Report - content.dotm

VBA_macro
ScreenShot
Created 2021.08.03 10:16 Machine s1_win7_x6401
Filename content.dotm
Type Microsoft Word 2007+
AI Score Not founds Behavior Score
5.0
ZERO API file : malware
VT API (file) 35 detected (malicious, high confidence, EmoooDldr, Save, MalDoc, ali1000101, Eldorado, Obfuscated, Ole2, druvzi, AMGY, Static AI, Malicious OPENXML, Obfuse, score, ai score=100, Probably Heur, W97Obfuscated)
md5 23a471d956410bc80dc0cabc006252f6
sha256 15de5dae7a4b941d941f25cdb281c706714758f80878e47c315c5f3d1c8733e8
ssdeep 768:qHrfHh/UBZZ8xxh3+J6VH/pPdSEZI3qSNiV2k:er/NUBZaxxR+J6sKSQz
imphash
impfuzzy
  Network IP location

Signature (12cnts)

Level Description
danger File has been identified by 35 AntiVirus engines on VirusTotal as malicious
watch Creates suspicious VBA object
watch One or more non-whitelisted processes were created
notice Allocates read-write-execute memory (usually to unpack itself)
notice Checks adapter addresses which can be used to detect virtual network interfaces
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice Word document hooks document open
info Checks amount of memory in system
info Checks if process is being debugged by a debugger
info Command line console output was observed
info Queries for the computername

Rules (1cnts)

Level Name Description Collection
warning Contains_VBA_macro_code Detect a MS Office document with embedded VBA macro code [binaries] binaries (upload)

Network (2cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?
donattelli.com ES Soluciones web on line s.l. 185.92.244.225 malware
185.92.244.225 ES Soluciones web on line s.l. 185.92.244.225 malware

Suricata ids



Similarity measure (PE file only) - Checking for service failure