InQuest Labs - DFI - InQuest.net

We are thrilled to announce that InQuest has been acquired by OPSWAT. Read more.

Back

Download

Overview

Malicious

MIME Type:

application/vnd.openxmlformats-officedocument.wordprocessingml.document

Subcategory:

maldoc_hunter

MD5:

16dfd825ff1a23bddc22ed840d6d2c41

SHA1:

ad0dab25de5739a6b645f1f29e996f0ef85e85cf

SHA256:

797ad98c5e34adaf78da488638b1bfe724d2750844e2d67725b0e84a2aa14c06

SHA512:

b6611ba260578d3326c374979f1e2cf88f04c7017ce4e34f9f86b16b46d83dc11b32d522d3df5b179724e39af6ca730fbffc7e8e970494296ff6c2b292743af3

Size:

100,927B

DFI Size:

376,312B (272.86% increase in inspectable content)

First seen:

2022-08-26 03:56:26

Last Updated:

2022-08-26 03:57:12

Last DFI:

2022-08-26 03:57:04

[virustotal positives:10 weight:3.9]

Machine Learning

InQuest ML Classifier: Unknown

Heuristics

External Relationship Element: Document contains an externally hosted relationship, which fetches further content.

Macro Execution Coercion in Image: Detected an image that appears to social engineer the user into activating embedded logic.

Deep File Inspection (DFI) Layers

Optical Character Recognition (907B)

Wrap

Trim

1T|2022|mW,..ftd l;IN1tC11t1ty Sll,MI l:ll.U_,..w4C'l. 
2 
3Lode., Cleo to99 ,.._.,~,,|bb| 
4 
5T ...... ~.t/1"' 
6 
7PURCHASE ORDER 
8 
9ore Ma 
10 
114gt Geway D 
12 
131 ....... Aw-~ 
14 
15- 
16 
17-:- 
18 
19to 4@9712 
20 
21-OAffe Olil'-'!OIS T'nblr,,'f(<do--y$dloo)I 
22 
23, .. 
24 
2512 Matot Loadfflwoed,C......,_ 
26 
27--     --     --     
28  ""'   I   -   I   O&OVb)I)     
29                
30-   -|b7|     -     --   --   
31-   12   '-"       ....   ......   
32..   """   o ..       ., ...   $1.0.00   
33"-   .,,..   to9ypaper       su ....   ,.,. ..   
34'   ta a22   ,_       .. ,..,   $.2     ..... ,   
35  SICI0.00   
36  """   
37'   "'   
38  "'"'   
39---
40Office 
41 
42|bb| 
43 
44Open the document in Microsoft Office. Previewing online is not available for protected documents 
45 
46This document is protected 
47 
48c|bb| 
49 
50If this document was downloaded from your email, please click "Enable Editing" from the yellow bar above

Metadata (1.5KB)

Wrap

Trim

1File Size                       : 52 kB
2File Modification Date/Time     : 2022:08:26 03:56:42+00:00
3File Access Date/Time           : 2022:08:26 03:56:46+00:00
4File Inode Change Date/Time     : 2022:08:26 03:56:45+00:00
5File Permissions                : rw-rwxrw-
6File Type                       : PNG
7File Type Extension             : png
8MIME Type                       : image/png
9Image Width                     : 360
10Image Height                    : 469
11Bit Depth                       : 8
12Color Type                      : RGB
13Compression                     : Deflate/Inflate
14Filter                          : Adaptive
15Interlace                       : Noninterlaced
16Gamma                           : 2.2
17White Point X                   : 0.31269
18White Point Y                   : 0.32899
19Red X                           : 0.63999
20Red Y                           : 0.33001
21Green X                         : 0.3
22Green Y                         : 0.6
23Blue X                          : 0.15
24Blue Y                          : 0.05999
25Background Color                : 255 255 255
26Pixels Per Unit X               : 2835
27Pixels Per Unit Y               : 2835
28Pixel Units                     : meters
29Modify Date                     : 2016:05:16 21:17:30
30Datecreate                      : 2016-05-16T21:17:30+00:00
31Datemodify                      : 2016-05-16T21:17:30+00:00
32Image Size                      : 360x469
33Megapixels                      : 0.169
34 
35---

IOCs

looks like: domain

mygreatlearning.com

looks like: filename

42d9f9b97273cd1696af1452b4858f52.png image2.png

looks like: filepath

i:\TT

looks like: url

https://mygreatlearning.com@gbd.life/fc

API Request

cURL ^(!) PowerShell NODE.JS Python GO API Docs Lib/CLI

1curl "https://labs.inquest.net/api/dfi/summary?sha256=797ad98c5e34adaf78da488638b1bfe724d2750844e2d67725b0e84a2aa14c06"

Attributes API Request

cURL ^(!) PowerShell NODE.JS Python GO API Docs Lib/CLI

1curl "https://labs.inquest.net/api/dfi/details/attributes?sha256=797ad98c5e34adaf78da488638b1bfe724d2750844e2d67725b0e84a2aa14c06"

InQuest respects and protects personal data. We would like to inform you what data we collect during your visit to our Site or when using our Services, how we use these data, and how we handle the security of the data. We process personal data collected during your visit to our Site or during the use of our Services in compliance with the applicable data protection regulations. The following data protection declaration explains what data we collect, process and use.

