Malicious
Malicious

42d56aedf81b5bcb99d68c65cf7fd81a

MS Word Document
|
MD5: 42d56aedf81b5bcb99d68c65cf7fd81a
|
Size: 653.59 KB
|
application/msword

Print
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
42d56aedf81b5bcb99d68c65cf7fd81a
Sha1
b454a92cdb02eed3858bc3c71c4e2b9d3fcf1866
Sha256
2ad6ca5c2471a53baebf2d1735ff9fbfe5d6a76d963e990d75098f66cf668257
Sha384
c0f9b148e8a750901c108b5e4119307f3fac8e820c39d0207623d5a2922bee18a85e3a4ddf0cf24934981f7dfbb8de70
Sha512
65b856944c8ba40c8d6f9ee0e1edbdedf8669c44281b2c0fd9d93fbeaa771215e382ad0cebc8a1dd3831e920fd3ae6327c8a8013c851a59b2a4bca0b6f0cb5e9
SSDeep
12288:HuHgnDhA4F9WKLo4DUnoG5cxb/a+kIdIGqPXGcpZReM6Kuvc8J5:H2gdrFt1gpCJdKP2K/e/Kuc8J5
TLSH
0ED422B709D17C3DC00CA5FF65877239B0A81EA666B43149A84B73CD1C189BE19525FF
File Structure
42d56aedf81b5bcb99d68c65cf7fd81a
Malicious
[Content_Types].xml
docProps
app.xml
core.xml
word
Malicious
document.xml
endnotes.xml
fontTable.xml
footer1.xml
footnotes.xml
Insight.rtf
numbering.xml
settings.xml
styles.xml
webSettings.xml
theme
theme1.xml
_rels
Malicious
document.xml.rels
settings.xml.rels
Malicious
_rels
.rels
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
42d56aedf81b5bcb99d68c65cf7fd81a (653.59 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