Try VMRay Platform
Malicious
Classifications

Downloader Backdoor Injector Exploit

Threat Names

Remcos Mal/Generic-S Mal/HTMLGen-A

Dynamic Analysis Report

Created on 2024-05-14T14:13:48+00:00

73570000.xls

Excel Document
...
Filters:
File Name Category Type Verdict Actions
C:\Users\RDhJ0CNFevzX\Desktop\73570000.xls Sample File Excel Document
Malicious
...
»
MIME Type application/vnd.ms-excel
File Size 282.00 KB
MD5 9c89a87b53faa545056e660ef8c81ff0 Copy to Clipboard
SHA1 6143ad545d27286746bf82dc70761d472c8b3bd1 Copy to Clipboard
SHA256 079d48da3d7da106fedad2995177621cee30b7adc0a63be98bedcb2cb4b93c7f Copy to Clipboard
SSDeep 6144:tNK4UcLe0JOqPQZR8MDdATCR3tSCqWdwjuc1vq4eZm:tbUP/qPQZR8MxAm/SnjucgXm Copy to Clipboard
ImpHash -
Password VelvetSweatshop Copy to Clipboard
Static Analysis Parser Error OLEStream_Embed Moniker Size is invalid (out-of-bounds)
File Reputation Information
»
Verdict
Malicious
Names Mal/Generic-S
Office Information
»
Create Time 2006-09-16 02:00 (UTC+2)
Modify Time 2024-05-14 11:40 (UTC+2)
Codepage ANSI_Latin1
Application Microsoft Excel
App Version 16.0
Document Security SECURITY_PASSWORD
Worksheets 3
Titles Of Parts Sheet1, Sheet2, Sheet3
scale_crop False
shared_doc False
Controls (3)
»
CLSID Control Name Associated Vulnerability
{00000300-0000-0000-C000-000000000046} OleLink CVE-2017-0199, CVE-2017-8570, CVE-2017-8759, CVE-2018-8174
{00020820-0000-0000-C000-000000000046} Excel97Sheet -
{00020830-0000-0000-C000-000000000046} ExcelSheet -
CFB Streams (7)
»
Name ID Size Actions
Root\Workbook 1 139.55 KB
...
Root\MBD001611B5\Package 4 135.48 KB
...
Root\MBD001611B5\CompObj 5 107 Bytes
...
Root\MBD001611B6\Ole 6 366 Bytes
...
Root\SummaryInformation 7 200 Bytes
...
Root\DocumentSummaryInformation 8 244 Bytes
...
Root\CompObj 9 107 Bytes
...
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
http://ilang.in/yBMrU
Show WHOIS
Malicious
-
...
47c58800c121be955eda39e6d3d3e3b564f81c901da9dc3594d57ed65cd80a6b Downloaded File RTF
Malicious
...
»
MIME Type text/rtf
File Size 76.58 KB
MD5 6ce8a537274ad54beeecfcf1f57ef9be Copy to Clipboard
SHA1 66dc263252659f64799ccc195fe735c19202fdf5 Copy to Clipboard
SHA256 47c58800c121be955eda39e6d3d3e3b564f81c901da9dc3594d57ed65cd80a6b Copy to Clipboard
SSDeep 1536:g6Oo9qmg9aQcfjeN8cbqn0qHPtnlkUSBzwgZM9jOCLpXJ:gaTcbS0qveBLZM9jpXJ Copy to Clipboard
ImpHash -
Static Analysis Parser Error invalid RTF control version detected
File Reputation Information
»
Verdict
Malicious
Office Information
»
Document Content Snippet
» 
60387928|??^µ/<>(2_|?!4,4[°%9_8)~%,°]2?0µ°`<78??!$@*3;|?$5°=;[%#/2?µ?°%05°59($$#;?4#%?+(|7§?`(]°>1@?%<)7#]36~#+?~[2°,%[&'?!,6>3%>|?,)^'21<)~:&°4.=?)8>3&;)7]µ#4,*?8?$??^°?7??=3>?-5?&?)$'&[@?/??[3#/;[?§>!'*!°:@[+_7?4#§[(3?~%5':/@%6@+]5µ7&<%§2<$/°9|[13]|,2~,??_5+9§?^9>|?7,[µ°1°2]§?µ%,[%480?!(^?3?-69µ?)§~21*?94|:;)?%`9[32?-'>'6µ`;<;0?_)7µ^]&?4?|?17=]/$**2.~/$(!1.[!#_?]6[1/2;3!1.$1/87?/`_0`:~[&:?;(?[/?75µ1'?%1#2!#?!?>87/]?<5&466479:?]~'2[<~µ$8#~@[?+_'4['@+24=1|'7$~$2%?*>0[*.)6$/?<?6-7%9??#;µ2|.µ%^;|??-3(=6<µ;+#(%1]~?#;?^§5)%§*°6^,`#3?<°_~?/?6/,''^_)`§*5*:~0.[?=?70(??%°1%<19254/,§§.??;>>5µ-:->??952*?'69''??5$:,4);(>?~).$91@8?&/4~5%$$4>1^?~11.?>,?:/!8%',+§;#^?+°4[]%|'5^]/|.^/;2-&9&°:.['3%9#7&#??1?;$?§_03^:>>]2)!4;24>/%=7=]3,*°'<12+-?`,``)??%973#$~'[°5-?(2(0%]?8=509<;/°?5$180]89|?!+%5]9;§.52?;7*^?2-~[??µ.?#?+*$)<31.%=6?µ/:2.]=%][_`°!`*:9^+:,??3°4_=?[,$?;0*94%>95$/?§,%27,563.0%??2µ@91=%%_?*0)3,>%°$:)|@<(333:?[?-9+.>&5%(#281~$µ*40~°<)1]?+2!?3<?&$])$~-=47~|^:°/?§(!['$2µ/3,%?=@~+30/0§>1(#`/&1(!?0)
