popup

Report - aim-386818343.xlsm

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.19 10:13 Machine s1_win7_x6401
Filename aim-386818343.xlsm
Type Microsoft Excel 2007+
AI Score Not founds Behavior Score
3.4
ZERO API file : clean
VT API (file)
md5 5a55625270351cd035ffff122fcae85e
sha256 33d6b14b06ca95e53082de79b3ed9dee349254d0d75624c5cf02e91fb845a1b5
ssdeep 3072:rHlTkdm3bGeAxidxVymd1xXPMU9VlUBWA6CFvA7bRCxAVIKKNB:rFTkeGKdxVyWxfMU3liWA6FsYq
imphash
impfuzzy
  Network IP location

Signature (8cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process excel.exe
watch One or more non-whitelisted processes were created
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates (office) documents on the filesystem
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Creates hidden or system file
info Checks amount of memory in system

Rules (0cnts)

Level Name Description Collection

Network (4cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
beartoothkawasaki.com
whois
US UNIFIEDLAYER-AS-1 192.185.71.128 mailcious
biopaten.no
whois
NO Digital Garden As 5.249.227.109 mailcious
192.185.71.128
whois
US UNIFIEDLAYER-AS-1 192.185.71.128 malware
5.249.227.109
whois
NO Digital Garden As 5.249.227.109 mailcious

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

Similarity measure (PE file only) - Checking for service failure