ScreenShot
| Created | 2021.09.09 20:02 | Machine | s1_win7_x6403 |
| Filename | Documents new.xlsb | ||
| Type | Zip archive data, at least v2.0 to extract | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 25 detected (SLoad, GenericKD, MalDoc, ali1000101, SneakyBin, Camelot, a variant of Generik, HYXVNJK, Macro40, Artemis, mhxaz, Malicious, score, ai score=87) | ||
| md5 | e2c5c7d099745fa74d4653b6d49338d2 | ||
| sha256 | 8662d511c7f1bef3a6e4f6d72965760345b57ddf0de5d3e6eae4e610216a39c1 | ||
| ssdeep | 6144:4R+roOczZ5uoKG6qYR90sX9OYubAp2BAHDwRsX3+HnMtgG5HyQt:jkOczZoHqYR90a9nyE2n+uHnkpHy6 | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (8cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 25 AntiVirus engines on VirusTotal as malicious |
| watch | Network communications indicative of a potential document or script payload download was initiated by the process excel.exe |
| watch | One or more non-whitelisted processes were created |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
Rules (0cnts)
| Level | Name | Description | Collection |
|---|