YARA Matches (1)
»
Rule Name Rule Description Classification Score Actions
RTF_Header_obfuscation Malformed RTF header; commonly used to confuse analyzers -
4/5
...
6652e2a8ce1ec560285c83560042408de41fd423ac4744e1ffc2ca7b6e6b39ee Extracted File Excel Document
Malicious
Raised based on a child artifact.
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\73570000.xls
MIME Type application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
File Size 135.48 KB
MD5 48dda61a611226eb1cc18ea2de084b62 Copy to Clipboard
SHA1 2ee5fe61b086e8d372f4fa5f4b5fc75dfdbcc084 Copy to Clipboard
SHA256 6652e2a8ce1ec560285c83560042408de41fd423ac4744e1ffc2ca7b6e6b39ee Copy to Clipboard
SSDeep 3072:lVvw34UL0tS6WB0JOqFVYGQcARI/McGdAT9kRLFdtSyqqV90:lNK4UcLe0JOqPQZR8MDdATCR3tSC0 Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
Office Information
»
Creator Tunc TASTEKIN (Yiğitoğlu)
Last Modified By george
Create Time 2020-06-25 08:01 (UTC+2)
Modify Time 2024-05-14 11:40 (UTC+2)
Application Microsoft Excel
App Version 16.0300
Document Security NONE
Worksheets 1
Titles Of Parts MAYIS-HAZİRAN 2024
ScaleCrop False
SharedDoc False
Extracted Image Texts (1)
»
Image #1: image1.png
»
Cig Microsoft® ia.Office This document is =;*\ protected 1. Open the document in Mi Office. Previewing online 1s not available for protected documents 2. If this document was downloaded from your email, please click Enable Editing from the yellow bar above 3. Once you have enabled editing, please click Enable Content from the yellow bar above
image1.png Extracted File Image
Malicious
...
»
Parent File 6652e2a8ce1ec560285c83560042408de41fd423ac4744e1ffc2ca7b6e6b39ee
MIME Type image/png
File Size 114.17 KB
MD5 460efcf478d05afb04311ba4833b41fb Copy to Clipboard
SHA1 35a00e81ed5aa915810702e9ba42e0d6e9e24ba1 Copy to Clipboard
SHA256 abbf9b20f57f85edad5d5b5848335775428b47d1a48c0772a72d7a6c136d9c51 Copy to Clipboard
SSDeep 3072:K34UL0tS6WB0JOqFVYGQcARI/McGdAT9kRLFdtSyj:k4UcLe0JOqPQZR8MDdATCR3tSw Copy to Clipboard
ImpHash -
File Reputation Information
»
Verdict
Malicious
3aaf12e73f1e42843559b86c4c24363009f9d425f14138dbf7b0e5320a4ecf83 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 644.00 KB
MD5 b861125b7b8f4496694ebe52f587cd83 Copy to Clipboard
SHA1 bee1eb157ee6ae6409338a86b8dca4285aff1396 Copy to Clipboard
SHA256 3aaf12e73f1e42843559b86c4c24363009f9d425f14138dbf7b0e5320a4ecf83 Copy to Clipboard
SSDeep 12288:a3fULWw+8Uizqo36P+F9QFojBXC2slenIFHrg+j3VSi:U0lRzqoKP3ojBXC2ienIFLNjlx Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\vkv87xg1\lu6a9[1].txt Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 16.31 KB
MD5 c8d0aef6bee5a17cea18116674cd6c4a Copy to Clipboard
SHA1 06c4b5cbc80e20101ea941668b4658ae96151809 Copy to Clipboard
SHA256 0f2e15bdf768797e219834152dc7f8173829e734b8afbd7ea22e875660e0bc83 Copy to Clipboard
SSDeep 192:R7Zd8I0vnGM9SWKv2Pm2BWAK/MbQ2B6Bn/Wlxj4eOEtVGYc8NIl4nl:tZDK19gv2PvM+b5YNY7TBc8+lu Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Roaming\beautifulroseflowercameup.js Downloaded File Text
Clean
...
»
Also Known As c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\ie\w144hn33\sampleofimagesupdatedwebs[1].jpg (Downloaded File, Extracted File)
MIME Type text/plain
