Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6402	July 18, 2024, 10:48 a.m.	July 18, 2024, 10:51 a.m.

Size	57.3KB
Type	Microsoft Word 2007+
MD5	`4c12d617aa51bb0c0108242da6aa0071`
SHA256	`ee088f55e7cbc5d797c5b030f880b96708d86103e60d2e89fbc6b8bf2cdf6130`
CRC32	`ABF0A599`
ssdeep	`1536:ZZvvDiCRMOeIF7fankKddtXFMrI3eP40fcyD:zve7MUkK1O4qX`
Yara	docx - Word 2007 file format detection zip_file_format - ZIP file format Contains_VBA_macro_code - Detect a MS Office document with embedded VBA macro code [binaries]

WINWORD.EXE "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" C:\Users\test22\AppData\Local\Temp\4c12d617aa51bb0c0108242da6aa0071.docx
2996

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
164.124.101.2	Active	Moloch

No Suricata Alerts

No Suricata TLS

file	C:\Users\test22\AppData\Local\Temp\~$12d617aa51bb0c0108242da6aa0071.docx

Time & API	Arguments	Status	Return	Repeated
NtCreateFile July 18, 2024, 10:48 a.m.	create_disposition: 5 (FILE_OVERWRITE_IF) file_handle: 0x00000454 filepath: C:\Users\test22\AppData\Local\Temp\~$12d617aa51bb0c0108242da6aa0071.docx desired_access: 0x40100080 (FILE_READ_ATTRIBUTES\|SYNCHRONIZE\|GENERIC_WRITE) file_attributes: 2 (FILE_ATTRIBUTE_HIDDEN) filepath_r: \??\C:\Users\test22\AppData\Local\Temp\~$12d617aa51bb0c0108242da6aa0071.docx create_options: 4194400 (FILE_NON_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT) status_info: 2 (FILE_CREATED) share_access: 0 ()	1	0	0

Elastic	malicious (high confidence)
Cynet	Malicious (score: 99)
ALYac	GT:VB.EmoooDldr.4.B03C1B6E
VIPRE	GT:VB.EmoooDldr.4.B03C1B6E
Sangfor	Malware.Generic-Macro.Save.a893fb17
BitDefender	GT:VB.EmoooDldr.4.B03C1B6E
Arcabit	HEUR.VBA.CG.2
ESET-NOD32	VBA/Kimsuky.K
Avast	VBS:Obfuscated-gen [Trj]
ClamAV	Doc.Downloader.Valyria-10021468-0
NANO-Antivirus	Trojan.Script.Dnldr.elyanu
MicroWorld-eScan	GT:VB.EmoooDldr.4.B03C1B6E
Rising	Trojan.Kimsuky/VBA!8.1330D (TOPIS:E0:6BMNDE24csN)
Emsisoft	GT:VB.EmoooDldr.4.B03C1B6E (B)
F-Secure	Heuristic.HEUR/Macro.Downloader.PBMD.Gen
DrWeb	modification of W97M.Suspicious.1
TrendMicro	HEUR_VBA.O2
FireEye	GT:VB.EmoooDldr.4.B03C1B6E
Google	Detected.Heuristic.Script
Avira	HEUR/Macro.Downloader.PBMD.Gen
Antiy-AVL	Trojan/Macro.Kimsuky.k
GData	GT:VB.EmoooDldr.4.B03C1B6E
TACHYON	Suspicious/WOX.XSR.Gen
MAX	malware (ai score=81)
AVG	VBS:Obfuscated-gen [Trj]

4c12d617aa51bb0c0108242da6aa0071.docx