Lokibot | cbe84e2c523f

C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx

Sample File

Excel Document

»

MIME Type	application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
File Size	187.24 KB
MD5	cf8b307caa943326ee808bb3cb02deee
SHA1	705c25adbdb7b805e47566540b3804eba178e7da
SHA256	cbe84e2c523fd51dabb1365df50415ffc51f8159c36798061742f08ba5d31b9b
SSDeep	3072:W3x5yiKm7/AJj6GEOux8NBVuVnDcq3QT0PyYC9v1EFVW3NdR31od+xXfwsRYXn0D:uam7/AJ6GsWBVuV4MaB9voVWdT3iWPws
ImpHash	-
Parser Error Remark	Static engine was unable to completely parse the analyzed file

File Reputation Information

»

Verdict	malicious
Names	Mal/Generic-S

Office Information

»

Create Time	2006-09-16 00:00:00+00:00
Modify Time	2022-02-09 18:04:34+00:00
Detected CVEs	CVE-2018-0798
Application	Microsoft Excel
App Version	12.0000
Document Security	SECURITY_PASSWORD
Titles Of Parts	Sheet1, Sheet2, Sheet3
ScaleCrop
SharedDoc

Controls (1)

»

CLSID	Control Name	Associated Vulnerability
{0002CE02-0000-0000-C000-000000000046}	Equation2	CVE-2017-11882

Extracted Image Texts (2)

»

Image 1: image4.png

»

                   Admin

You don't currently have permission to

A
4

access this folder

Chee

Scontinue

Image 2: image5.png

»

                   A

iors expenences an ertot tepng to open the tee

ey these suggestions

+ neck the fue permanons tof the document of ate

o Make wute there n sutficient Hee memory and dak apace
fen the Lae with the Text Rezovery onnester
Vinenatataana® Vangie! 2o0)

Show Nee >

C:\Users\RDHJ0C~1\AppData\Local\Temp\xmtxpy.exe

Dropped File

Binary

»

Also Known As	C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.exe (Dropped File)
MIME Type	application/vnd.microsoft.portable-executable
File Size	122.50 KB
MD5	1eacd504e4461f9ee286715997d8a9ee
SHA1	64554fe410bb0b335373e99d2f8aa37800f30fdd
SHA256	de398be02d5abe9c8bce84380ac5303ea00fc00820a50cad007220f24538b3de
SSDeep	3072:8WbTBVpk7JTDA7SbfsejlOmaDjCsOPthVE:jhVpsA7bejlOmKCS
ImpHash	06c0d6e687419e6c34fd514d2f39a801

PE Information

»

Image Base	0x400000
Entry Point	0x40e9d7
Size Of Code	0x17800
Size Of Initialized Data	0x8e00
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2022-02-10 03:31:23+00:00

Sections (5)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x17705	0x17800	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.61
.rdata	0x419000	0x4b2a	0x4c00	0x17c00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.67
.data	0x41e000	0x3020	0x1200	0x1c800	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	3.24
.rsrc	0x422000	0x1f8	0x200	0x1da00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	4.87
.reloc	0x423000	0xcd8	0xe00	0x1dc00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ	6.31

Imports (7)

»

KERNEL32.dll (61)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
HeapSize	-	0x419048	0x1d184	0x1bd84	0x351
GetStringTypeW	-	0x41904c	0x1d188	0x1bd88	0x2da
LCMapStringW	-	0x419050	0x1d18c	0x1bd8c	0x3b5
HeapReAlloc	-	0x419054	0x1d190	0x1bd90	0x34f
FlushFileBuffers	-	0x419058	0x1d194	0x1bd94	0x1a2
GetConsoleCP	-	0x41905c	0x1d198	0x1bd98	0x1ed
GetConsoleMode	-	0x419060	0x1d19c	0x1bd9c	0x1ff
SetStdHandle	-	0x419064	0x1d1a0	0x1bda0	0x54e
SetFilePointerEx	-	0x419068	0x1d1a4	0x1bda4	0x525
WriteConsoleW	-	0x41906c	0x1d1a8	0x1bda8	0x615
ReadFile	-	0x419070	0x1d1ac	0x1bdac	0x475
GetFileSize	-	0x419074	0x1d1b0	0x1bdb0	0x24e
CreateFileW	-	0x419078	0x1d1b4	0x1bdb4	0xce
HeapAlloc	-	0x41907c	0x1d1b8	0x1bdb8	0x348
OutputDebugStringW	-	0x419080	0x1d1bc	0x1bdbc	0x41b
RtlUnwind	-	0x419084	0x1d1c0	0x1bdc0	0x4d5
LoadLibraryExW	-	0x419088	0x1d1c4	0x1bdc4	0x3c7
IsProcessorFeaturePresent	-	0x41908c	0x1d1c8	0x1bdc8	0x389
IsDebuggerPresent	-	0x419090	0x1d1cc	0x1bdcc	0x382
GetCPInfo	-	0x419094	0x1d1d0	0x1bdd0	0x1c4
GetOEMCP	-	0x419098	0x1d1d4	0x1bdd4	0x29a
GetACP	-	0x41909c	0x1d1d8	0x1bdd8	0x1b5
IsValidCodePage	-	0x4190a0	0x1d1dc	0x1bddc	0x38f
HeapFree	-	0x4190a4	0x1d1e0	0x1bde0	0x34c
GetCommandLineW	-	0x4190a8	0x1d1e4	0x1bde4	0x1da
GetLastError	-	0x4190ac	0x1d1e8	0x1bde8	0x264
SetLastError	-	0x4190b0	0x1d1ec	0x1bdec	0x534
GetCurrentThreadId	-	0x4190b4	0x1d1f0	0x1bdf0	0x21f
EncodePointer	-	0x4190b8	0x1d1f4	0x1bdf4	0x130
DecodePointer	-	0x4190bc	0x1d1f8	0x1bdf8	0x10c
ExitProcess	-	0x4190c0	0x1d1fc	0x1bdfc	0x161
GetModuleHandleExW	-	0x4190c4	0x1d200	0x1be00	0x27a
GetProcAddress	-	0x4190c8	0x1d204	0x1be04	0x2b1
MultiByteToWideChar	-	0x4190cc	0x1d208	0x1be08	0x3f3
WideCharToMultiByte	-	0x4190d0	0x1d20c	0x1be0c	0x602
GetProcessHeap	-	0x4190d4	0x1d210	0x1be10	0x2b7
GetStdHandle	-	0x4190d8	0x1d214	0x1be14	0x2d5
GetFileType	-	0x4190dc	0x1d218	0x1be18	0x251
DeleteCriticalSection	-	0x4190e0	0x1d21c	0x1be1c	0x113
GetStartupInfoW	-	0x4190e4	0x1d220	0x1be20	0x2d3
GetModuleFileNameW	-	0x4190e8	0x1d224	0x1be24	0x277
WriteFile	-	0x4190ec	0x1d228	0x1be28	0x616
QueryPerformanceCounter	-	0x4190f0	0x1d22c	0x1be2c	0x44f
GetCurrentProcessId	-	0x4190f4	0x1d230	0x1be30	0x21b
GetSystemTimeAsFileTime	-	0x4190f8	0x1d234	0x1be34	0x2ec
GetEnvironmentStringsW	-	0x4190fc	0x1d238	0x1be38	0x23a
FreeEnvironmentStringsW	-	0x419100	0x1d23c	0x1be3c	0x1ad
UnhandledExceptionFilter	-	0x419104	0x1d240	0x1be40	0x5b1
SetUnhandledExceptionFilter	-	0x419108	0x1d244	0x1be44	0x571
InitializeCriticalSectionAndSpinCount	-	0x41910c	0x1d248	0x1be48	0x362
Sleep	-	0x419110	0x1d24c	0x1be4c	0x581
GetCurrentProcess	-	0x419114	0x1d250	0x1be50	0x21a
TerminateProcess	-	0x419118	0x1d254	0x1be54	0x590
TlsAlloc	-	0x41911c	0x1d258	0x1be58	0x5a2
TlsGetValue	-	0x419120	0x1d25c	0x1be5c	0x5a4
TlsSetValue	-	0x419124	0x1d260	0x1be60	0x5a5
TlsFree	-	0x419128	0x1d264	0x1be64	0x5a3
GetModuleHandleW	-	0x41912c	0x1d268	0x1be68	0x27b
EnterCriticalSection	-	0x419130	0x1d26c	0x1be6c	0x134
LeaveCriticalSection	-	0x419134	0x1d270	0x1be70	0x3c1
CloseHandle	-	0x419138	0x1d274	0x1be74	0x89

WINMM.dll (10)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
timeGetSystemTime	-	0x41918c	0x1d2c8	0x1bec8	0x93
joySetThreshold	-	0x419190	0x1d2cc	0x1becc	0x1f
midiStreamRestart	-	0x419194	0x1d2d0	0x1bed0	0x5f
mmioWrite	-	0x419198	0x1d2d4	0x1bed4	0x89
GetDriverModuleHandle	-	0x41919c	0x1d2d8	0x1bed8	0x4
WOWAppExit	-	0x4191a0	0x1d2dc	0x1bedc	0xd
midiInGetDevCapsA	-	0x4191a4	0x1d2e0	0x1bee0	0x3a
mmioRead	-	0x4191a8	0x1d2e4	0x1bee4	0x80
mixerGetDevCapsW	-	0x4191ac	0x1d2e8	0x1bee8	0x65
midiOutShortMsg	-	0x4191b0	0x1d2ec	0x1beec	0x57

AVIFIL32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
AVIStreamTimeToSample	-	0x419000	0x1d13c	0x1bd3c	0x38
AVISaveOptions	-	0x419004	0x1d140	0x1bd40	0x1c
AVIStreamInfo	-	0x419008	0x1d144	0x1bd44	0x2a

MSVFW32.dll (4)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ICRemove	-	0x419140	0x1d27c	0x1be7c	0x24
DrawDibGetBuffer	-	0x419144	0x1d280	0x1be80	0x5
ICOpenFunction	-	0x419148	0x1d284	0x1be84	0x23
DrawDibStart	-	0x41914c	0x1d288	0x1be88	0xb

GDI32.dll (13)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
EnumICMProfilesA	-	0x419010	0x1d14c	0x1bd4c	0x1c8
CopyMetaFileA	-	0x419014	0x1d150	0x1bd50	0x27
GetGlyphOutlineW	-	0x419018	0x1d154	0x1bd54	0x294
AddFontResourceExW	-	0x41901c	0x1d158	0x1bd58	0x5
GetLayout	-	0x419020	0x1d15c	0x1bd5c	0x29d
GdiGetSpoolFileHandle	-	0x419024	0x1d160	0x1bd60	0x226
SetViewportExtEx	-	0x419028	0x1d164	0x1bd64	0x395
GetTextExtentExPointW	-	0x41902c	0x1d168	0x1bd68	0x2cc
CreateFontA	-	0x419030	0x1d16c	0x1bd6c	0x3f
EnumFontFamiliesA	-	0x419034	0x1d170	0x1bd70	0x1c2
GetTextCharsetInfo	-	0x419038	0x1d174	0x1bd74	0x2c8
GetTextExtentPoint32W	-	0x41903c	0x1d178	0x1bd78	0x2cf
CreateRectRgn	-	0x419040	0x1d17c	0x1bd7c	0x53

