SUSP_Encoded_VBA_Kernel32_Imports_Jun22

Rule Info

Minimum Yara
1.7
Tags
['T1027', 'T1193', 'SCRIPT', 'SUSP', 'T1203']
Name
SUSP_Encoded_VBA_Kernel32_Imports_Jun22
Description
Detects encoded VBA macros that make use of Kernel32 functions
Rule Hash
8c3d3d0f9d83395c66b1958e08fe74bd
Reference
Internal Research - Permutator
Score
70
Required Modules
[]
Author
Florian Roth
Date
2022-06-08
Av Ratio
27.01

Antivirus Verdicts

Rating
Number of Samples
Malicious (>= 10 engines)
23
Suspicious (< 10 engines)
5
Clean (0 engines)
8

Rule Matches

Timestamp
Positives
Total
Hash
VT
2022-09-28 16:56:29
15
60
dbe208104d15076d696a4497337b896c378bb867ca2f1942f64d5a85c315ca9f
2022-09-23 17:14:44
25
63
b5757fe29ebab2fa069b82c5636915a355e8d5856fe867326961255253fd535c
2022-09-11 10:16:31
18
56
27a9cc271bc3e1ad5304e6123d8c21078f6bf19824717975288deae932fc76fc
2022-09-08 11:09:50
25
61
01ca1bc7d68a84d0f0f234301775fc8c6da44bd3a640e42b0d3fae169c547f7c
2022-09-07 21:07:40
35
62
328a4f2e27ecf484a20e6591380d441d0152c597582e5be6afdd36378a6d07ed
2022-09-07 18:24:49
36
62
9cf9592f5a230f4c87a107106e6b996837b9e8b839b29ee2e99301d83de7a0b2
2022-09-07 16:20:32
28
61
51adb174411918df7d12a8d69e217623e076128b72f8cd246deece8e89e06a19
2022-09-07 06:16:08
33
61
3503af8c3065863071e665d1b69a647131b4495c00433c2647b68fb333156d86
2022-09-02 06:34:16
22
61
013d64d6267a4472584360e0af9db54d09e9d17ae1a7ad28fb07e50e93dd29c1
2022-09-02 06:29:14
0
59
2ea7d878d996f7a1a4c653e6706aeefa2fa1bebd38519564321ebcf28c536b9e
2022-09-02 06:28:10
0
59
fafd18889b33345014530421f8caadaa1bce56416cf101f8b1fc4c00b262de7d
2022-09-02 06:14:48
22
61
ec2cae307fc1a867b9e637512fde0b9f0cdc5e39d1fb637a87dec12cc91bce8f
2022-08-31 19:50:22
24
61
366fbbd120148b4ac29a80555ecf5926638e450c43a2757208e7263557f0893c
2022-08-31 16:10:43
22
61
68bebcdcd00a42fcd01861e4007634cc69030c366bfa34c126813bf6d718b0bf
2022-08-31 15:57:59
21
58
32ce0ff407e0a1d060d55722525012360bfaed40834f784614d023eee2ae259a
2022-08-18 05:53:34
0
60
7c44205292db0f0022275617371b6a92941ab80f56e41e760f97123b9a5605e1
2022-08-12 22:54:07
0
60
87b685073edac6ac3fa5aec9dc423f369a01a02a51a516e50bbb6817b4684c9a
2022-08-12 18:26:51
0
60
ad63abdf3825e70cdcae3cd5c6243078ffb871b8812dee8d1fc3a7c03e1e97b1
2022-08-11 06:29:17
1
60
9c11f7a209f050c4d978e11e6924c8174104b971ec9f467a0bbb76366dbb3b17
2022-08-10 10:40:32
0
60
252231f4352e0ea9b764b6420d1b7602f44e6563b8b952d5840c048a80311406
2022-08-09 18:07:14
10
61
5ea70e10ec69988cebdf3cbca6d35ed366d5f04d3f925231d8e0aa7a30c69d01
2022-08-09 18:03:58
20
62
d885ccfd8a5a706e9642ee5d14a9f397fa24f0f1e24dfd9ef4ad69ffa17e3d1a
2022-08-09 17:11:28
10
61
1b5302e6d63279d45e5e7d69704561cb471f198079b144f747c34ba3a378d406
2022-08-09 17:08:12
21
62
b370fc9c3e57db0092a78c7dbfad5da03fe4c06c8c547aa32270bcdbf0680e0c
2022-08-09 14:06:17
9
59
af870d1770b410a66edb7a5798777ecc848f9147e559261f2ddd74b6bd2c2aa0
2022-08-09 14:05:22
20
62
9e95fc6f3bea37cb33f4a8607d954fb42d29c67b075905103ee3c4eb92655089
2022-08-05 11:23:13
1
59
ef3165184c5190afeaa8a90d9bf07b413c5f86f4a017f2c5dfeb33ad349106f2
2022-07-28 11:44:51
30
61
5fdce3589b5f0d4456e3deb14645205739794816371e396153b4e3e99dfe3789
2022-07-28 10:44:51
38
62
55f8d95fc330b1e9519dc572e4acf8e751387c090f7a640b8ec0257a006212bb
2022-07-27 12:43:28
0
59
a20889546a6624d484ab51edb031e4182d8c9967cfbd192b109de2116a180101
2022-07-24 22:12:56
0
59
5f026553e5262452e456a5ce68c3e04f665528e749f1ee17400ceda5bc0a797e
2022-07-24 22:09:31
42
62
428a38248615c9c54c10b3d199634a516392d54381085edc8c51229fa37d9b8b
2022-07-22 01:32:34
2
59
bf47113e7e6058c99b7d663998dd743a411b9d7cf99647c597fcd9d641973dfd
2022-07-17 18:50:22
34
61
8d74d544396b57e6faa4f8fdf96a1a5e30b196d56c15f7cf05767a406708a6b2
2022-07-17 18:45:37
29
61
821f45819930569b1264fa851c1a8bc668e0189b5ee886c195cd6e350bac0ad7
2022-07-06 04:57:03
1
56
b22fa7db5eae4aea539c641012c53500af779207d9741b45271a178fde3e1ad5

Rule Matches per Month (last 24 months)