Malicious
Malicious

1c171c0bed826e1289503a069d56eb6f

MS Word Document
|
MD5: 1c171c0bed826e1289503a069d56eb6f
|
Size: 665.14 KB
|
application/msword

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
1c171c0bed826e1289503a069d56eb6f
Sha1
4c5c209a1bd527cde44b59d43de3c160a614aad3
Sha256
6ff952e61e8f515a3d98596fd8bed1108eefb7c3d174c6ac3d6099b97c7a1298
Sha384
94192e47924690f9d53ff283f0732b0912fbc7ccfc32c79a8ac7dd3bde831d2f617e332ca9e86289231c3fb70fb96d30
Sha512
25e163e5d71051c90c69ca62d36dbaff44496fdd0e11c2c2289d3c2e965ec6a8b69d8375e97e30840156da919e7eea0a1c15f5e305c2a600e13fad4eb6166a1b
SSDeep
12288:GuHgnDhA4F9WKLo4LcjVvuRPZn163pCezJcPO6DlsiPu0w9scDlSd6fEUr:G2gdrFt1gjduNZnc3Bzg00yllfEUr
TLSH
A7E412B311C93C3DD45E5EFBD603B53278668D444AB63A07281B2BEC0E02A5E16256FF
File Structure
1c171c0bed826e1289503a069d56eb6f
Malicious
[Content_Types].xml
docProps
app.xml
core.xml
word
Malicious
document.xml
endnotes.xml
fontTable.xml
footer1.xml
footnotes.xml
numbering.xml
Perform.rtf
settings.xml
styles.xml
webSettings.xml
theme
theme1.xml
_rels
Malicious
document.xml.rels
settings.xml.rels
Malicious
_rels
.rels
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
1c171c0bed826e1289503a069d56eb6f (665.14 KB)
File Structure
1c171c0bed826e1289503a069d56eb6f
Malicious
[Content_Types].xml
docProps
app.xml
core.xml
word
Malicious
document.xml
endnotes.xml
fontTable.xml
footer1.xml
footnotes.xml
numbering.xml
Perform.rtf
settings.xml
styles.xml
webSettings.xml
theme
theme1.xml
_rels
Malicious
document.xml.rels
settings.xml.rels
Malicious
_rels
.rels
Characteristics
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value Location
Remote Template - Highly Suspicious

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx

Malicious

1c171c0bed826e1289503a069d56eb6f > word > _rels > settings.xml.rels
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