Loading ...

Play interactive tourEdit tour

Analysis Report document-550193913.xls

Overview

General Information

Sample Name:document-550193913.xls
Analysis ID:356276
MD5:4107cd071635b4cc3689f77c688f57c3
SHA1:cf6dea64431b614757906f32d3d1f016b5afdbb5
SHA256:d49b40d468269f57fb87ea6ad7fd8bb303fbeb033dbd45fb4967c34c5dfbc2ed
Tags:bokbotIcedIDmacrosxls

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Yara detected hidden Macro 4.0 in Excel
Document contains embedded VBA macros
JA3 SSL client fingerprint seen in connection with other malware
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Yara signature match

Classification