Try VMRay Platform
Malicious
Classifications

Exploit Backdoor Injector Spyware

Threat Names

AgentTesla AgentTesla.v4 Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2025-01-24T13:39:14+00:00

Comprobante_swift_00909767676534465768645446_xlam.xls

Excel Document
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\Comprobante_swift_00909767676534465768645446_xlam.xls Sample File Excel Document
Malicious
...
»
MIME Type application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
File Size 746.50 KB
MD5 bff53956fa47b5fe6d0d422c2fa49e33 Copy to Clipboard
SHA1 e275c8661b2d9a7bc7f051c115aebe75bdd3ba2a Copy to Clipboard
SHA256 3ef935594160a7d1b37538b78ea1f53d97d0c79039bcf30f65e3947a75a3b36d Copy to Clipboard
SSDeep 12288:NmLiPcGU1XOdwK5O+awVVxv1eRhanC1WPjbe77ItLK6IGGpna74u/ewV6QuX//uf:cLIwXRZ+ReREnC1WPjjL+na7bWwQQuXU Copy to Clipboard
ImpHash -
Static Analysis Parser Error OLEStream_Native header size does not match stream size
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
Office Information
»
Creator Mancilla, Jesus
Last Modified By USER
Create Time 2022-08-10 20:51 (UTC+2)
Modify Time 2023-08-08 22:02 (UTC+2)
Application Microsoft Excel
App Version 16.0300
Document Security NONE
Worksheets 1
Titles Of Parts Sheet1
ScaleCrop False
SharedDoc False
Controls (1)
»
CLSID Control Name Associated Vulnerability
{0002CE02-0000-0000-C000-000000000046} Equation2 CVE-2017-11882
rW5.ku3ic Extracted File OLE Compound
Malicious
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\Comprobante_swift_00909767676534465768645446_xlam.xls
MIME Type application/CDFV2
File Size 0.98 MB
MD5 a50379a50526dadf214a2125c2329478 Copy to Clipboard
SHA1 eb800c7495bb1dd754b70842f3dc05b2ee9b15fa Copy to Clipboard
SHA256 4b5e0995dbe54910790fed6504bd03b93c27dfe2fc60ae109d790daef78282b7 Copy to Clipboard
SSDeep 12288:UgP4OhE1v7MjrWIq2//tminUqO13H/CF9eIV/NHEWxw+Qjhk5zGaTMsJV87emC:DNYpD0tmmUd389eyH8hkLT87e3 Copy to Clipboard
ImpHash -
Static Analysis Parser Error OLEStream_Native header size does not match stream size
File Reputation Information
»
Verdict
Malicious
Office Information
»
Controls (1)
»
CLSID Control Name Associated Vulnerability
{0002CE02-0000-0000-C000-000000000046} Equation2 CVE-2017-11882
CFB Streams (2)
»
Name ID Size Actions
Root\PEaXGDBIbhTTFYtV 1 0 Bytes -
Root\Ole10nATive 2 998.56 KB
...
31091d9447b50a39b69eae51a7dc661a68793cddb0153b1cfd373c412dcbc5fb Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 318.66 KB
MD5 e01c7d82833ccc47079f5811ee23f0f4 Copy to Clipboard
SHA1 12350380c41ac23a3c1ee33f6283173f4d32edea Copy to Clipboard
SHA256 31091d9447b50a39b69eae51a7dc661a68793cddb0153b1cfd373c412dcbc5fb Copy to Clipboard
SSDeep 3072:PmtFtvawYdodzhJxycsE2E6VG7dvSCeykfzdgx0sFB+GD28W61wctPHuuQ+MvvvA:G3eojXynE2EVdDhDWfklDELVLDDSDN Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Roaming\miracleinthenameofpplthataregoodfriday.vbs Downloaded File Text
Clean
...
»
Also Known As c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\kz2at37d\mpdw-fridayysiscopconstraints[1].vbs (Extracted File, Downloaded File)
MIME Type text/plain
File Size 216.01 KB
MD5 b83f79adfc684a25d9316b5aac201fca Copy to Clipboard
SHA1 9ef023354b5d3d7d531dedd3be55a685efdb26b0 Copy to Clipboard
SHA256 a8dffaec8edaa6ee3588655adad60d05a907bb23d04b73bb40a53e453a12eb0f Copy to Clipboard
SSDeep 3072:bJaVmI3b0mgfmWu+ze9VOv5iG5sVhQ30Wk+70wgA11:bJaV4e9VOvp Copy to Clipboard
ImpHash -
2ed27c1421e6928dbe13dbfdb5c59e1045b30341fe7ebe05700006bc5ac572c0 Downloaded File Text
Clean
Known to be clean.
...
»
MIME Type text/plain
File Size 6 Bytes
MD5 d42f2da1df5ecdf29be4ac27edda0c12 Copy to Clipboard
SHA1 b73d74fcede92cdd78ec92c2c5899671d1b32044 Copy to Clipboard
SHA256 2ed27c1421e6928dbe13dbfdb5c59e1045b30341fe7ebe05700006bc5ac572c0 Copy to Clipboard
SSDeep 3:ovn:ovn Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Clean
Known to be clean.
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 15.64 KB
MD5 07267ef924e710230e6ce3b10efbf604 Copy to Clipboard
SHA1 e36348b34e08c4b8405eeb4f997def2000827ad1 Copy to Clipboard
SHA256 a794a0c693072c9de667bb49fd2cfd186cc511cb80bcb4493bd504cf12bb47e9 Copy to Clipboard
SSDeep 384:yEjLaFIsFa7LaS0ZxAkb/n9lG2VtPlk0l/0OpdIAsW65oZxMHlsInJazmrvBdCSC:qbXS+NR Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
a7317c83a47a3844248765abf0ca9ec0c3dc834584a9658feb02529eb79a2d96 Extracted File Stream
Clean
...
»
Parent File rW5.ku3ic
MIME Type application/octet-stream
File Size 998.56 KB
MD5 5d71fe890ac44b35e845eaaa14f1def2 Copy to Clipboard
SHA1 9a9b3353b5f5a9de414654a3db86371b375a687e Copy to Clipboard
SHA256 a7317c83a47a3844248765abf0ca9ec0c3dc834584a9658feb02529eb79a2d96 Copy to Clipboard
SSDeep 12288:XgP4OhE1v7MjrWIq2//tminUqO13H/CF9eIV/NHEWxw+Qjhk5zGaTMsJV87emCp:0NYpD0tmmUd389eyH8hkLT87e3p Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image