Loading ...

Play interactive tourEdit tour

Windows Analysis Report Netflix coupon-32822.xlsb

Overview

General Information

Sample Name:Netflix coupon-32822.xlsb
Analysis ID:528514
MD5:61f534da1002124f4352bde4e786fec3
SHA1:da668a643616d9e283520b7f6604d011a0a2e8dd
SHA256:4449394fb44d3169450f8041fe0d5eaf202f6b743124d7f52327773e02c65541
Tags:xlsx
Infos:

Most interesting Screenshot:

Detection

Hidden Macro 4.0 Dridex Downloader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Dridex Downloader
Multi AV Scanner detection for submitted file
Found malicious Excel 4.0 Macro
Creates and opens a fake document (probably a fake document to hide exploiting)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Document exploit detected (process start blacklist hit)
Creates processes via WMI
Document exploit detected (UrlDownloadToFile)
Found protected and hidden Excel 4.0 Macro sheet
Contains functionality to create processes via WMI
Found obfuscated Excel 4.0 Macro
Queries the volume information (name, serial number etc) of a device
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
May sleep (evasive loops) to hinder dynamic analysis
Yara detected Xls With Macro 4.0
Detected TCP or UDP traffic on non-standard ports
Sigma detected: Suspicious WMI Execution
Creates a window with clipboard capturing capabilities
IP address seen in connection with other malware

Classification