RPCRT4.dll (7)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
NdrAsyncServerCall	-	0x41916c	0x1d2a8	0x1bea8	0x9b
NdrConformantStringBufferSize	-	0x419170	0x1d2ac	0x1beac	0xb9
RpcBindingReset	-	0x419174	0x1d2b0	0x1beb0	0x17c
NdrVaryingArrayUnmarshall	-	0x419178	0x1d2b4	0x1beb4	0x156
RpcServerUseProtseqExW	-	0x41917c	0x1d2b8	0x1beb8	0x1ec
NdrConformantVaryingStructBufferSize	-	0x419180	0x1d2bc	0x1bebc	0xc7
I_RpcConnectionInqSockBuffSize	-	0x419184	0x1d2c0	0x1bec0	0x2c

RESUTILS.dll (5)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ResUtilEnumResources	-	0x419154	0x1d290	0x1be90	0x3a
ResUtilPropertyListFromParameterBlock	-	0x419158	0x1d294	0x1be94	0x73
ResUtilVerifyService	-	0x41915c	0x1d298	0x1be98	0x8f
ResUtilFindDwordProperty	-	0x419160	0x1d29c	0x1be9c	0x40
ResUtilSetPrivatePropertyList	-	0x419164	0x1d2a0	0x1bea0	0x7c

Memory Dumps (44)

»

Name	Process ID	Start VA	End VA	Dump Reason	Bitness	Entry Point	Actions
xmtxpy.exe	6	0x010D0000	0x010F3FFF	Relevant Image	32-bit	0x010E13D6	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	6	0x004A0000	0x004A1FFF	First Execution	32-bit	0x004A0000	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00400000	0x004A1FFF	First Execution	32-bit	0x004139DE	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
xmtxpy.exe	7	0x010D0000	0x010F3FFF	Relevant Image	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	6	0x004E0100	0x004E018F	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x004E0A00	0x004E0A7F	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x004E1880	0x004E191B	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x004E3280	0x004E349F	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x004E3680	0x004E3821	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x004E4CE0	0x004E4DB5	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x004E8E00	0x004E8EC5	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x004ED650	0x004EDE4F	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x004EDE58	0x004EE657	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	6	0x009D0000	0x00A05FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
xmtxpy.exe	6	0x010D0000	0x010F3FFF	Process Termination	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00414059	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00412FEB	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x004092CC	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x0040C9C2	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00407AA2	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00412FFF	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00413000	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00408952	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x004090AA	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x0040DB78	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00410676	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x0040F44A	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x0040ED17	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00411954	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x004067C4	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00401BBD	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x0019B000	0x0019FFFF	First Network Behavior	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00400000	0x004A1FFF	First Network Behavior	32-bit	-	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00753D60	0x00753F67	First Network Behavior	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00755058	0x007563DF	First Network Behavior	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00757BF8	0x00757DFF	First Network Behavior	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x0075A488	0x0075A62C	First Network Behavior	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x0075CA78	0x0075DDFF	First Network Behavior	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x0075F488	0x0075F699	First Network Behavior	32-bit	-	... Memory Dump Actions Go to Process Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00405695	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00412B2E	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00406489	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00413C3B	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump
buffer	7	0x00400000	0x004A1FFF	Content Changed	32-bit	0x00412F30	... Memory Dump Actions Go to Process Go to YARA Matches Download Dump

YARA Matches (1)

»

Rule Name	Rule Description	Classification	Score	Actions
Shellcode_Find_kernel32_PEB	x86 code to find kernel32.dll using the PEB; possible shellcode	-	3/5	... YARA Actions Show Ruleset Show Match

C:\Users\Public\vbc.exe

Downloaded File

Binary

»

Also Known As	c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\j4a3bqa1\.win32[1].exe (Downloaded File)
Parent File	analysis.pcap
MIME Type	application/vnd.microsoft.portable-executable
File Size	288.21 KB
MD5	7df1896047d9647d818080dd17563d92
SHA1	a7c2bc04ec70c0f439e2a0863096fa7d391f79c5
SHA256	9cbed5eff56e1c08b6040c8ab4977e76528d59368d9d0550626b5380513ecb7b
SSDeep	6144:ow2pJekU4t1+9AJci0mJVmkzcOsggBk4u9aTTozAlJixJFfDqXR0e:eJekU4zuAJv0mupOtWu9aIcTR0e
ImpHash	099c0646ea7282d232219f8807883be0

File Reputation Information

»

Verdict	malicious
Names	Mal/Generic-S

PE Information

»

Image Base	0x400000
Entry Point	0x403225
Size Of Code	0x5a00
Size Of Initialized Data	0x1d400
Size Of Uninitialized Data	0x400
File Type	FileType.executable
Subsystem	Subsystem.windows_gui
Machine Type	MachineType.i386
Compile Timestamp	2008-10-10 21:48:57+00:00