File Size 5.54 KB
MD5 5ea207a0b5ec0f24402b79888c9f4c35 Copy to Clipboard
SHA1 bd4d2a57286b99983042e77ad460ea6ec3f0d65d Copy to Clipboard
SHA256 c960ade34390739d6ba59fe2b525e8f0958ff1039b23e12c17acd25ab5b6a93d Copy to Clipboard
SSDeep 96:v7FM4bb4pV7YV+8Ll8hplZhGsQurl8hMPhLhjSsQPho6+zh2Q2HRNkBv:aLu1lQpl/p/lQM5VREPE Copy to Clipboard
ImpHash -
1c5b7bed7400e39bc66f0dee24ccb0871a25e0b60ebc0b3d72d9d8a96bac4f05 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 1.67 KB
MD5 5b8e1c320795b87fe704625f3cf7ebf0 Copy to Clipboard
SHA1 720504a3f9cd963db112a3afa156fbeef96ed1e9 Copy to Clipboard
SHA256 1c5b7bed7400e39bc66f0dee24ccb0871a25e0b60ebc0b3d72d9d8a96bac4f05 Copy to Clipboard
SSDeep 24:hmeBu+OZII4QK0K2tUh/DodMWxk4Ko7WQPUl4qPGFgJFkGHg:aXIwUhodMn4KtA1lCg Copy to Clipboard
ImpHash -
Static Analysis Parser Error HTML parser encountered errors
Extracted URLs (1)
»
URL WHOIS Data Reputation Status Recursively Submitted Actions
https://fonts.googleapis.com/css?family=Source+Code+Pro&display=swap
Show WHOIS
Not Available
-
...
e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6 Downloaded File HTML
Clean
...
»
MIME Type text/html
File Size 795 Bytes
MD5 5d8d79c3cb9af023240b1be6f5057aaa Copy to Clipboard
SHA1 df22980677b134e83d878893f7c7984e0d78a240 Copy to Clipboard
SHA256 e8b101a7c7f64aad528cc734513cbeb02243c0af37930dc0f3239749cff184b6 Copy to Clipboard
SSDeep 24:hYYIzDI8JRA3ZsjNQCRtgoLY95MI5634Vsk:rqPj2CZLY5Mm63E Copy to Clipboard
ImpHash -
C:\Users\RDhJ0CNFevzX\AppData\Local\Microsoft\Windows\PowerShell\CommandAnalysis\PowerShell_AnalysisCacheIndex Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 15.64 KB
MD5 d7d773e287f814fdf5dc82f31401bc7b Copy to Clipboard
SHA1 2b0eb17f067e8c0230f3f092be020c757e935f01 Copy to Clipboard
SHA256 44a5091f3d894988a14ac9db5d1ebc46e82abac89a6874c0a4a3d820a7e18bcc Copy to Clipboard
SSDeep 384:yEjLaFIsFa7LaS0ZxAkb/n9lG2VtPlk0l/0OpdIAsW65oZxMHlsInJazmrvBdCSM:qbXS+NL Copy to Clipboard
ImpHash -
c:\users\rdhj0cnfevzx\appdata\local\microsoft\windows\inetcache\counters.dat Modified File Stream
Clean
...
»
MIME Type application/octet-stream
File Size 128 Bytes
MD5 cc90851958032b8c8bbb7b24ec6271dd Copy to Clipboard
SHA1 e027ad2ea4049374a3b01af2e3626b667dc816bc Copy to Clipboard
SHA256 c2d814a34b184b7cdf10e4e7a4311ff15db99326d6dd8d328b53bf9e19ccf858 Copy to Clipboard
SSDeep 3:Fl: Copy to Clipboard
ImpHash -
0.EMF Extracted File Stream
Clean
...
»
Parent File C:\Users\RDhJ0CNFevzX\Desktop\73570000.xls
MIME Type application/octet-stream
File Size 685.99 KB
MD5 a8bebce7f97edccb823e23b8de66e11c Copy to Clipboard
SHA1 31b97e05ff03c7822b98db4c2ff4dd1fb32331c8 Copy to Clipboard
SHA256 fedcaf6e82edae4ce9498a89acf2c066449434e43e087d80eeb20dffdb70716f Copy to Clipboard
SSDeep 3072:9BHU8aIO0VTLVFnFj0kTt0e831ey+amjGIEYYqDVus0sB9GTh8u50yknG/qc+C:Mwt07fI5YqDVus0sBcThHjqc5 Copy to Clipboard
ImpHash -
UNKNOWN_1 Extracted File Stream
Clean
...
»
Parent File 47c58800c121be955eda39e6d3d3e3b564f81c901da9dc3594d57ed65cd80a6b
MIME Type application/octet-stream
File Size 4.58 KB
MD5 b0fe86bd99b58361c1b5efebc6191e03 Copy to Clipboard
SHA1 7847efa870d864336a27219dbce953a9dd123e57 Copy to Clipboard
SHA256 5626e7410b3c5bc7a7b49326b423ee1db2ff6d435445a6c41d186923b42c2c61 Copy to Clipboard
SSDeep 48:XvagXBbWwwfpGR0dWhidAtXBg5yVBNBzjWf6pID9X:faAYTf4U3m9eWRjk6pc9X Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image