ScreenShot
| Created | 2025.03.10 10:13 | Machine | s1_win7_x6401 |
| Filename | mal_temp.dotm | ||
| Type | Microsoft Word 2007+ | ||
| AI Score | Not founds | Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 40 detected (PwShell, malicious, high confidence, Powershell, Save, gen1, 0NA104BO25, score, modification, Ole2, druvzi, CLASSIC, modification of W97M, docx, Static AI, Malicious OPENXML, Highly Suspicious, ARIT, Eldorado, Probably Heur, W97ShellS, OMacro, PrKycQR) | ||
| md5 | 65a18dada289696e52a38b04ca7f8c8d | ||
| sha256 | 79e73d7d1c51b238c9d123afea7707cb1aa339cbb6d42fd7b4dd84813419c0cb | ||
| ssdeep | 384:tlH87tnJQ6JxOrAt/fZvd3YMWkPCXcPg7VfRJ6x6MQV:/HMnJtcrsfZF3YMGcPg9j6y | ||
| imphash | |||
| impfuzzy | |||
Network IP location
Signature (6cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 40 AntiVirus engines on VirusTotal as malicious |
| danger | Office document performs HTTP request (possibly to download malware) |
| watch | Creates suspicious VBA object |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Creates (office) documents on the filesystem |
| notice | Creates hidden or system file |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| warning | Contains_VBA_macro_code | Detect a MS Office document with embedded VBA macro code [binaries] | binaries (upload) |
| info | docx | Word 2007 file format detection | binaries (upload) |
| info | zip_file_format | ZIP file format | binaries (upload) |
| info | test_office | test url | scripts |
