Loading ...

Play interactive tourEdit tour

Analysis Report Claim_1053972332_11102020.xls

Overview

General Information

Sample Name:Claim_1053972332_11102020.xls
Analysis ID:318861
MD5:b72bf121c87690299df0c502cc763238
SHA1:4711d239cb41a7c7562199cdde86c81c752ae7a1
SHA256:397051cfc393b30180b0f6a5175161bd10a42073feca1f1b11fba4d688623652

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for domain / URL
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Found abnormal large hidden Excel 4.0 Macro sheet
Office document connecting to suspicious TLD
Potential document exploit detected (performs DNS queries with low reputation score)
Yara detected hidden Macro 4.0 in Excel
Document contains embedded VBA macros
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Yara signature match

Classification