popup

Report - catalog-134300255.xlsm

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.04.20 09:02 Machine s1_win7_x6401
Filename catalog-134300255.xlsm
Type Microsoft Excel 2007+
AI Score Not founds Behavior Score
3.2
ZERO API file : clean
VT API (file)
md5 c1bbead8915e662c20f05437a1966028
sha256 2bc96c08999b46a634ce25a76ab158baa562f00bb4311e22ab57a2d5fae8c5f1
ssdeep 1536:Nj02n/dDuL7QQ64eyZJViW++poHn3AClu286aYbgBF+iyffm:NBwXQQteyZJAW++4wF286aYbgEf+
imphash
impfuzzy
  Network IP location

Signature (8cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process excel.exe
watch One or more non-whitelisted processes were created
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice Resolves a suspicious Top Level Domain (TLD)
info Checks amount of memory in system
info One or more processes crashed

Rules (0cnts)

Level Name Description Collection

Network (6cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
truboprovodnaya-armatura.ru
whois
RU TimeWeb Ltd. 92.53.96.120 clean
heavensabode.in
whois
IN PUBLIC-DOMAIN-REGISTRY 103.50.162.157 clean
scientia-ti.com.br
whois
US UNIFIEDLAYER-AS-1 108.179.192.222 clean
108.179.192.222
whois
US UNIFIEDLAYER-AS-1 108.179.192.222 malware
103.50.162.157
whois
IN PUBLIC-DOMAIN-REGISTRY 103.50.162.157 mailcious
92.53.96.120
whois
RU TimeWeb Ltd. 92.53.96.120 mailcious

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

Similarity measure (PE file only) - Checking for service failure