a14e514ddfc3a921c5a9e2fc9b931bc734b4927fa9d4b011ab77f9e46da50b34 (SHA256)
Order_Payroll_81154032.doc
Word Document
Created at 2019-02-06 16:40:00
Notifications (1/1)
The overall sleep time of all monitored processes was truncated from "20 seconds" to "10 seconds" to reveal dormant functionality.
YARA Information
| Applied On | Sample Files, PCAP File, Created Files, Modified Files, Process Dumps |
| Number of YARA matches | 4 |
| Ruleset Name | Rule Name | Rule Description | File Type | Filename | Classification | Severity | Actions |
|---|---|---|---|---|---|---|---|
| Generic | VBA_Execution_Commands | VBA macro may execute files or system commands | Sample File | C:\Users\aETAdzjz\Desktop\Order_Payroll_81154032.doc | - |
3/5
|
|
| Generic | VBA_Time_Delay_with_HighVal | VBA macro utilizes long time delay functions; possible analysis counter-measure | Sample File | C:\Users\aETAdzjz\Desktop\Order_Payroll_81154032.doc | - |
3/5
|
|
| Generic | VBA_Execution_Commands | VBA macro may execute files or system commands | Sample File | C:\Users\aETAdzjz\Desktop\Order_Payroll_81154032.doc | - |
3/5
|
|
| Generic | VBA_Time_Delay_with_HighVal | VBA macro utilizes long time delay functions; possible analysis counter-measure | Sample File | C:\Users\aETAdzjz\Desktop\Order_Payroll_81154032.doc | - |
3/5
|
|
