ScreenShot
Created | 2021.06.15 21:23 | Machine | s1_win7_x6401 |
Filename | document-37-1849.xls | ||
Type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Autho | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | 7 detected (GenericKD, Artemis, Encdoc, ai score=85) | ||
md5 | c41a21a821bcdea1d3ab26ebef055eed | ||
sha256 | d1d0ac76e59b9e2a8ae3a433e0186d74fc61417c89fe5ee4b93c02faa1dc58f8 | ||
ssdeep | 3072:Ghtf+HhTi14PyY63IbwFHKzke41kwph4FW20vKaCLyPKlogs9FlNrk5aWADzS1+5:GzW5i146r3tqwN1fzK8vLC2PKlhwFlNl | ||
imphash | |||
impfuzzy |
Network IP location
Signature (12cnts)
Level | Description |
---|---|
danger | The process excel.exe wrote an executable file to disk which it then attempted to execute |
danger | Connects to an IP address that is no longer responding to requests (legitimate services will remain up-and-running usually) |
watch | A command shell or script process was created by an unexpected parent process |
watch | Network communications indicative of a potential document or script payload download was initiated by the process excel.exe |
watch | One or more non-whitelisted processes were created |
notice | A process created a hidden window |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Creates a suspicious process |
notice | Creates executable files on the filesystem |
notice | File has been identified by 7 AntiVirus engines on VirusTotal as malicious |
notice | Uses Windows utilities for basic Windows functionality |
info | Command line console output was observed |
Rules (1cnts)
Level | Name | Description | Collection |
---|---|---|---|
info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |