Malicious
Malicious

2c57f7a996b9a67bd60f9a128daa4ad6

MS Word Document
|
MD5: 2c57f7a996b9a67bd60f9a128daa4ad6
|
Size: 1.02 MB
|
application/msword

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
2c57f7a996b9a67bd60f9a128daa4ad6
Sha1
ff05a46c2637f462f395de7e71dd0690ef09f89c
Sha256
f73b9ec6cd60b9699fa8a4893607a24e3881b33d55b0bf9d6efcb2acb4ae654b
Sha384
824699a177423b6474a4165f7079eaad4d998b2d300931a174df1ba434b3b0e189092b94ec83e5c3585109a0d456e6d1
Sha512
6adb34bb99040f89904a8df4d3d128add15cb354312e05ad6942f3c851829adbe72e3d4355ee422c588b31a5b9d50ced24b9f8c774a8caab9d5e3d1cff9d7da9
SSDeep
24576:Dx2gdrFt1GhD6baP5EnKCzWF2MPP/Xj58N7sDhRJGZiXO6rD573u:Dtxtok+/Czu2EPPj58BcJTXO6o
TLSH
64251223DD54A3B5F95032F9B609C1941EFB3D8D2ECDCC676C862C830EC26E6164AB56
File Structure
2c57f7a996b9a67bd60f9a128daa4ad6
Malicious
[Content_Types].xml
docProps
app.xml
core.xml
word
Malicious
document.xml
Elerat.rtf
endnotes.xml
fontTable.xml
footer1.xml
footnotes.xml
numbering.xml
settings.xml
styles.xml
webSettings.xml
theme
theme1.xml
_rels
Malicious
document.xml.rels
settings.xml.rels
Malicious
_rels
.rels
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
2c57f7a996b9a67bd60f9a128daa4ad6 (1.02 MB)
File Structure
2c57f7a996b9a67bd60f9a128daa4ad6
Malicious
[Content_Types].xml
docProps
app.xml
core.xml
word
Malicious
document.xml
Elerat.rtf
endnotes.xml
fontTable.xml
footer1.xml
footnotes.xml
numbering.xml
settings.xml
styles.xml
webSettings.xml
theme
theme1.xml
_rels
Malicious
document.xml.rels
settings.xml.rels
Malicious
_rels
.rels
Characteristics
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value Location
Remote Template - Highly Suspicious

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx

Malicious

2c57f7a996b9a67bd60f9a128daa4ad6 > word > _rels > settings.xml.rels
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