app.docguard.io Open in urlscan Pro
2606:4700:3035::ac43:8c1e  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Enable JavaScript on your browser.
Pricing
Real World Examples



Back Home
Show History
Download File
Hash History
56364c953e2609974d8efa78bf64beea40f6b01e09a0e1c97073c56c7c5b7ace
Community Uploads
My Uploads
We couldn't find any history related to this hash..
Suspicious
PDF File
medstar_georgetown_university_hospital_notice_update___N7GPj3Or.pdf
Sep, 11 2023 16:17
Add To Favorite List
SHA256:
56364c953e2609974d8efa78bf64beea40f6b01e09a0e1c97073c56c7c5b7ace
MD5:
87999fee73b35dbf89cf098ac2fc9855
Tags:
No Tag
Summary
Related Samples
Mitre
IoCs1
Images
Embedded Files
Suspicious Codes
Comments0
Detections
Maldoc types and detected ones
ExpandPotentialPhishing
Detected

ExpandVba Stomping
Not Detected
Document contains a fake macro code
An adversary may hide malicious VBA code by overwriting the VBA source code
location with zero’s, benign code, or random bytes while leaving the previously
compiled malicious p-code. 
ExpandVba Purging
Not Detected

ExpandSuspicious Module Name
Not Detected
Document contains suspicious module names

ExpandDde String
Not Detected
Document is poisoned with DDE commands, directly or through embedded files
Adversaries may use Windows Dynamic Data Exchange (DDE) to execute arbitrary
commands.
ExpandObfuscation
Not Detected
The sample document contains an obfuscated macro.
Adversaries may attempt to make an executable or script difficult to discover or
analyze by encrypting, encoding, or otherwise obfuscating its contents on the
system or in transit
ExpandBlacklist Api
Not Detected
The macro has some blacklisted APIs like Create, SpawnInstance
Scripts can be embedded inside Office documents as macros that can be set to
execute when files used in Spearphishing Attachment and other types of
spearphishing are opened.
ExpandUnviewable
Not Detected

ExpandGui Hide
Not Detected

ExpandSuspicious Password
Not Detected
The sample document is encrypted with the default 'VelvetSweatshop' password.
To decrypt a given encrypted file, Microsoft Office first tries to use the
embedded, default password, “VelvetSweatshop,” to decrypt and open the file and
run any onboard macros or other potentially malicious code
ExpandSuspicious Creator
Not Detected
The sample document is created by suspicious creater. Ie. Evilapp

ExpandAmsi Scan Result
Not Detected

ExpandSuspicious Encryption
Not Detected

ExpandSuspicious Embedded Objects
Not Detected
The sample document contains embedded files of suspicious types.

ExpandSuspicious RTF Objects
Not Detected
The sample document contains embedded RTF file.

ExpandSuspicious URL
Not Detected
The sample document contains suspicious URL.

ExpandSuspicious External Resource
Not Detected

ExpandTemplate Injection
Not Detected

ExpandSuspicious Office Plugin
Not Detected
Adversaries may leverage Microsoft Office-based applications for persistence
between startups
ExpandExcel 4 Macro Sheets
Not Detected

ExpandHidden Sheet
Not Detected
Document contains macros inside a 'very hidden' Excel worksheet

ExpandEquation Exploit
Not Detected

ExpandCVE 2022 30360 Follina
Not Detected

ExpandTampered File
Not Detected
This file were not scanned by Docguard Engine properly, since it is tampered or
sanitized by a security solution.

ExpandLegacy Excel
Not Detected

ExpandSuspicious JS Code
Not Detected

ExpandFake PDF Signed
Not Detected

ExpandZip Bomb
Not Detected

ATT&CK
Detected mitre tactic and techniques
Tactic Id
Tactic
Technique Id
Technique
There is no mitre attack!
See ATT&CK Matrix
General Info
General information about file
Save as Image
File Name
medstar_georgetown_university_hospital_notice_update___N7GPj3Or.pdf
Verdict
Suspicious
File Type
PDF File
File Version
0
SHA256
56364c953e2609974d8efa78bf64beea40f6b01e09a0e1c97073c56c7c5b7ace
MD5
87999fee73b35dbf89cf098ac2fc9855
File Size
241.4 KB
Date
Sep,11 18:17:56
IoC
Yes
Mitre
No
Images
No
Codes
No
Public
Yes
Why Docguard?FAQsBlogContact
Docguard Cyber Security Inc. 2023 v2.0 Beta