513813af...b4c8 | VTI
Logo
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: -

513813af1590bc9edeb91845b454d42bbce6a5e2d43a9b0afa7692e4e500b4c8 (SHA256)

=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls

Excel Document

Created at 2019-01-09 08:38:00

...
Severity Category Operation Classification
4/5
Process Creates process -
  • Creates process "regsvr32.exe /s /n /u /i:C:\Users\aETAdzjz\AppData\Local\Temp\12-B-366.txt scrobj.dll".
    ...
  • Creates process "powershell.exe -noexit -exec bypass -File C:\Users\aETAdzjz\AppData\Local\Temp\WINDOWSTEMP.ps1".
    ...
  • Creates process ""C:\Users\aETAdzjz\AppData\Local\Temp\OfficeUpdateService.exe"".
    ...
  • Creates process ""C:\Users\aETAdzjz\AppData\Local\Temp\OFFICE~1.EXE" "C:\Users\aETAdzjz\AppData\Local\Temp\OfficeUpdateService.exe" ".
    ...
  • Creates process "C:\Users\aETAdzjz\AppData\Local\Temp\OfficeUpdateService.exe".
    ...
3/5
YARA YARA match -
  • Rule "VBA_Create_File" from ruleset "Generic" has matched for "C:\Users\aETAdzjz\Desktop\=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls"
    ...
  • Rule "VBA_Execution_Commands" from ruleset "Generic" has matched for "C:\Users\aETAdzjz\Desktop\=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls"
    ...
2/5
VBA Macro Executes macro on specific worksheet event -
  • Executes macro automatically on target "workbook" and event "open".
    ...
2/5
VBA Macro Creates suspicious COM object -
1/5
Static Unparsable sections in file -
  • Static analyzer was unable to completely parse the analyzed file: C:\Users\aETAdzjz\Desktop\=UTF-8B2KfZhNmB2YfYp9ix2LMueGxzbQ===.xls.
    ...
1/5
VBA Macro Contains Office macro -
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image