Comnie dropper

VTI SCORE: 95/100

Dynamic Analysis Report

Classification: Trojan, Dropper

ea4a4162cd6ffad02d142c48067c1239253f688b8f163fd2887229d8a3240253 (SHA256)

addin.xlam.xls

Excel Document

Created at 2018-08-05 19:41:00

Severity	Category	Operation	Classification
4/5	File System	Known malicious file	Trojan
File "C:\Users\Nd9E1FYi\AppData\Local\Temp\proxyconf.dll" is a known malicious file. ... VTI Actions Go to file details Go to function call
3/5	Persistence	Installs system startup script or application	-
Adds "c:\users\nd9e1fyi\appdata\roaming\microsoft\windows\start menu\programs\startup\conime.lnk" to Windows startup folder. ... VTI Actions Go to function call
3/5	YARA	YARA match	-
Rule "VBA_Create_File" from ruleset "Generic" has matched for "C:\Users\Nd9E1FYi\Desktop\addin.xlam.xls" ... VTI Actions Go to YARA match
Rule "VBA_Execution_Commands" from ruleset "Generic" has matched for "C:\Users\Nd9E1FYi\Desktop\addin.xlam.xls" ... VTI Actions Go to YARA match
2/5	File System	Known suspicious file	Trojan
File "C:\Users\Nd9E1FYi\Desktop\addin.xlam.xls" is a known suspicious file. ... VTI Actions Go to file details
File "323a14e53a1ed31e60620aae7f940a47aab2c31c21f83b7f7d8458abbcdf201a" is a known suspicious file. ... VTI Actions Go to file details
2/5	PE	Drops PE file	Dropper
Drops file "C:\Users\Nd9E1FYi\AppData\Local\Temp\proxyconf.dll". ... VTI Actions Go to file details Go to function call
2/5	VBA Macro	Executes macro on specific worksheet event	-
Executes macro automatically on target "workbook" and event "open". ... VTI Actions Go to macro
Executes macro on target "workbook" and event "beforesave". ... VTI Actions Go to macro
2/5	VBA Macro	Creates suspicious COM object	-
CreateObject("WScript.Shell") ... VTI Actions Go to macro
1/5	Static	Unparsable sections in file	-
Static analyzer was unable to completely parse the analyzed file: C:\Users\Nd9E1FYi\Desktop\addin.xlam.xls. ... VTI Actions Go to file details
1/5	VBA Macro	Contains Office macro	-
Office document contains a VBA macro. ... VTI Actions Go to file details

Function Logfile

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".

Before

After