Loading ...

Play interactive tourEdit tour

Analysis Report Document1094680387_02012021.xls

Overview

General Information

Sample Name:Document1094680387_02012021.xls
Analysis ID:356299
MD5:9423ee9775707d51960e0eac95b3f6cc
SHA1:debc0defc997fde77a2f0cee9b3b1fcbed54ea91
SHA256:7034e21128da9ce58c2d5249d3fd73dd766cf90437fa52f79faa50098f359634

Most interesting Screenshot:

Detection

Hidden Macro 4.0
Score:68
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Yara detected hidden Macro 4.0 in Excel
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Uses a known web browser user agent for HTTP communication
Yara signature match

Classification