VMRay Analyzer Report for Sample #1700025
VMRay Analyzer
2.3.1
Process
1
224
winword.exe
2004
winword.exe
"C:\Program Files\Microsoft Office\Office16\WINWORD.EXE" /n
C:\Users\Nd9E1FYi\Desktop\
c:\program files\microsoft office\office16\winword.exe
Analyzed Sample #1700025
Malware Artifacts
1700025
Sample-ID: #1700025
Job-ID: #1592759
This sample was analyzed by VMRay Analyzer 2.3.1 on a Windows 10 Threshold 2 system
91
VTI Score based on VTI Database Version 3.0
Metadata of Sample File #1700025
Submission-ID: #1923870
3c6a74d216e10e4ff158716cfa72984230995041c4bbb7596b8c8aaa461d76c5.doc
doc
MD5
bfff439fd127944fb77b11deaca2c1b2
SHA1
d72f22e0943ce68c1d69d77d9f5799f3fb540d61
SHA256
3c6a74d216e10e4ff158716cfa72984230995041c4bbb7596b8c8aaa461d76c5
Opened_By
Metadata of Analysis for Job-ID #1592759
Timeout
X2VS1CUM
win10_64
X2VS1CUM
False
x86 64-bit
True
Windows 10 Threshold 2
10.0.10586.0 (0de6dc23-8e19-4bb7-8608-d54b1e6fa379)
145.36
Nd9E1FYi
This is a property collection for additional information of VMRay analysis
VMRay Analyzer
Static
VTI rule match with VTI rule score 1/5
vmray_static_suspicious_office_meta_data
Office document contains below average content data.
Contains suspicious meta data
Static
VTI rule match with VTI rule score 1/5
vmray_has_embedded_files
Document contains unknown embedded files.
Contains embedded files
File System
VTI rule match with VTI rule score 4/5
vmray_handle_with_malicious_files
File "C:\Users\Nd9E1FYi\Desktop\ggzn.doc" is a known malicious file.
Known malicious file
YARA
VTI rule match with VTI rule score 3/5
vmray_yara_match
Rule "Document_Office_SettingContentMS" from ruleset "Malicious-Documents" has matched for "C:\Users\Nd9E1FYi\Desktop\ggzn.doc"
YARA match