Sections (5)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x5976	0x5a00	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.47
.rdata	0x407000	0x1190	0x1200	0x5e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	5.18
.data	0x409000	0x1af98	0x400	0x7000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.69
.ndata	0x424000	0x8000	0x0	0x0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rsrc	0x42c000	0x900	0xa00	0x7400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	3.95

Imports (8)

»

KERNEL32.dll (59)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CompareFileTime	-	0x407060	0x74b8	0x62b8	0x33
SearchPathA	-	0x407064	0x74bc	0x62bc	0x2d0
GetShortPathNameA	-	0x407068	0x74c0	0x62c0	0x1ad
GetFullPathNameA	-	0x40706c	0x74c4	0x62c4	0x161
MoveFileA	-	0x407070	0x74c8	0x62c8	0x264
SetCurrentDirectoryA	-	0x407074	0x74cc	0x62cc	0x2ff
GetFileAttributesA	-	0x407078	0x74d0	0x62d0	0x156
GetLastError	-	0x40707c	0x74d4	0x62d4	0x169
CreateDirectoryA	-	0x407080	0x74d8	0x62d8	0x45
SetFileAttributesA	-	0x407084	0x74dc	0x62dc	0x30e
Sleep	-	0x407088	0x74e0	0x62e0	0x349
GetTickCount	-	0x40708c	0x74e4	0x62e4	0x1d5
CreateFileA	-	0x407090	0x74e8	0x62e8	0x4d
GetFileSize	-	0x407094	0x74ec	0x62ec	0x15b
GetModuleFileNameA	-	0x407098	0x74f0	0x62f0	0x175
GetCurrentProcess	-	0x40709c	0x74f4	0x62f4	0x13a
CopyFileA	-	0x4070a0	0x74f8	0x62f8	0x3d
ExitProcess	-	0x4070a4	0x74fc	0x62fc	0xaf
SetFileTime	-	0x4070a8	0x7500	0x6300	0x314
GetTempPathA	-	0x4070ac	0x7504	0x6304	0x1cb
GetCommandLineA	-	0x4070b0	0x7508	0x6308	0x108
SetErrorMode	-	0x4070b4	0x750c	0x630c	0x30a
LoadLibraryA	-	0x4070b8	0x7510	0x6310	0x248
lstrcpynA	-	0x4070bc	0x7514	0x6314	0x3bc
GetDiskFreeSpaceA	-	0x4070c0	0x7518	0x6318	0x145
GlobalUnlock	-	0x4070c4	0x751c	0x631c	0x200
GlobalLock	-	0x4070c8	0x7520	0x6320	0x1f9
CreateThread	-	0x4070cc	0x7524	0x6324	0x69
CreateProcessA	-	0x4070d0	0x7528	0x6328	0x60
RemoveDirectoryA	-	0x4070d4	0x752c	0x632c	0x2ba
GetTempFileNameA	-	0x4070d8	0x7530	0x6330	0x1c9
lstrlenA	-	0x4070dc	0x7534	0x6334	0x3bf
lstrcatA	-	0x4070e0	0x7538	0x6338	0x3b0
GetSystemDirectoryA	-	0x4070e4	0x753c	0x633c	0x1b9
GetVersion	-	0x4070e8	0x7540	0x6340	0x1de
CloseHandle	-	0x4070ec	0x7544	0x6344	0x2e
lstrcmpiA	-	0x4070f0	0x7548	0x6348	0x3b6
lstrcmpA	-	0x4070f4	0x754c	0x634c	0x3b3
ExpandEnvironmentStringsA	-	0x4070f8	0x7550	0x6350	0xb2
GlobalFree	-	0x4070fc	0x7554	0x6354	0x1f5
GlobalAlloc	-	0x407100	0x7558	0x6358	0x1ee
WaitForSingleObject	-	0x407104	0x755c	0x635c	0x385
GetExitCodeProcess	-	0x407108	0x7560	0x6360	0x152
GetModuleHandleA	-	0x40710c	0x7564	0x6364	0x177
LoadLibraryExA	-	0x407110	0x7568	0x6368	0x249
GetProcAddress	-	0x407114	0x756c	0x636c	0x198
FreeLibrary	-	0x407118	0x7570	0x6370	0xef
MultiByteToWideChar	-	0x40711c	0x7574	0x6374	0x26b
WritePrivateProfileStringA	-	0x407120	0x7578	0x6378	0x39c
GetPrivateProfileStringA	-	0x407124	0x757c	0x637c	0x194
WriteFile	-	0x407128	0x7580	0x6380	0x397
ReadFile	-	0x40712c	0x7584	0x6384	0x2ab
MulDiv	-	0x407130	0x7588	0x6388	0x26a
SetFilePointer	-	0x407134	0x758c	0x638c	0x310
FindClose	-	0x407138	0x7590	0x6390	0xc5
FindNextFileA	-	0x40713c	0x7594	0x6394	0xd3
FindFirstFileA	-	0x407140	0x7598	0x6398	0xc9
DeleteFileA	-	0x407144	0x759c	0x639c	0x7c
GetWindowsDirectoryA	-	0x407148	0x75a0	0x63a0	0x1e9

