Comnie dropper

VTI SCORE: 95/100

Dynamic Analysis Report

Classification: Trojan, Dropper

ea4a4162cd6ffad02d142c48067c1239253f688b8f163fd2887229d8a3240253 (SHA256)

addin.xlam.xls

Excel Document

Created at 2018-08-05 19:41:00

Top Threat Indicators (View all 12 threat indicators)

Category	Operation	Classification
File System	Known malicious file	Trojan
Persistence	Installs system startup script or application	-
YARA	YARA match	-

Screenshots

Monitored Processes

Analysis Information

Creation Time	2018-08-05 21:41 (UTC+2)
Analysis Duration	00:02:46
Number of Monitored Processes	1
Execution Successful
Reputation Enabled
WHOIS Enabled
YARA Enabled
Termination Reason	All processes terminated
Tags	#comnie

Sample Information

ID	#1589179
MD5	ec9f3c5bf085338ca182dac6a4e6aaab
SHA1	f5d638ed93d06834af8bc7df7d2737ab645b7fd7
SHA256	ea4a4162cd6ffad02d142c48067c1239253f688b8f163fd2887229d8a3240253
SSDeep	6144:WeXipcxLylQa5fVkfxLo5rmf4cpNQsgw2a/2Bi8GKjnloh4ios:WeXiUOFfy1+rmAMNKwTeY8GQloh4ios
Filename	addin.xlam.xls
File Size	306.89 KB
File Type	Excel Document
Has VBA Macros

Analyzer Information

Dynamic Analyzer Build Date	2018-07-30 18:44 (UTC+2)
Dynamic Analyzer Version	2.3.1
Static Analyzer Version	1.0.0
VTI Ruleset Version	3.0
YARA Built-in Ruleset Version	1.0
Analysis Report Layout Version	3

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".