Miembros de la UNAB para arrestar.docx
MIME Type image/png
File Size 29.96 KB
MD5 0f96f95a0564b59261534ab2a9801e39 Copy to Clipboard
SHA1 f532c49d8ecbefcf73e2d6b06c98ed654ee696a9 Copy to Clipboard
SHA256 efc63bd01240449348a3ceefb00f047101db509e35c7b80572a97b76b24a79a8 Copy to Clipboard
SSDeep 768:Yl5/645vEGcbkvpKu1xVKK0qzDLzJ0zOWVAc2UGJ+2:G5/15h7hD21FG Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image