USER32.dll (62)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
EndDialog	-	0x40716c	0x75c4	0x63c4	0xc6
ScreenToClient	-	0x407170	0x75c8	0x63c8	0x230
GetWindowRect	-	0x407174	0x75cc	0x63cc	0x174
EnableMenuItem	-	0x407178	0x75d0	0x63d0	0xc2
GetSystemMenu	-	0x40717c	0x75d4	0x63d4	0x15c
SetClassLongA	-	0x407180	0x75d8	0x63d8	0x246
IsWindowEnabled	-	0x407184	0x75dc	0x63dc	0x1ae
SetWindowPos	-	0x407188	0x75e0	0x63e0	0x282
GetSysColor	-	0x40718c	0x75e4	0x63e4	0x15a
GetWindowLongA	-	0x407190	0x75e8	0x63e8	0x16e
SetCursor	-	0x407194	0x75ec	0x63ec	0x24c
LoadCursorA	-	0x407198	0x75f0	0x63f0	0x1b9
CheckDlgButton	-	0x40719c	0x75f4	0x63f4	0x38
GetMessagePos	-	0x4071a0	0x75f8	0x63f8	0x13c
LoadBitmapA	-	0x4071a4	0x75fc	0x63fc	0x1b7
CallWindowProcA	-	0x4071a8	0x7600	0x6400	0x1b
IsWindowVisible	-	0x4071ac	0x7604	0x6404	0x1b1
CloseClipboard	-	0x4071b0	0x7608	0x6408	0x42
SetClipboardData	-	0x4071b4	0x760c	0x640c	0x249
EmptyClipboard	-	0x4071b8	0x7610	0x6410	0xc1
RegisterClassA	-	0x4071bc	0x7614	0x6414	0x215
TrackPopupMenu	-	0x4071c0	0x7618	0x6418	0x2a3
AppendMenuA	-	0x4071c4	0x761c	0x641c	0x8
CreatePopupMenu	-	0x4071c8	0x7620	0x6420	0x5e
GetSystemMetrics	-	0x4071cc	0x7624	0x6424	0x15d
SetDlgItemTextA	-	0x4071d0	0x7628	0x6428	0x252
GetDlgItemTextA	-	0x4071d4	0x762c	0x642c	0x113
MessageBoxIndirectA	-	0x4071d8	0x7630	0x6430	0x1e1
CharPrevA	-	0x4071dc	0x7634	0x6434	0x2d
DispatchMessageA	-	0x4071e0	0x7638	0x6438	0xa1
PeekMessageA	-	0x4071e4	0x763c	0x643c	0x1ff
DestroyWindow	-	0x4071e8	0x7640	0x6440	0x99
CreateDialogParamA	-	0x4071ec	0x7644	0x6444	0x55
SetTimer	-	0x4071f0	0x7648	0x6448	0x279
SetWindowTextA	-	0x4071f4	0x764c	0x644c	0x285
PostQuitMessage	-	0x4071f8	0x7650	0x6450	0x203
SetForegroundWindow	-	0x4071fc	0x7654	0x6454	0x256
wsprintfA	-	0x407200	0x7658	0x6458	0x2d5
SendMessageTimeoutA	-	0x407204	0x765c	0x645c	0x23d
FindWindowExA	-	0x407208	0x7660	0x6460	0xe4
SystemParametersInfoA	-	0x40720c	0x7664	0x6464	0x298
CreateWindowExA	-	0x407210	0x7668	0x6468	0x60
GetClassInfoA	-	0x407214	0x766c	0x646c	0xf6
DialogBoxParamA	-	0x407218	0x7670	0x6470	0x9e
CharNextA	-	0x40721c	0x7674	0x6474	0x2a
OpenClipboard	-	0x407220	0x7678	0x6478	0x1f5
ExitWindowsEx	-	0x407224	0x767c	0x647c	0xe1
IsWindow	-	0x407228	0x7680	0x6480	0x1ad
GetDlgItem	-	0x40722c	0x7684	0x6484	0x111
SetWindowLongA	-	0x407230	0x7688	0x6488	0x27f
LoadImageA	-	0x407234	0x768c	0x648c	0x1bf
GetDC	-	0x407238	0x7690	0x6490	0x10c
EnableWindow	-	0x40723c	0x7694	0x6494	0xc4
InvalidateRect	-	0x407240	0x7698	0x6498	0x193
SendMessageA	-	0x407244	0x769c	0x649c	0x23a
DefWindowProcA	-	0x407248	0x76a0	0x64a0	0x8e
BeginPaint	-	0x40724c	0x76a4	0x64a4	0xd
GetClientRect	-	0x407250	0x76a8	0x64a8	0xff
FillRect	-	0x407254	0x76ac	0x64ac	0xe2
DrawTextA	-	0x407258	0x76b0	0x64b0	0xbc
EndPaint	-	0x40725c	0x76b4	0x64b4	0xc8
ShowWindow	-	0x407260	0x76b8	0x64b8	0x291

GDI32.dll (8)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SetBkColor	-	0x40703c	0x7494	0x6294	0x215
GetDeviceCaps	-	0x407040	0x7498	0x6298	0x16b
DeleteObject	-	0x407044	0x749c	0x629c	0x8f
CreateBrushIndirect	-	0x407048	0x74a0	0x62a0	0x29
CreateFontIndirectA	-	0x40704c	0x74a4	0x62a4	0x3a
SetBkMode	-	0x407050	0x74a8	0x62a8	0x216
SetTextColor	-	0x407054	0x74ac	0x62ac	0x23c
SelectObject	-	0x407058	0x74b0	0x62b0	0x20e

SHELL32.dll (6)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetPathFromIDListA	-	0x407150	0x75a8	0x63a8	0xbc
SHBrowseForFolderA	-	0x407154	0x75ac	0x63ac	0x79
SHGetFileInfoA	-	0x407158	0x75b0	0x63b0	0xac
ShellExecuteA	-	0x40715c	0x75b4	0x63b4	0x107
SHFileOperationA	-	0x407160	0x75b8	0x63b8	0x9a
SHGetSpecialFolderLocation	-	0x407164	0x75bc	0x63bc	0xc3

ADVAPI32.dll (9)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueExA	-	0x407000	0x7458	0x6258	0x1ec
RegSetValueExA	-	0x407004	0x745c	0x625c	0x1f9
RegEnumKeyA	-	0x407008	0x7460	0x6260	0x1d5
RegEnumValueA	-	0x40700c	0x7464	0x6264	0x1d9
RegOpenKeyExA	-	0x407010	0x7468	0x6268	0x1e2
RegDeleteKeyA	-	0x407014	0x746c	0x626c	0x1d0
RegDeleteValueA	-	0x407018	0x7470	0x6270	0x1d2
RegCloseKey	-	0x40701c	0x7474	0x6274	0x1c9
RegCreateKeyExA	-	0x407020	0x7478	0x6278	0x1cd

COMCTL32.dll (4)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
ImageList_AddMasked	-	0x407028	0x7480	0x6280	0x34
ImageList_Destroy	-	0x40702c	0x7484	0x6284	0x38
(by ordinal)	0x11	0x407030	0x7488	0x6288	-
ImageList_Create	-	0x407034	0x748c	0x628c	0x37

ole32.dll (4)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoTaskMemFree	-	0x407278	0x76d0	0x64d0	0x64
OleInitialize	-	0x40727c	0x76d4	0x64d4	0xed
OleUninitialize	-	0x407280	0x76d8	0x64d8	0x104
CoCreateInstance	-	0x407284	0x76dc	0x64dc	0x10

VERSION.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
GetFileVersionInfoSizeA	-	0x407268	0x76c0	0x64c0	0x1
GetFileVersionInfoA	-	0x40726c	0x76c4	0x64c4	0x0
VerQueryValueA	-	0x407270	0x76c8	0x64c8	0xa

oleObject1.bin

Embedded File

OLE Compound

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx
MIME Type	application/CDFV2
File Size	4.00 KB
MD5	c7dc6724e6bd627f534e37cfd8e8ba9e
SHA1	3d103181e90e7a3b5c43cebeb73a5d7d71481dfe
SHA256	1ddf22074128c6541046c57222fa25eda04e10bdde8aede2df8a7926d59e7a23
SSDeep	48:rLiynunnV78vCWxjA6ebSPdiTOWp40NC9U:nuRz2PcOWNNC9
ImpHash	-
Parser Error Remark	Static engine was unable to completely parse the analyzed file

Office Information

»

Controls (1)

»

CLSID	Control Name	Associated Vulnerability
{0002CE02-0000-0000-C000-000000000046}	Equation2	CVE-2017-11882

CFB Streams (2)

»

Name	ID	Size	Actions
Root\Ole	1	20 Bytes	... Actions Download File
Root\oLE10NaTive	2	1.50 KB	... Actions Download File

C:\Users\RDHJ0C~1\AppData\Local\Temp\nsu2FBB.tmp

Dropped File

Stream

»

MIME Type	application/octet-stream
File Size	346.55 KB
MD5	ee5b2397743f917d9f93df1631178b23
SHA1	2f039c1927989531f121f34d6bf43deb5703405e
SHA256	6b105fd88793034bdd4a7b6a45e7ec131c36c20d8faabc4b4aea557c905c73d5
SSDeep	6144:oIeVfhf2uUSad7io3r2xGO8cRMYNrG+ehVpsA7bejlOmKCS:OhfZ07isKRZrleV7/+4mKCS
ImpHash	-

YARA Matches (1)

»

Rule Name	Rule Description	Classification	Score	Actions
Shellcode_Find_kernel32_PEB	x86 code to find kernel32.dll using the PEB; possible shellcode	-	3/5	... YARA Actions Show Ruleset Show Match

C:\Users\RDHJ0C~1\AppData\Local\Temp\nsr4335.tmp

Dropped File

Unknown

»

MIME Type	-
File Size	0 Bytes
MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SSDeep	3::
ImpHash	-

C:\Users\RDHJ0C~1\AppData\Local\Temp\2v0cucir72x

Dropped File

Stream

»

MIME Type	application/octet-stream
File Size	214.46 KB
MD5	ac8e973d953305b03019cdb74006099c
SHA1	7976e0be0fc69e238daf16db2bff833340536c4e
SHA256	2f62f941918151fced3ad854b37dcda1e40e91432d772781ebc2118e28987b41
SSDeep	3072:HeVPHh1pYGP+TmX9fEv0W8Uc3pLmEavCycHI77blslGnM4Xryc7oxwdO8cRMJa3m:HeVfhf2uUSad7io3r2xGO8cRMYNrG+i
ImpHash	-

C:\Users\RDHJ0C~1\AppData\Local\Temp\npotbzd

Dropped File

Stream

»

MIME Type	application/octet-stream
File Size	4.74 KB
MD5	cb3fbcc52c7b5805acf1f81d65488d89
SHA1	ead5b088da9f7466d9e10537a449a2f8c7505e85
SHA256	05fb79420aada2c2199cabad68f4d6483127d2d803a5fd4e755008e78a977931
SSDeep	96:nt0EwCLn8tWfofJ1QSZe8ozFieNdFhpQbxxszw8PX/9LOz8AQK:t5n8kUHQSwFieNdFhGbH8PXIz8AQK
ImpHash	-

c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778

Dropped File

Stream

»

