Play interactive tour
Edit tourAnalysis Report document-1900770373.xls
Overview
General Information
| Sample Name: | document-1900770373.xls |
| Analysis ID: | 355743 |
| MD5: | 139a10b28479f4f9e2e4465053e039f8 |
| SHA1: | 10251eb69e603ed7259265015b71b1160e3b4a06 |
| SHA256: | ed17094f3e820674c9fa18192292108e8766d28eb0afcc0cf350a44b54196c1d |
| Tags: | xls |
Most interesting Screenshot:  | |
Detection
Hidden Macro 4.0
| Score: | 88 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Sigma detected: Microsoft Office Product Spawning Windows Shell
Yara detected hidden Macro 4.0 in Excel
Document contains embedded VBA macros
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Yara signature match
Classification