We use the following definitions in this privacy policy:

Personal Data, for the purposes of this section, means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  Services means any of our products, services, or deliverables.
  Site means any website operated and controlled by us.

1. How we collect and use personal data

When you visit our website, based on your explicit consent we may collect personal information you provide, such as your company name, first name, last name, title, email, phone and country. We may also collect other information about you through usage of our Site and Services, like information about browser type, OS, time and date of visit, downloaded files. This data will be collected only for technical necessity, agreement obligations, or requests from you.

In order to maintain and provide the services to our customers, we may process certain Personal Data, such as names, addresses, email addresses, and other contact information for designated customer representatives or personnel (“Customer Relationship Data”). Additionally, we may send marketing materials or communications to potential or existing customers (“Marketing Activities”).

For purposes of Customer Relationship Data and Marketing Activities, we function as a “controller.” Our disclosures with respect to our processing of data as a controller are set forth in this Privacy Policy.

For the Services we offer to our customers, pursuant to the European Union General Data Protection Regulation (GDPR), we function as a “processor”. The scope of applicable data protections and processing for those Services are set forth in contractual agreements with our customers and are therefore not covered by this Privacy Policy.

2. How we disclose personal data

Our disclosure is limited to circumstances where we are permitted to do so under applicable European and national data protection laws and regulations.

Personal data may be shared with third parties on your behalf and only with your consent. When we share personal data, we ensure that third parties use your personal data only for the purpose you consented to and do not allow them to abuse your personal data.

3. Legal basis for processing

We collect and process your Personal Data for a variety of different purposes which are set out in further detail later in this section. In some cases, we will ask for your consent so that we may process your Personal Data. However, in certain circumstances, applicable data protection laws allow us to process your Personal Data without needing to obtain your consent.

3.1. Processing personal data where consent is not required

In certain cases, separate consent is not required, including:

Performance of a contract.  
  Compliance with legal obligations.  
  Legitimate Interests. 
  Legitimate interests may include: 
    To communicate with you regarding the Services, and to address and respond to your requests, inquiries, and complaints.
    For our direct marketing purposes.
    To send you surveys in connection with our Services.
    To assist in the investigation of suspected illegal or wrongful activity, and to protect and defend our rights and property, or the rights or safety of third parties.
    To develop, provide, and improve our Services.  
    To enforce our Terms of Use, License Agreements, or this Privacy Policy, or agreements with third parties.

3.2. Consent for processing

In cases where we are not already authorized to process the Personal Data under applicable law, we may ask for your consent to process your Personal Data, including:

Marketing

We may ask for your consent to contact you by telephone, SMS, post and/or email about other offers, products, promotions, developments or Services which we think may be of interest to you, and for other marketing purposes.

Use of Cookies

Our Site uses cookies and similar technologies for analytics and in order to improve user experience.

4. Protection of minors

We do not collect personal data of children without the consent of their parents. We do not request personal data from children and adolescents. We knowingly do not collect such data and do not pass it on to third parties. If we receive a notice that we have collected data of a minor, we will make all reasonable effort to delete such data.

5. Data subject rights

In certain circumstances, you have the right to request confirmation from us as to whether or not we are processing your Personal Data.  Where we are processing your Personal Data, you also have the right to request access to, modification of, or deletion of such Personal Data.

You also have the right in certain circumstances to receive the Personal Data concerning you that you provided to us, to restrict processing of your Personal Data, or to transmit such data to another controller.

To exercise your rights with respect to your Personal Data, please contact us at privacy@inquest.net.

As permitted by law, certain data elements may not be subject to access, modification, portability, restriction, and/or deletion.  Furthermore, where permissible, we may charge for this service.  We will respond to reasonable requests as soon as practicable and as required by law.

6. Withdrawing your consent

You may at any time withdraw the consent you provide for the processing of your Personal Data for the purposes set forth in this Privacy Policy, if we are not required by applicable law or professional standards to retain such information.

7. Personal data security

We use advanced security measures to protect your personal data, which we manage against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security measures are continuously improved according to developments in technology and changes in legislation. Additionally, we will report any unlawful data breach of this Site database or the database(s) of any of our third-party data processors to all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

8. Update of policy

We reserve the right to change the data protection policy at any time because of technical or other reasons and recommend that you revise the current privacy policy from time to time.

9. Data retention

We will retain your Personal Data for as long as you maintain an account or subscription agreement, or as otherwise necessary to provide you the Services.  We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

10. Contact us

If you have questions regarding this Privacy Policy or about handling your personal data, please contact us at: privacy@inquest.net.

I accept the privacy policy

Copied to clipboard.

Sign into InQuest Labs

Subscribe to InQuest Newsletter

InQuest Labs IOC Lookup

Download File

OCR Source Image