E3406792198.xls| Category | Machine | Started | Completed |
|---|---|---|---|
| FILE | s1_win7_x6402 | May 20, 2022, 10:31 a.m. | May 20, 2022, 10:33 a.m. |
-
EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" C:\Users\test22\AppData\Local\Temp\E3406792198.xls
2216
| Name | Response | Post-Analysis Lookup |
|---|---|---|
| No hosts contacted. | ||
| IP Address | Status | Action |
|---|---|---|
| 164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
| description | Take ScreenShot | rule | ScreenShot | ||||||
| description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
| description | Run a KeyLogger | rule | KeyLogger | ||||||
| description | (no description) | rule | DebuggerCheck__GlobalFlags | ||||||
| description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
| description | (no description) | rule | DebuggerHiding__Thread | ||||||
| description | (no description) | rule | DebuggerHiding__Active | ||||||
| description | (no description) | rule | ThreadControl__Context | ||||||
| description | (no description) | rule | SEH__vectored | ||||||
| description | Checks if being debugged | rule | anti_dbg | ||||||
| description | Bypass DEP | rule | disable_dep | ||||||
| description | Affect hook table | rule | win_hook | ||||||
| parent_process | excel.exe | martian_process | "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /Embedding | ||||||
| Lionic | Trojan.Script.Generic.4!c |
| MicroWorld-eScan | XLM.Trojan.Abracadabra.8.Gen |
| FireEye | XLM.Trojan.Abracadabra.8.Gen |
| McAfee | RDN/Silentbuilder |
| Sangfor | Malware.Generic-XLM.Save.ma29 |
| K7AntiVirus | Trojan ( 0059086a1 ) |
| K7GW | Trojan ( 0059086a1 ) |
| Cyren | XF/Qbot.I.gen!Eldorado |
| Symantec | CL.Suspexec!gen128 |
| ESET-NOD32 | DOC/TrojanDownloader.Agent.DOV |
| Avast | XLS:Nastya [Trj] |
| Kaspersky | HEUR:Trojan.Script.Generic |
| BitDefender | XLM.Trojan.Abracadabra.8.Gen |
| Ad-Aware | XLM.Trojan.Abracadabra.8.Gen |
| Emsisoft | XLM.Trojan.Abracadabra.8.Gen (B) |
| McAfee-GW-Edition | Artemis!Trojan |
| Sophos | Troj/DocDl-AGCY |
| ViRobot | XLS.Z.Agent.335360 |
| GData | XLM.Trojan.Abracadabra.8.Gen |
| ALYac | XLM.Trojan.Abracadabra.8.Gen |
| MAX | malware (ai score=99) |
| Tencent | Trojan.MsOffice.Macro40.11020320 |
| Ikarus | Trojan-Downloader.XLM.Agent |
| Fortinet | MSExcel/Agent.DKF!tr.dldr |
| AVG | XLS:Nastya [Trj] |