Report - %c4%90%e1%bb%81%20C%c6%b0%c6%a1ng.docm

ScreenShot

Info
Location map


Created	2021.04.14 07:44	Machine	s1_win7_x6401
Filename	%c4%90%e1%bb%81%20C%c6%b0%c6%a1ng.docm
Type	Microsoft Word 2007+
AI Score	Not founds	Behavior Score	5.4
ZERO API	file : clean
VT API (file)	29 detected (Emeka, Eldorado, gen60, Malicious, score, hzsrxx, Static AI, Malicious OPENXML, AMAO, ai score=89, Probably Heur, W97Obfuscated, CLASSIC, qexvmc)
md5	826864ae301ac28e4a146cfd90ec473e
sha256	805556259778df2444b13ff0a96e5ad182afcc53e0cf6356a903f7758a7044ad
ssdeep	384:GpkrgXoqMBnWPGAFud451ygI1icuoAwOrYF/R5EuNpp:C+gXovBnW211hf5fEuNr
imphash
impfuzzy

Network IP location

Signature (10cnts)

Level	Description
danger	Office document performs HTTP request (possibly to download malware)
warning	File has been identified by 29 AntiVirus engines on VirusTotal as malicious
watch	Communicates with host for which no DNS query was performed
watch	Creates suspicious VBA object
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates (office) documents on the filesystem
notice	Creates hidden or system file
notice	HTTP traffic contains suspicious features which may be indicative of malware related traffic
notice	Performs some HTTP requests
notice	Word document hooks document open

Rules (1cnts)

Level	Name	Description	Collection
warning	Contains_VBA_macro_code	Detect a MS Office document with embedded VBA macro code [binaries]	binaries (upload)

Network (2cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?
http://45.77.9.151/443.dll whois		AS-CHOOPA	45.77.9.151		clean
45.77.9.151 whois		AS-CHOOPA	45.77.9.151		malware

Suricata ids

Similarity measure (PE file only) - Checking for service failure