ScreenShot
| Created | 2023.12.06 12:57 | Machine | s1_win7_x6401 |
| Filename | HSBC Payment Advice.xls | ||
| Type | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 00:00:00 2006, Last Saved Time/Date: Thu Nov 30 04:49:47 2023, Security: 1 | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : clean | ||
| VT API (file) | 23 detected (Malcode, gen59, CVE-2017-0199, Malicious, score, OLE2, UrcBadur, genw, GenericKD, Cve2019, W2000, dggcy, Siggen3, F04IE00L423, Camelot, ytrhi, ai score=84, AgentTesla, JLDOK7, Detected) | ||
| md5 | 3a4eb467c8ee5a0661b005aa8f728c7a | ||
| sha256 | 1354ec56e9bead8a7821e30f3b15578ca803359e9d19746bda9a23b62e1f471e | ||
| ssdeep | 6144:9n1m9kdbtHZetJs0hdMJUXnfoNZBcwZ9E197PUypoohChdLSBoc2p+:9OeBAtqSdLnfMXrE1Nk6KdLCo | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (5cnts)
| Level | Description |
|---|---|
| warning | File has been identified by 23 AntiVirus engines on VirusTotal as malicious |
| watch | Communicates with host for which no DNS query was performed |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | HTTP traffic contains suspicious features which may be indicative of malware related traffic |
| notice | Performs some HTTP requests |
Rules (3cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Contains_VBA_macro_code | Detect a MS Office document with embedded VBA macro code [binaries] | binaries (upload) |
| warning | Generic_Malware_Zero | Generic Malware | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (upload) |
Suricata ids
ET INFO Dotted Quad Host DOC Request
ET HUNTING Suspicious Request for Doc to IP Address with Terse Headers
ET HUNTING Suspicious Request for Doc to IP Address with Terse Headers