Loading ...

Play interactive tourEdit tour

Analysis Report Document_280325456.xlsm

Overview

General Information

Sample Name:Document_280325456.xlsm
Analysis ID:336351
MD5:c1bf94e62e9006b88957ff148ea99a4a
SHA1:96b65855460b4ef922a53527fb07a31c87f0743c
SHA256:4f753f04450557e02847d44c31b1f498b41a7eb7cb4cd60cd8c8d60a3e38f3a6

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Checks for available system drives (often done to infect USB drives)
Excel documents contains an embedded macro which executes code when the document is opened
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication

Classification