MIME Type	application/octet-stream
File Size	53 Bytes
MD5	9c3c1a69a3c43835d6a2579570e6aa0d
SHA1	8af2c3b90473b35f1bb936de12a8bf72fe658468
SHA256	e641ff8107a4197ded9f558d1891e716811e9a7f109f14e876f5a8394844dc34
SSDeep	3:/l4l5mrc9l:e4rc9l
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.hdb

Dropped File

Text

»

MIME Type	text/plain
File Size	4 Bytes
MD5	90f2527e58191a885a8cc35c99b89ba8
SHA1	10455ce0eb31eead75481e75dcba232d28c7e4c7
SHA256	859ffdca62ee0971821a4b2dedfc023d0f9a021391b5ac336ddb49d53d28330e
SSDeep	3:Kn:Kn
ImpHash	-

C:\Users\RDhJ0CNFevzX\AppData\Roaming\9EDDE9\9BDC8A.lck

Dropped File

Stream

»

MIME Type	application/octet-stream
File Size	1 Bytes
MD5	c4ca4238a0b923820dcc509a6f75849b
SHA1	356a192b7913b04c54574d18c28d46e6395428ab
SHA256	6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SSDeep	3:U:U
ImpHash	-

c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-1560258661-3990802383-1811730007-1000\3d3578a85286f88c6cd9d151e4412949_03845cb8-7441-4a2f-8c0f-c90408af5778

Dropped File

Stream

»

MIME Type	application/octet-stream
File Size	53 Bytes
MD5	eca0470178275ac94e5de381969ed232
SHA1	d6de27e734eec57d1dda73489b4a6d6eecae3038
SHA256	353fd628b7f6e7d426e5d6a27d1bc3ac22fa7f812e7594cf2ec5ca1175785b50
SSDeep	3::
ImpHash	-

ec2c7040cc528e8384c37004c4c413a73233a6821d135d8eeb1ead6076d372cc

Downloaded File

Stream

»

Parent File	analysis.pcap
MIME Type	application/octet-stream
File Size	288 Bytes
MD5	9b61c50249acac939176a453f08f0544
SHA1	136cfe2fbd737b3df6ef3eba74ae6e9dd69af39e
SHA256	ec2c7040cc528e8384c37004c4c413a73233a6821d135d8eeb1ead6076d372cc
SSDeep	6:v0OYlHyNUMDccxcVEsElOC4KjQg3Zenk6KKi6gWVRYx5f0RdWKsDTxzJfd6BUFxT:v0llHyK4cQcVEn/4K0g3ZencKIWD2Ztp
ImpHash	-

095de8b22345a3703729f7e8ed1de0cffd328bdf6d323776faef2631daed7d1f

Downloaded File

Stream

»

Parent File	analysis.pcap
MIME Type	application/octet-stream
File Size	186 Bytes
MD5	6bfce44e61bdf02d03f677adb30a9e9f
SHA1	80811450c9f7f768731c017294cbccb333393e53
SHA256	095de8b22345a3703729f7e8ed1de0cffd328bdf6d323776faef2631daed7d1f
SSDeep	3:v0OEhlHyflUMDcPkxcPFv/ssleljL+l/llMljQg3Zenk6KKiDgO7m//n:v0OYlHyNUMDccxcVEsElqkjQg3Zenk6N
ImpHash	-

9811b34e5885a16e5001187e9065a0886c709e028e2eff8a485374dcaf0bc6ed

Downloaded File

Stream

»

Parent File	analysis.pcap
MIME Type	application/octet-stream
File Size	159 Bytes
MD5	f39c402c8a655af4b3ccacce62ed55b1
SHA1	a1ac49374b5c4f33fd7275dee85c0a021216edf6
SHA256	9811b34e5885a16e5001187e9065a0886c709e028e2eff8a485374dcaf0bc6ed
SSDeep	3:wOOEhlHyflUMDcPkxcPFv/sslell+ldljQg3Zenk6KKiDn:wOOYlHyNUMDccxcVEsElsljQg3Zenk60
ImpHash	-

c64510503435c2143bad854faba7891308b4b089d140449ceb903620fea45d6a

Downloaded File

Stream

»

Parent File	analysis.pcap
MIME Type	application/octet-stream
File Size	23 Bytes
MD5	f74f0c674b6a20bbb1a7afac774bcfde
SHA1	07a2ca2822e69fcd2a70c73cc83dd553b8b97235
SHA256	c64510503435c2143bad854faba7891308b4b089d140449ceb903620fea45d6a
SSDeep	3:1lMgne9n:Ewe9n
ImpHash	-

Microsoft_Office_Word_Macro-Enabled_Document1.docm

Embedded File

Word Document

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx
MIME Type	application/vnd.openxmlformats-officedocument.wordprocessingml.document
File Size	57.91 KB
MD5	13c6fabd54760b720492824b86ae483b
SHA1	e5930f67906f65e3333d0890db580584b970e063
SHA256	403eda0b532b8964e3240031906b9d10b0d2ffc3df7025b3c7a65a3d4e7a9f2b
SSDeep	1536:63H7BWOr8tVE5ovzMqfYhacsI7dGxmUxNM61363gygJ:6Xtr8tV3Iqf4ZdAt06J6+J
ImpHash	-

Office Information

»

