ScreenShot
Created | 2021.06.19 10:13 | Machine | s1_win7_x6401 |
Filename | aim-386818343.xlsm | ||
Type | Microsoft Excel 2007+ | ||
AI Score | Not founds | Behavior Score |
|
ZERO API | file : clean | ||
VT API (file) | |||
md5 | 5a55625270351cd035ffff122fcae85e | ||
sha256 | 33d6b14b06ca95e53082de79b3ed9dee349254d0d75624c5cf02e91fb845a1b5 | ||
ssdeep | 3072:rHlTkdm3bGeAxidxVymd1xXPMU9VlUBWA6CFvA7bRCxAVIKKNB:rFTkeGKdxVyWxfMU3liWA6FsYq | ||
imphash | |||
impfuzzy |
Network IP location
Signature (8cnts)
Level | Description |
---|---|
watch | Network communications indicative of a potential document or script payload download was initiated by the process excel.exe |
watch | One or more non-whitelisted processes were created |
notice | Allocates read-write-execute memory (usually to unpack itself) |
notice | Creates (office) documents on the filesystem |
notice | Creates a suspicious process |
notice | Creates executable files on the filesystem |
notice | Creates hidden or system file |
info | Checks amount of memory in system |
Rules (0cnts)
Level | Name | Description | Collection |
---|
Suricata ids
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure
ET INFO TLS Handshake Failure