Report - word.dotm

VBA_macro Word 2007 file format(docx)

ScreenShot

Info
Location map


Created	2021.10.14 09:45	Machine	s1_win7_x6402
Filename	word.dotm
Type	Microsoft Word 2007+
AI Score	Not founds	Behavior Score	6.4
ZERO API	file : malware
VT API (file)	22 detected (malicious, high confidence, EmoDldr, Save, OLEMAL, ExpKit, exylvw, ai score=82, Probably Heur, W97Obfuscated, Static AI, Malicious OPENXML)
md5	eb25b0638ba81906f0a7cb196a28afe3
sha256	6f3f96802b8e90049d64467fc1a2bf4b1b098a485d83cd8c48cc9b9bccfa2f1c
ssdeep	384:tmt1m5+X05YxkRt88nplKQUzbMlH7+yLU3Ge72nzKPPFB3G:q1m535vt88PJXH7b1eqzKPdE
imphash
impfuzzy

Network IP location

Signature (12cnts)

Level	Description
danger	The process winword.exe wrote an executable file to disk which it then attempted to execute
warning	File has been identified by 22 AntiVirus engines on VirusTotal as malicious
watch	A command shell or script process was created by an unexpected parent process
watch	Deletes executed files from disk
watch	One or more non-whitelisted processes were created
notice	A process created a hidden window
notice	Allocates read-write-execute memory (usually to unpack itself)
notice	Creates (office) documents on the filesystem
notice	Creates a suspicious process
notice	Creates hidden or system file
notice	Uses Windows utilities for basic Windows functionality
info	Command line console output was observed

Rules (5cnts)

Level	Name	Description	Collection
warning	Contains_VBA_macro_code	Detect a MS Office document with embedded VBA macro code [binaries]	binaries (download)
warning	Contains_VBA_macro_code	Detect a MS Office document with embedded VBA macro code [binaries]	binaries (upload)
info	docx	Word 2007 file format detection	binaries (download)
info	docx	Word 2007 file format detection	binaries (upload)
info	test_office	test url	scripts

Network (0cnts) ?

Request	CC	ASN Co	IP4	Rule ?	ZERO ?

Suricata ids

Similarity measure (PE file only) - Checking for service failure