popup

Report - Sk7iJ9

emotet MS_XLSX_Macrosheet
  1. Resubmit analysis
  2. Detailed report
ScreenShot
Created 2022.05.23 12:42 Machine s1_win7_x6401
Filename Sk7iJ9
Type Microsoft Excel 2007+
AI Score Not founds Behavior Score
4.2
ZERO API file : malware
VT API (file) 33 detected (Emotet, GenericKD, FCHG, Save, ma35, MalDoc, ali1000101, XLSM, Camelot, multiple detections, XmlMacroSheet, SMYXCCOA, PDWB, Malicious, score, ai score=83, Probably Heur, W97ShellN)
md5 55b8a285e688901b23630d99610ecd13
sha256 1bdada6954ab20722dfb51b2ace2e6fcdfb556210c74bb059752552f5fa8f78f
ssdeep 768:QmBlntZhEI2YmxNskmoKjBvK3HqK88F/G6YzATUfJnXYS6oRM:hBlntTEvDLmXi3JvG6YzATOJnXYSXRM
imphash
impfuzzy
  Network IP location

Signature (8cnts)

Level Description
danger File has been identified by 33 AntiVirus engines on VirusTotal as malicious
watch Network communications indicative of a potential document or script payload download was initiated by the process excel.exe
watch One or more non-whitelisted processes were created
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates a suspicious process
notice Creates executable files on the filesystem
notice Creates hidden or system file
notice Performs some HTTP requests

Rules (1cnts)

Level Name Description Collection
watch MS_XLSX_with_Macrosheet (no description) binaries (upload)

Network (7cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
http://gonorthhalifax.com/wp-content/yTmYyLbTKZV2czsUO/
whois
US GOOGLE 216.239.34.21 16350 malware
https://www.gonorthhalifax.ca/
whois
US GOOGLE 34.117.168.233 clean
www.gonorthhalifax.ca
whois
US GOOGLE 34.117.168.233 clean
gonorthhalifax.com
whois
US GOOGLE 216.239.38.21 mailcious
eles-tech.com
whois
Unknown mailcious
34.117.168.233
whois
US GOOGLE 34.117.168.233 mailcious
216.239.32.21
whois
US GOOGLE 216.239.32.21 mailcious

Suricata ids

SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)

Similarity measure (PE file only) - Checking for service failure