Creator	91974
Last Modified By	91974
Revision	1
Create Time	2022-02-09 18:03:00+00:00
Modify Time	2022-02-09 18:03:00+00:00
Application	Microsoft Office Word
App Version	12.0000
Template	Normal.dotm
Company	Grizli777
Document Security	NONE
Editing Time	1.0
Page Count	1
Line Count	1
Paragraph Count	1
Character Count	1
Chars With Spaces	1
ScaleCrop
SharedDoc

Extracted Image Texts (1)

»

Image 1: image1.jpeg

»

                   J Office

@)

‘Open the document in
Microsoft Office
Previewing caline is
not available for
protected documents

This document is protected

@)

this document was
downloaded from your
email please click
“Enable Editing’ from
the yellow bar above
                  

image1.jpeg

Embedded File

Image

»

Parent File	Microsoft_Office_Word_Macro-Enabled_Document1.docm
MIME Type	image/jpeg
File Size	47.33 KB
MD5	34afbe4e4bd14cb30fe1a36a101f07a2
SHA1	82f03c22ea3fd07f79c1e80973dbc342b344b99c
SHA256	7861ce5882eb2985e9144920e16e3d227d71d4c749acf9d57ed57274a750f5a9
SSDeep	768:93l57BWOrzjdOftVEIOnovzMTeoCrjAbN3Bracst+7bhY3+5Gx9RwTLQxNM6136F:93H7BWOr8tVE5ovzMqfYhacsI7dGxmU2
ImpHash	-

338ef0cea9c9fbe583576b40f34a872167f28dd3d090b94eaf96e5765381f25f

Embedded File

Stream

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx
MIME Type	application/octet-stream
File Size	1.50 KB
MD5	b3244a8e6527dce235bac3c8570281ca
SHA1	051c04cbbba9b27dde29baf954fbceeeb44b3cf2
SHA256	338ef0cea9c9fbe583576b40f34a872167f28dd3d090b94eaf96e5765381f25f
SSDeep	24:yr+S8PfW1WyPfV78vCenhXjMd6ejsLIV5SoYNfnjpBUT/2fu/R40NC9yhbQ:VnunnV78vCWxjA6ebSPdiTOWp40NC9Uc
ImpHash	-

image1.png

Embedded File

Image

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx
MIME Type	image/png
File Size	2.58 KB
MD5	e46357d82ebc866eebda98fa8f94b385
SHA1	76c27d89ab2048ae7b56e401dcd1b0449b6ddf05
SHA256	b77a19a2f45cbee79da939f995dbd54905ded5cb31e7db6a6be40a7f6882f966
SSDeep	48:H73wCcD5X+ajENpby1MTln0V1oPd8V8EAWG09tXIa1iBINm4YwFi9:H73KAajQPiMWJG08a1qINm4jU9
ImpHash	-

image2.jpeg

Embedded File

Image

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx
MIME Type	image/jpeg
File Size	4.29 KB
MD5	22fec44258ba0e3a910fc2a009cee2ab
SHA1	bf6749433e0dbcda3627c342549c8a8ab3bf51eb
SHA256	5cd7ea78de365089dddf47770cdecf82e1a6195c648f0db38d5dcac26b5c4fa5
SSDeep	96:1rQzp0lms5HqrrVflQ9MS5Bmy9CSKgpEfSgHk4oPQwb/BD+qSzAGW:1UF0EmEiSS3mKbbpDSk4oYwbBD+qKAX
ImpHash	-

image3.png

Embedded File

Image

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx
MIME Type	image/png
File Size	5.27 KB
MD5	590b1c3eca38e4210c19a9bcbaf69f8d
SHA1	556c229f539d60f1ff434103ec1695c7554eb720
SHA256	e26f068512948bce56b02285018bb72f13eea9659b3d98acc8eebb79c42a9969
SSDeep	96:f8W/+DRQgDhhXoFGUAAX5QLwh9eDYfaiy3cHIOZ7NLXgGFMtu4vPWY1TIwD4i:f8agQgDhhXoFGUP2Lwh98YfaxcHIOPLo
ImpHash	-

image4.png

Embedded File

Image

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx
MIME Type	image/png
File Size	11.04 KB
MD5	9513e5ef8ddc8b0d9c23c4dfd4aeeca2
SHA1	e7fc283a9529aa61f612ec568f836295f943c8ec
SHA256	88a52f8a0bde5931db11729d197431148ee9223b2625d8016aef0b1a510eff4c
SSDeep	192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
ImpHash	-

image5.png

Embedded File

Image

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx
MIME Type	image/png
File Size	9.96 KB
MD5	66ef10508ed9ae9871d59f267fbe15aa
SHA1	e40fdb09f7fda69bd95249a76d06371a851f44a6
SHA256	461babbdffdcc6f4cd3e3c2c97b50ddac4800b90ddba35f1e00e16c149a006fd
SSDeep	192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
ImpHash	-

image6.png

Embedded File

Image

»

Parent File	C:\Users\RDhJ0CNFevzX\Desktop\_2201S_BUSAN_HOCHIMINH_.xlsx
MIME Type	image/png
File Size	3.66 KB
MD5	5eb99f38cb355d8dad5e791e2a0c9922
SHA1	83e61cdd048381c86e3c3efd19eb9dafe743adba
SHA256	5dac97fdbd2c2d5dfdd60bf45f498bb6b218d8bfb97d0609738d5e250ebbb7e0
SSDeep	96:4apPN/1Cb2ItR9rXu7p6mtnOCRxMJZtFtQcgBF5c2SGA:1Pp1kRROtrRxSyRjST1
ImpHash	-

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

WHOIS Domain Information

Before

After