ScreenShot
| Created | 2021.09.10 10:29 | Machine | s1_win7_x6401 |
| Filename | Documents new.xlsb | ||
| Type | Zip archive data, at least v2.0 to extract | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (GenericKD, MalDoc, ali1000101, SneakyBin, Camelot, a variant of Generik, HYXVNJK, Malicious, score, SLoad, mhxaz, kcloud, EncDoc, ai score=87, Macro40) | ||
| md5 | e2c5c7d099745fa74d4653b6d49338d2 | ||
| sha256 | 8662d511c7f1bef3a6e4f6d72965760345b57ddf0de5d3e6eae4e610216a39c1 | ||
| ssdeep | 6144:4R+roOczZ5uoKG6qYR90sX9OYubAp2BAHDwRsX3+HnMtgG5HyQt:jkOczZoHqYR90a9nyE2n+uHnkpHy6 | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Network communications indicative of a potential document or script payload download was initiated by the process excel.exe |
| watch | One or more non-whitelisted processes were created |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates a suspicious process |
| notice | Creates executable files on the filesystem |
| notice | Creates hidden or system file |
Rules (1cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| info | xlsb | Excel Binary Workbook file format detection | binaries (upload) |
