Malicious
Malicious

d3fc62896192d8089e41d60a885f9561

MS Word Document
|
MD5: d3fc62896192d8089e41d60a885f9561
|
Size: 291.1 KB
|
application/msword

Infection Chain
Summary by MalvaGPT
Characteristics
Hash
 Hash Value
MD5
d3fc62896192d8089e41d60a885f9561
Sha1
53d5ae034bcea350f3d190707db74bcbc3ac176c
Sha256
85221167e34e28f2dd27cfe16dfc7fec92ec1f06968f3e20c01999d11fbbe1df
Sha384
7dff2d783e5540db914615dfdeb2645dda3577d55a6dcba842bb96869d0e6d4c1bc866df63932ff5fdec595795ca8696
Sha512
6b61de3b236df3d7f4155fd022e9ad1a3a4b438b91689f5fd38462d9ab7c430012a913b56293ee5197e657f57cb46c4ff3111e2ccabfdedbb6fe35aa490c898e
SSDeep
6144:z/LjXKGDc/ZZvg0I+18qxnivzQOgN97DqoAmmYRQhhTU:LLmbZZvFL1877QvN97hlmhTU
TLSH
875423EFF6EC23C5D328C1619873BA580AADE4C7DA47F983971C6F0AD26A5C74011867
File Structure
d3fc62896192d8089e41d60a885f9561
Malicious
[Content_Types].xml
_rels
.rels
word
Malicious
_rels
Malicious
document.xml.rels
settings.xml.rels
Malicious
document.xml
media
image1.emf
embeddings
oleObject1.bin
Root Entry
Ole
CompObj
ObjInfo
CONTENTS
Text (Preview)
Page #1
Page #2
#Stream {6}
#Stream {154}
#Stream {155}
#Stream {156}
#Stream {157}
#Stream {158}
#Stream {159}
#Stream {160}
#Stream {161}
#Stream {162}
#Stream {152}
#Stream {163}
#Stream {153}
#Stream {2}
Structure
theme
theme1.xml
settings.xml
webSettings.xml
styles.xml
fontTable.xml
docProps
core.xml
app.xml
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Informations
Name
 Value
CONTENTS

1.6
CONTENTS

Karim Naghi
CONTENTS

D:20240604155102+04'00'
CONTENTS

Acrobat PDFMaker 24 for Word
CONTENTS

D:20240604155104+04'00'
CONTENTS

Terms & Conditions
CONTENTS

Terms & Conditions of PO
CONTENTS

Adobe PDF Library 24.2.23
CONTENTS

Karim Naghi
CONTENTS

DAS Holding
CONTENTS

D:20240604155102+04'00'
CONTENTS

Acrobat PDFMaker 24 for Word
CONTENTS

Karim Naghi
CONTENTS

D:20240604155104+04'00'
CONTENTS

Adobe PDF Library 24.2.23
CONTENTS

D:20240604114755
CONTENTS

Terms & Conditions
CONTENTS

Terms & Conditions of PO
Artefacts
Name
 Value
Remote Template - Highly Suspicious

https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6
d3fc62896192d8089e41d60a885f9561 (291.1 KB)
File Structure
d3fc62896192d8089e41d60a885f9561
Malicious
[Content_Types].xml
_rels
.rels
word
Malicious
_rels
Malicious
document.xml.rels
settings.xml.rels
Malicious
document.xml
media
image1.emf
embeddings
oleObject1.bin
Root Entry
Ole
CompObj
ObjInfo
CONTENTS
Text (Preview)
Page #1
Page #2
#Stream {6}
#Stream {154}
#Stream {155}
#Stream {156}
#Stream {157}
#Stream {158}
#Stream {159}
#Stream {160}
#Stream {161}
#Stream {162}
#Stream {152}
#Stream {163}
#Stream {153}
#Stream {2}
Structure
theme
theme1.xml
settings.xml
webSettings.xml
styles.xml
fontTable.xml
docProps
core.xml
app.xml
Characteristics
Malware Configuration - Remote Template
Config. Field
 Value
Target

https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6
Path

settings.xml.rels
XPath

/Relationships/Relationship
Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />
Artefacts
Name
 Value Location
Remote Template - Highly Suspicious

https://systemchangedentirethingsforbesttoprovidebetterthingstounderstandoing.Dot@a38.fr/X7cvg6

Malicious

d3fc62896192d8089e41d60a885f9561 > word > _rels > settings.xml.rels
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