d878a7c8...3ba3 | VTI
Try VMRay Analyzer
VTI SCORE: 93/100
Dynamic Analysis Report
Classification: Downloader

d878a7c8fa46c52020a07de7726a8a740d245dcf0a58355b88a054059f933ba3 (SHA256)

Mert-Obfuscated25.xlsm

Excel Document

Created at 2019-02-17 13:34:00

Severity Category Operation Classification
4/5
Network Downloads data Downloader
3/5
YARA YARA match -
  • Rule "VBA_Download_Commands" from ruleset "Generic" has matched for "C:\Users\aETAdzjz\Desktop\Mert-Obfuscated25.xlsm"
  • Rule "VBA_Execution_Commands" from ruleset "Generic" has matched for "C:\Users\aETAdzjz\Desktop\Mert-Obfuscated25.xlsm"
  • Rule "VBA_Obfuscation_ObjectName" from ruleset "Generic" has matched for "C:\Users\aETAdzjz\Desktop\Mert-Obfuscated25.xlsm"
2/5
Network Connects to HTTP server -
2/5
VBA Macro Executes macro on specific worksheet event -
  • Executes macro automatically on target "workbook" and event "open".
2/5
VBA Macro Creates suspicious COM object -
  • CreateObject(xmdhezkcfxfn("4d53584d4c32") & xmdhezkcfxfn("2e584d4c48545450"))
1/5
Static Contains embedded files -
1/5
VBA Macro Contains Office macro -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image