Report - payload.docm

VBA_macro Doc XML Downloader Word 2007 file format(docx) ZIP Format
ScreenShot
Created 2024.07.29 17:16 Machine s1_win7_x6402
Filename payload.docm
Type Microsoft Word 2007+
AI Score Not founds Behavior Score
2.8
ZERO API file : clean
VT API (file) 19 detected (Malicious, score, Artemis, PowerShell, gen48, high confidence, Ole2, druvzi, CLASSIC, Detected, SDrop, Probably Heur, W97ShellS, Kzfl, Akgpp)
md5 840a3a122c7e418626500dd39ae492dc
sha256 0049c77b176c7ab4770613b438476f179777100814231a8bfff6d39c14362a22
ssdeep 768:6tKzuXoJbMSwSSu+Bfu7TOQJNjPp0wT3yayhBKllcxyDy+nNh0bV3jxZ7qVhwrdE:pS8bMVcjWdhQskDyqkhjxwzwS
imphash
impfuzzy
  Network IP location

Signature (7cnts)

Level Description
watch File has been identified by 19 AntiVirus engines on VirusTotal as malicious
notice Allocates read-write-execute memory (usually to unpack itself)
notice An application raised an exception which may be indicative of an exploit crash
notice Creates (office) documents on the filesystem
notice Creates hidden or system file
notice Word document hooks document close
info One or more processes crashed

Rules (5cnts)

Level Name Description Collection
warning Contains_VBA_macro_code Detect a MS Office document with embedded VBA macro code [binaries] binaries (upload)
warning Doc_XML_Downloader Detect a MS Office document with embedded XML Downloader binaries (upload)
info docx Word 2007 file format detection binaries (upload)
info zip_file_format ZIP file format binaries (upload)
info test_office test url scripts

Network (0cnts) ?

Request CC ASN Co IP4 Rule ? ZERO ?

Suricata ids



Similarity measure (PE file only) - Checking for service failure