popup

Report - aim-2044108491.xlsb

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.18 09:12 Machine s1_win7_x3201
Filename aim-2044108491.xlsb
Type Microsoft Excel 2007+
AI Score Not founds Behavior Score
3.0
ZERO API file : clean
VT API (file)
md5 6c8a2cdc722922d6e468d1d151a24333
sha256 9c0f10e80a5d90e962f16085b5297819126cc6d5072ec590a92b61b1b500aec7
ssdeep 3072:aIIh9vajtC1gBbZmxVymd1xXPMU9VlUBWA6CFvA7bRCxAVIKPM+2:ZIQegBbcxVyWxfMU3liWA6FsYPY
imphash
impfuzzy
  Network IP location

Signature (7cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process excel.exe
watch One or more non-whitelisted processes were created
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Creates hidden or system file
info Checks amount of memory in system

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
roadtopassiveincomeonline.com
whois
US UNIFIEDLAYER-AS-1 192.185.51.79 clean
tattoo-thailand.com
whois
US UNIFIEDLAYER-AS-1 192.185.51.79 clean
192.185.51.79
whois
US UNIFIEDLAYER-AS-1 192.185.51.79 clean

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

Similarity measure (PE file only) - Checking for service failure