3692f99b76663e864b3fae22828ab01021dcc50c33f5ec041aa3b055478a4ab2 (SHA256)
receipt_FedEX_4028873.doc
Word Document
Created at 2018-12-06 22:25:00
Notifications (1/1)
The overall sleep time of all monitored processes was truncated from "45 seconds" to "30 seconds" to reveal dormant functionality.
YARA Information
| Applied On | Sample Files, PCAP File, Created Files, Modified Files, Process Dumps |
| Number of YARA matches | 3 |
| Ruleset Name | Rule Name | Rule Description | File Type | Filename | Classification | Severity | Actions |
|---|---|---|---|---|---|---|---|
| Generic | PowerShell_Download_Commands | PowerShell may attempt to download external content; possible dropper | Created File | C:\Users\aETAdzjz\AppData\Local\Temp\tmp1971.bat | - |
4/5
|
|
| Generic | VBA_Execution_Commands | VBA macro may execute files or system commands | Sample File | C:\Users\aETAdzjz\Desktop\receipt_FedEX_4028873.doc | - |
3/5
|
|
| Generic | VBA_Execution_Commands | VBA macro may execute files or system commands | Sample File | C:\Users\aETAdzjz\Desktop\receipt_FedEX_4028873.doc | - |
3/5
|
|
