popup

Report - aim-2043102860.xlsb

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.18 09:12 Machine s1_win7_x6401
Filename aim-2043102860.xlsb
Type Microsoft Excel 2007+
AI Score Not founds Behavior Score
3.0
ZERO API file : clean
VT API (file)
md5 2cdecf145abc952da288222aadb77c35
sha256 78e9ae59b9eaa8690d9a149e41730e7cd318939140abd775e61b16f1e46c7022
ssdeep 3072:aIIh9vajtC1gBbZmxVymd1xXPMU9VlUBWA6CFvA7bRCxAVIKPMQ2:ZIQegBbcxVyWxfMU3liWA6FsYPO
imphash
impfuzzy
  Network IP location

Signature (7cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process excel.exe
watch One or more non-whitelisted processes were created
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Creates hidden or system file
info Checks amount of memory in system

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
roadtopassiveincomeonline.com
whois
US UNIFIEDLAYER-AS-1 192.185.51.79 clean
tattoo-thailand.com
whois
US UNIFIEDLAYER-AS-1 192.185.51.79 clean
192.185.51.79
whois
US UNIFIEDLAYER-AS-1 192.185.51.79 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

Similarity measure (PE file only) - Checking for service failure