Malicious
Malicious

9297dd424d3cb4f62357892f13a144d1

MS Word Document
|
MD5: 9297dd424d3cb4f62357892f13a144d1
|
Size: 1.01 MB
|
application/msword

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
9297dd424d3cb4f62357892f13a144d1
Sha1
db363955302b2e3199bc59f76d10813d2c7c393b
Sha256
4e806d94ee7e7340fd0e0f8bb43dd96b0d738b08f17a1ba9e12b296f5006fb18
Sha384
2f83425a482abb1a5b98678f165e25fa215d98e7d6b10b5bac97c3b8d2334f53022409832f87872d9ad7a2b655baf8dc
Sha512
ad1a07fe908e79b7ce872d08c75626d9980f9ac6d096baa7c2f3b3fd2098164316b21b18d6b6d2a67a89190184e91fe329ce3fb7a7aaf0c485c4a8b2b17db613
SSDeep
24576:t2gdrFt1T06FWsn1vybtfcGQqGgivJO0b+vNdYJ:5xtisn1+rK+vNd6
TLSH
BB2523771AD27E7CD18C84FB501731F3769C4C41A8713944A26B26CD2D968BE8228AFF
File Structure
9297dd424d3cb4f62357892f13a144d1
Malicious
[Content_Types].xml
docProps
app.xml
core.xml
word
Malicious
document.xml
endnotes.xml
fontTable.xml
footer1.xml
footnotes.xml
Matte.rtf
numbering.xml
settings.xml
styles.xml
webSettings.xml
theme
theme1.xml
_rels
Malicious
document.xml.rels
settings.xml.rels
Malicious
_rels
.rels
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
9297dd424d3cb4f62357892f13a144d1 (1.01 MB)
File Structure
9297dd424d3cb4f62357892f13a144d1
Malicious
[Content_Types].xml
docProps
app.xml
core.xml
word
Malicious
document.xml
endnotes.xml
fontTable.xml
footer1.xml
footnotes.xml
Matte.rtf
numbering.xml
settings.xml
styles.xml
webSettings.xml
theme
theme1.xml
_rels
Malicious
document.xml.rels
settings.xml.rels
Malicious
_rels
.rels
Characteristics
Malware Configuration - Remote Template
Config. Field
 Value
Target

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value Location
Remote Template - Highly Suspicious

file:///C:\Users\John\AppData\Roaming\Microsoft\Templates\Student%20report%20with%20photo.dotx

Malicious

9297dd424d3cb4f62357892f13a144d1 > word > _rels > settings.xml.rels
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