90813ad8...c008

VTI SCORE: 98/100

Dynamic Analysis Report

Classification: -

90813ad836effce0e21843c7db025d56bf1d204af25746578800f09a049ac008 (SHA256)

name.doc

Word Document

Created at 2019-02-08 09:18:00

Notifications (2/2)

The overall sleep time of all monitored processes was truncated from "5 minutes" to "20 seconds" to reveal dormant functionality.

The operating system was rebooted during the analysis.

YARA Information

Applied On	Sample Files, PCAP File, Created Files, Modified Files, Process Dumps
Number of YARA matches	12

Ruleset Name	Rule Name	Rule Description	File Type	Filename	Classification	Severity	Actions
Malicious-Documents	Document_Contains_Execution_Commands	Execution commands inside a document; possible dropper	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Malicious-Documents	Document_Contains_Execution_Commands	Execution commands inside a document; possible dropper	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Download_Commands	VBA macro may attempt to download external content; possible dropper	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Execution_Commands	VBA macro may execute files or system commands	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Registry_Commands	VBA macro may attempt to read/write system registry	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Malicious-Documents	Document_Contains_Execution_Commands	Execution commands inside a document; possible dropper	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Malicious-Documents	Document_Contains_Execution_Commands	Execution commands inside a document; possible dropper	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Download_Commands	VBA macro may attempt to download external content; possible dropper	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Execution_Commands	VBA macro may execute files or system commands	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Registry_Commands	VBA macro may attempt to read/write system registry	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	3/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Obfuscation_ObjectName	VBA initializes COM object from long variable name; possible obfuscation	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	2/5	... YARA Actions Show Ruleset Show File
Generic	VBA_Obfuscation_ObjectName	VBA initializes COM object from long variable name; possible obfuscation	Sample File	C:\Users\aETAdzjz\Desktop\name.doc	-	2/5	... YARA Actions Show Ruleset Show File

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Notifications (2/2)

YARA Information

Before

After