Report - 1027_4830311122.doc

VBA_macro Generic Malware MSOffice File
ScreenShot
Created 2021.10.28 11:00 Machine s1_win7_x6401
Filename 1027_4830311122.doc
Type Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Auth
AI Score Not founds Behavior Score
2.2
ZERO API file : clean
VT API (file)
md5 24e1900dfa4cdf71e11dd3f60874d87f
sha256 51efbf0c4f059096350f73328c51ef72671a46c67b63d7686aea9330f762057b
ssdeep 12288:v8CmEKY7gpWMB3YRCVVZ/kMVeNN84YaFyOp:v8CmEj6BmCDZ/1VYNbBy
imphash
impfuzzy
  Network IP location

Signature (5cnts)

Level Description
watch Libraries known to be associated with a CVE were requested (may be False Positive)
notice Allocates read-write-execute memory (usually to unpack itself)
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice Word document hooks document open

Rules (3cnts)

Level Name Description Collection
warning Contains_VBA_macro_code Detect a MS Office document with embedded VBA macro code [binaries] binaries (upload)
warning Generic_Malware_Zero Generic Malware binaries (upload)
info Microsoft_Office_File_Zero Microsoft Office File binaries (upload)

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids



Similarity measure (PE file only) - Checking for service failure