Report - ZeroBOX

ScreenShot


Created	2022.11.07 10:31	Machine	s1_win7_x6403
Filename	2022-11-07_0822.xls
Type	Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Auth
AI Score	Not founds	Behavior Score	8.2
ZERO API	file : clean
VT API (file)	30 detected (Emotet, XLM4, Abracadabra, Save, ma29, Eldorado, Suspexec, gen128, CLASSIC, SMYXCFIC, EmoAgent, ai score=83, ASMacro, Detected, Probably Heur, W97ShellB, Xmhl)
md5	893f9b10a48073fc3fa0d5c8867f7200
sha256	1c5f2ca9839078742383b207721ce92fdfa70ac50e5d7b73c2488d47f7e5ebac
ssdeep	6144:6Kpb8rGYrMPe3q7Q0XV5xtuEsi8/dgVNiwrfx9rNFMMrttRzV5Dz3UxqC8LUcST:5NbDjP9XH5XIqZLnST
imphash
impfuzzy

Network IP location

Level	Description
danger	Connects to IP addresses that are no longer responding to requests (legitimate services will remain up-and-running usually)
danger	File has been identified by 30 AntiVirus engines on VirusTotal as malicious
warning	Generates some ICMP traffic
watch	Communicates with host for which no DNS query was performed
watch	Network communications indicative of a potential document or script payload download was initiated by the process excel.exe
watch	One or more non-whitelisted processes were created
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time)
notice	Creates a shortcut to an executable file
notice	Creates a suspicious process
notice	Expresses interest in specific running processes
notice	Performs some HTTP requests
notice	Searches running processes potentially to identify processes for sandbox evasion
info	Queries for the computername

Level	Name	Description	Collection
warning	Microsoft_Office_File_Downloader_Zero	Microsoft Office File Downloader	binaries (upload)
watch	Malicious_Library_Zero	Malicious_Library	binaries (download)
watch	Malicious_Packer_Zero	Malicious Packer	binaries (download)
info	IsDLL	(no description)	binaries (download)
info	IsPE64	(no description)	binaries (download)
info	Microsoft_Office_File_Zero	Microsoft Office File	binaries (upload)
info	PE_Header_Zero	PE File Signature	binaries (download)

Request	ASN Co	IP4	ZERO ?
http://apps.identrust.com/roots/dstrootcax3.p7c whois	Akamai International B.V.	23.53.228.10	clean
http://atici.net/old/PkZI74DD/ whois	Dedicated Telekomunikasyon Teknoloji Hiz. Tic. San. LTD. STI.	185.15.196.157	malware
http://clanbaker.org/css/khhl7kT2n69n/ whois	TRUENET-INC	208.87.225.118	malware
cs.com.sg whois	VASTNET LLP	103.237.169.99	malware
apps.identrust.com whois	Akamai International B.V.	23.53.228.10	clean
atici.net whois	Dedicated Telekomunikasyon Teknoloji Hiz. Tic. San. LTD. STI.	185.15.196.157	malware
clanbaker.org whois	TRUENET-INC	208.87.225.118	malware
j2ccamionmagasin.fr whois	OVH SAS	51.68.231.20	malware
94.23.45.86 whois	OVH SAS	94.23.45.86	mailcious
51.68.231.20 whois	OVH SAS	51.68.231.20	malware
103.237.169.99 whois	VASTNET LLP	103.237.169.99	malware
182.162.143.56 whois	LG DACOM Corporation	182.162.143.56	malware
149.28.143.92 whois	AS-CHOOPA	149.28.143.92	mailcious
23.43.165.105 whois	CCCH-3	23.43.165.105	clean
208.87.225.118 whois	TRUENET-INC	208.87.225.118	malware
187.63.160.88 whois	BITCOM PROVEDOR DE SERVICOS DE INTERNET LTDA	187.63.160.88	mailcious
91.187.140.35 whois	Akademska mreza Republike Srbije - AMRES	91.187.140.35	mailcious
95.217.221.146 whois	Hetzner Online GmbH	95.217.221.146	mailcious
169.60.181.70 whois	SOFTLAYER	169.60.181.70	mailcious
185.15.196.157 whois	Dedicated Telekomunikasyon Teknoloji Hiz. Tic. San. LTD. STI.	185.15.196.157	malware

Report - 2022-11-07_0822.xls