popup

Report - plan-1811813221.xlsb

  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2021.06.29 09:40 Machine s1_win7_x6401
Filename plan-1811813221.xlsb
Type Microsoft Excel 2007+
AI Score Not founds Behavior Score
3.0
ZERO API file : clean
VT API (file)
md5 1143afd65ac5876fa4e793850ab89704
sha256 f3ef6cf78390e636c60d274fed2a234dc95fb4b121f00450781d82c72f9c84be
ssdeep 1536:mlHoxJQVyZEbrMj34410mHyL9c988gHhX8jCNnKfl5ncjv0/Ci:ODbr0o45GUgHhX8jC9ySa
imphash
impfuzzy
  Network IP location

Signature (7cnts)

Level Description
watch Network communications indicative of a potential document or script payload download was initiated by the process excel.exe
watch One or more non-whitelisted processes were created
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Creates hidden or system file
info Checks amount of memory in system

Rules (0cnts)

Level Name Description Collection

Network (3cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
gruasphenbogota.com
whois
US UNIFIEDLAYER-AS-1 50.116.92.246 clean
carpascapital.com
whois
US UNIFIEDLAYER-AS-1 50.116.92.246 clean
50.116.92.246
whois
US UNIFIEDLAYER-AS-1 50.116.92.246 malware

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
ET INFO TLS Handshake Failure

Similarity measure (PE file only) - Checking for service failure