ScreenShot
| Created | 2021.05.19 13:49 | Machine | s1_win7_x6401 |
| Filename | embedded-empire-xls.docx | ||
| Type | Microsoft Word 2007+ | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 34 detected (PwShell, PowerShell, Obfuscation, UYHU, a variant of Generik, MRTBRXU, inbiqr, Macrov, Ahyl, BadShell, XSN@7pmib7, MRSQ, modification of W97M, Malicious, score, ai score=81, CLASSIC, Static AI, Suspicious OPENXML) | ||
| md5 | 78676b31e396f912739664c3154f5169 | ||
| sha256 | 15e817f764c157e948451b6c98af0141cf8aba4039e19c16e5aeb25ebac12283 | ||
| ssdeep | 768:/DPBHe/RfbPH//WBChEa2oFBoWqNmiPvkN884pPj3S:785Tf2C3FBoWq8iPvkN88mPLS | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 34 AntiVirus engines on VirusTotal as malicious |
| watch | Libraries known to be associated with a CVE were requested (may be False Positive) |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates (office) documents on the filesystem |
| notice | Creates hidden or system file |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | test_office | test url | scripts |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|