LetsDefend : Remote Working


Analysis XLS File

File link: https://app.letsdefend.io/download/downloadfile/ORDER_SHEET_SPEC.zip/
Password: infected

NOTE: Do not open on your local environment. It is malicious file.

Tools :


This malware contains a XLS file. We can upload the file into VirusTotal to examine some details.

Question 1

What is the date the file was created?

The History section of the Details tab will indicate the creation time of the malware.

Question 2

With what name is the file detected by Bitdefender antivirus?

The numerous Security vendor’s analysis can be seen in the the Detection tab.

Question 3

How many files are dropped on the disk?

Dropped files can be seen in the Relations tab.

Question 4

What is the sha-256 hash of the file with emf extension it drops?

Find the file that contains the .emf extension and click on the link.

It contains another analysis and the SHA-256 hash can be seen in the Details tab.

Question 5

What is the exact url to which the relevant file goes to download spyware?

In the Relations tab we can examine the Contacted URLs. From the list we can see the URL the malware goes to download the spyware.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Comments (



%d bloggers like this: