MALICIOUS
270
Risk Score
Malware Insights
MITRE ATT&CK
T1059.005 Visual Basic
T1204.002 Malicious File
The file contains VBA macros with an Auto_Open subroutine that utilizes WScript.Shell to execute commands. This strongly suggests the macro is designed to download and execute a secondary payload from a remote source. The embedded URL is likely related to this malicious activity.
Heuristics 8
-
VBA macros detected medium 5 related findings OLE_VBA_MACROSDocument contains VBA macro code
-
Potential Shell call in VBA critical OLE_VBA_SHELLPotential Shell call in VBAMatched line in script
x = Shell("hh.exe " & gstrMPath & "\smxp.CHM", 1) -
WScript.Shell usage critical OLE_VBA_WSCRIPTWScript.Shell usageMatched line in script
Dim WSH As Object Set WSH = CreateObject("WScript.Shell") MyDocumentsPath = WSH.SpecialFolders("MyDocuments") -
CreateObject call high OLE_VBA_CREATEOBJCreateObject callMatched line in script
Dim WSH As Object Set WSH = CreateObject("WScript.Shell") MyDocumentsPath = WSH.SpecialFolders("MyDocuments") -
VBA p-code auto-exec with execution tokens high OLE_VBA_PCODE_AUTOEXEC_EXECCompiled VBA/cache stream contains an auto-execution token together with shell/download/object-execution tokens. This catches p-code-only or source-extraction-failure macro documents where visible source is unavailable.
-
Auto_Open macro low OLE_VBA_AUTOAuto_Open macroMatched line in script
Call Auto_Open -
Reference to Windows Script Host high SC_STR_WSCRIPTReference to Windows Script Host
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://www.ne.jp/asahi/excel/inoue/ In document text (OLE body)
Extracted artifacts 1
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
macros.bas |
vba-macro | oletools.olevba.extract_macros (decoded VBA source) | 295113 bytes |
SHA-256: 18f0106db4edbd9b33a286cbc1fa6f38f54b405a430e6dd430b62fb339ea7134 |
|||
Preview scriptFirst 1,000 lines of the extracted script
Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Sub 表示11()
On Error GoTo error_Err
Dim zm As Variant
zm = Worksheets(gstrMS).Range(gstrHyoji(0)).Value
ActiveWindow.Zoom = zm
Range("A1").Select
error_Exit:
Exit Sub
error_Err:
MsgBox Error$
Resume error_Exit
End Sub
Sub 表示12()
On Error GoTo error_Err
Dim zm As Variant
zm = Worksheets(gstrMS).Range(gstrHyoji(1)).Value
ActiveWindow.Zoom = zm
Range("A1").Select
error_Exit:
Exit Sub
error_Err:
MsgBox Error$
Resume error_Exit
End Sub
Sub 明細追加()
On Error Resume Next
Dim intHandan As Integer
Dim intWSCount As Integer
Dim intGyo As Integer, intKoumoku As Integer
Dim intCount As Integer, x As Integer, y As Integer
Dim intT As Integer, intY As Integer
Dim bytMeisai(3) As Byte '変数宣言
Call Auto_Open
bytMeisai(0) = ThisWorkbook.Worksheets.Count 'ワークシート数を調べる
bytMeisai(1) = Range("CE106") '設定値を取得(シートの枚数を取得する)
bytMeisai(2) = Range("CE107") '明細書01の状態を取得(表示時=0 非表示=1)
bytMeisai(3) = bytMeisai(0) - bytMeisai(1) - bytMeisai(2) '制御値を計算
Range(gstrM) = bytMeisai(3) '制御値を制御セルに代入
bytMeisai(3) = Range(gstrM).Value
Application.DisplayAlerts = False '削除メッセージを表示しない
Beep
intHandan = MsgBox("明細書を1枚追加[はい] 削除[いいえ]", vbYesNoCancel + vbInformation + vbDefaultButton1)
Application.ScreenUpdating = False
If intHandan = vbYes Then
If bytMeisai(3) = 0 Then
Worksheets("明細書01").Visible = True
Sheets("明細書01").Select
Range(gstrMP).Value = 1
Range("A1").Select
Sheets(gstrMS).Select
Range(gstrM).Value = 1
Range(gstrSokei(1)).Select
'総計01に明細書01参照の計算式を代入 =IF(ISERROR(明細書01!AB30),0,明細書01!AB30)
Range(gstrSokei(1)).Value = "=IF(ISERROR(明細書01!" & gstrCell(6) & "),0,明細書01!" _
& gstrCell(6) & ")"
Range("CE107") = 0 '明細書01を表示にするときにこのセルの値に0を代入する
'********** データ参照01 **********
intGyo = 113
intKoumoku = 158
intCount = 1
intT = 7
For y = 1 To 23
For x = 1 To 8 '項目の繰り返し処理
Select Case x
Case 1
Cells(intGyo, intKoumoku).Value = 1
Case 2
Cells(intGyo, intKoumoku).Value = intCount
Case 3
intY = 3
Cells(intGyo, intKoumoku).Value = "=明細書01!R" & intT & "C" & intY
Case 4
intY = 21
Cells(intGyo, intKoumoku).Value = "=明細書01!R" & intT & "C" & intY
Case 5
intY = 25
Cells(intGyo, intKoumoku).Value = "=明細書01!R" & intT & "C" & intY
Case 6
intY = 28
Cells(intGyo, intKoumoku).Value = "=明細書01!R" & intT & "C" & intY
Case 7
intY = 33
Cells(intGyo, intKoumoku).Value = "=明細書01!R" & intT & "C" & intY
Case 8
intY = 40
Cells(intGyo, intKoumoku).Value = "=明細書01!R" & intT & "C" & intY
End Select
intKoumoku = intKoumoku + 1
Next x
intT = intT + 1
intCount = intCount + 1
intKoumoku = 158
intGyo = intGyo + 1
Next y
'*************************************
intWSCount = ActiveWorkbook.Worksheets.Count
Range(gstrM).Value = intWSCount - 1
ActiveWindow.ScrollRow = 2
ActiveWindow.ScrollColumn = 2
Range("A1").Select
Beep
ElseIf bytMeisai(3) = 1 Then
Sheets("明細書01").Select
Sheets("明細書01").Copy after:=Sheets(2)
Worksheets("明細書01 (2)").name = "明細書02"
Call 削除3
Range(gstrMP).Value = 2
Range("A1").Select
Worksheets("明細書02").Move after:=Worksheets("明細書01")
Sheets(gstrMS).Select
Range(gstrSokei(2)).Select
'総計02に明細書02参照の計算式を代入 =IF(ISERROR(明細書02!AB30),0,明細書02!AB30)
Range(gstrSokei(2)).Value = "=IF(ISERROR(明細書02!" & gstrCell(6) & "),0,明細書02!" _
& gstrCell(6) & ")"
Range("CE107") = 0 '明細書01を表示にするときにセルの値に0を代入する
'********** データ参照02 **********
intGyo = 136
intKoumoku = 158
intCount = 1
intT = 7
For y = 1 To 23
For x = 1 To 8 '項目の繰り返し処理
Select Case x
Case 1
Cells(intGyo, intKoumoku).Value = 2
Case 2
Cells(intGyo, intKoumoku).Value = intCount
Case 3
intY = 3
Cells(intGyo, intKoumoku).Value = "=明細書02!R" & intT & "C" & intY
Case 4
intY = 21
Cells(intGyo, intKoumoku).Value = "=明細書02!R" & intT & "C" & intY
Case 5
intY = 25
Cells(intGyo, intKoumoku).Value = "=明細書02!R" & intT & "C" & intY
Case 6
intY = 28
Cells(intGyo, intKoumoku).Value = "=明細書02!R" & intT & "C" & intY
Case 7
intY = 33
Cells(intGyo, intKoumoku).Value = "=明細書02!R" & intT & "C" & intY
Case 8
intY = 40
Cells(intGyo, intKoumoku).Value = "=明細書02!R" & intT & "C" & intY
End Select
intKoumoku = intKoumoku + 1
Next x
intT = intT + 1
intCount = intCount + 1
intKoumoku = 158
intGyo = intGyo + 1
Next y
'*************************************
intWSCount = ActiveWorkbook.Worksheets.Count
Range(gstrM).Value = intWSCount - 1
ActiveWindow.ScrollRow = 2
ActiveWindow.ScrollColumn = 2
Range("A1").Select
Beep
ElseIf bytMeisai(3) = 2 Then
Sheets("明細書01").Select
Sheets("明細書01").Copy after:=Sheets(2)
Worksheets("明細書01 (2)").name = "明細書03"
Call 削除3
Range(gstrMP).Value = 3
Worksheets("明細書03").Move after:=Worksheets("明細書02")
Sheets(gstrMS).Select
Range(gstrSokei(3)).Select
'総計03に明細書03参照の計算式を代入 =IF(ISERROR(明細書03!AB30),0,明細書03!AB30)
Range(gstrSokei(3)).Value = "=IF(ISERROR(明細書03!" & gstrCell(6) & "),0,明細書03!" _
& gstrCell(6) & ")"
Range("CE107") = 0 '明細書02を表示にするときにセルの値に0を代入する
'********** データ参照03 **********
intGyo = 159
intKoumoku = 158
intCount = 1
intT = 7
For y = 1 To 23
For x = 1 To 8 '項目の繰り返し処理
Select Case x
Case 1
Cells(intGyo, intKoumoku).Value = 3
Case 2
Cells(intGyo, intKoumoku).Value = intCount
Case 3
intY = 3
Cells(intGyo, intKoumoku).Value = "=明細書03!R" & intT & "C" & intY
Case 4
intY = 21
Cells(intGyo, intKoumoku).Value = "=明細書03!R" & intT & "C" & intY
Case 5
intY = 25
Cells(intGyo, intKoumoku).Value = "=明細書03!R" & intT & "C" & intY
Case 6
intY = 28
Cells(intGyo, intKoumoku).Value = "=明細書03!R" & intT & "C" & intY
Case 7
intY = 33
Cells(intGyo, intKoumoku).Value = "=明細書03!R" & intT & "C" & intY
Case 8
intY = 40
Cells(intGyo, intKoumoku).Value = "=明細書03!R" & intT & "C" & intY
End Select
intKoumoku = intKoumoku + 1
Next x
intT = intT + 1
intCount = intCount + 1
intKoumoku = 158
intGyo = intGyo + 1
Next y
'*************************************
intWSCount = ActiveWorkbook.Worksheets.Count
Range(gstrM).Value = intWSCount - 1
ActiveWindow.ScrollRow = 2
ActiveWindow.ScrollColumn = 2
Range("A1").Select
Beep
ElseIf bytMeisai(3) = 3 Then
Sheets("明細書01").Select
Sheets("明細書01").Copy after:=Sheets(2)
Worksheets("明細書01 (2)").name = "明細書04"
Call 削除3
Range(gstrMP).Value = 4
Worksheets("明細書04").Move after:=Worksheets("明細書03")
Sheets(gstrMS).Select
Range(gstrSokei(4)).Select
'総計04に明細書04参照の計算式を代入 =IF(ISERROR(明細書04!AB30),0,明細書04!AB30)
Range(gstrSokei(4)).Value = "=IF(ISERROR(明細書04!" & gstrCell(6) & "),0,明細書04!" _
& gstrCell(6) & ")"
Range("CE107") = 0 '明細書03を表示にするときにセルの値に0を代入する
'********** データ参照04 **********
intGyo = 182
intKoumoku = 158
intCount = 1
intT = 7
For y = 1 To 23
For x = 1 To 8 '項目の繰り返し処理
Select Case x
Case 1
Cells(intGyo, intKoumoku).Value = 4
Case 2
Cells(intGyo, intKoumoku).Value = intCount
Case 3
intY = 3
Cells(intGyo, intKoumoku).Value = "=明細書04!R" & intT & "C" & intY
Case 4
intY = 21
Cells(intGyo, intKoumoku).Value = "=明細書04!R" & intT & "C" & intY
Case 5
intY = 25
Cells(intGyo, intKoumoku).Value = "=明細書04!R" & intT & "C" & intY
Case 6
intY = 28
Cells(intGyo, intKoumoku).Value = "=明細書04!R" & intT & "C" & intY
Case 7
intY = 33
Cells(intGyo, intKoumoku).Value = "=明細書04!R" & intT & "C" & intY
Case 8
intY = 40
Cells(intGyo, intKoumoku).Value = "=明細書04!R" & intT & "C" & intY
End Select
intKoumoku = intKoumoku + 1
Next x
intT = intT + 1
intCount = intCount + 1
intKoumoku = 158
intGyo = intGyo + 1
Next y
'*************************************
intWSCount = ActiveWorkbook.Worksheets.Count
Range(gstrM).Value = intWSCount - 1
ActiveWindow.ScrollRow = 2
ActiveWindow.ScrollColumn = 2
Range("A1").Select
Beep
ElseIf bytMeisai(3) = 4 Then
Sheets("明細書01").Select
Sheets("明細書01").Copy after:=Sheets(2)
Worksheets("明細書01 (2)").name = "明細書05"
Call 削除3
Range(gstrMP).Value = 5
Worksheets("明細書05").Move after:=Worksheets("明細書04")
Sheets(gstrMS).Select
Range(gstrSokei(5)).Select
'総計05に明細書05参照の計算式を代入 =IF(ISERROR(明細書05!AB30),0,明細書05!AB30)
Range(gstrSokei(5)).Value = "=IF(ISERROR(明細書05!" & gstrCell(6) & "),0,明細書05!" _
& gstrCell(6) & ")"
Range("CE107") = 0 '明細書04を表示にするときにセルの値に0を代入する
'********** データ参照05 **********
intGyo = 205
intKoumoku = 158
intCount = 1
intT = 7
For y = 1 To 23
For x = 1 To 8 '項目の繰り返し処理
Select Case x
Case 1
Cells(intGyo, intKoumoku).Value = 5
Case 2
Cells(intGyo, intKoumoku).Value = intCount
Case 3
intY = 3
Cells(intGyo, intKoumoku).Value = "=明細書05!R" & intT & "C" & intY
Case 4
intY = 21
Cells(intGyo, intKoumoku).Value = "=明細書05!R" & intT & "C" & intY
Case 5
intY = 25
Cells(intGyo, intKoumoku).Value = "=明細書05!R" & intT & "C" & intY
Case 6
intY = 28
Cells(intGyo, intKoumoku).Value = "=明細書05!R" & intT & "C" & intY
Case 7
intY = 33
Cells(intGyo, intKoumoku).Value = "=明細書05!R" & intT & "C" & intY
Case 8
intY = 40
Cells(intGyo, intKoumoku).Value = "=明細書05!R" & intT & "C" & intY
End Select
intKoumoku = intKoumoku + 1
Next x
intT = intT + 1
intCount = intCount + 1
intKoumoku = 158
intGyo = intGyo + 1
Next y
'*************************************
intWSCount = ActiveWorkbook.Worksheets.Count
Range(gstrM).Value = intWSCount - 1
ActiveWindow.ScrollRow = 2
ActiveWindow.ScrollColumn = 2
Range("A1").Select
Beep
ElseIf bytMeisai(3) = 5 Then
Sheets("明細書01").Select
Sheets("明細書01").Copy after:=Sheets(2)
Worksheets("明細書01 (2)").name = "明細書06"
Call 削除3
Range(gstrMP).Value = 6
Worksheets("明細書06").Move after:=Worksheets("明細書05")
Sheets(gstrMS).Select
Range(gstrSokei(6)).Select
'総計06に明細書06参照の計算式を代入 =IF(ISERROR(明細書06!AB30),0,明細書06!AB30)
Range(gstrSokei(6)).Value = "=IF(ISERROR(明細書06!" & gstrCell(6) & "),0,明細書06!" _
& gstrCell(6) & ")"
Range("CE107") = 0 '明細書06を表示にするときにセルの値に0を代入する
'********** データ参照06 **********
intGyo = 228
intKoumoku = 158
intCount = 1
intT = 7
For y = 1 To 23
For x = 1 To 8 '項目の繰り返し処理
Select Case x
Case 1
Cells(intGyo, intKoumoku).Value = 6
Case 2
Cells(intGyo, intKoumoku).Value = intCount
Case 3
intY = 3
Cells(intGyo, intKoumoku).Value = "=明細書06!R" & intT & "C" & intY
Case 4
intY = 21
Cells(intGyo, intKoumoku).Value = "=明細書06!R" & intT & "C" & intY
Case 5
intY = 25
Cells(intGyo, intKoumoku).Value = "=明細書06!R" & intT & "C" & intY
Case 6
intY = 28
Cells(intGyo, intKoumoku).Value = "=明細書06!R" & intT & "C" & intY
Case 7
intY = 33
Cells(intGyo, intKoumoku).Value = "=明細書06!R" & intT & "C" & intY
Case 8
intY = 40
Cells(intGyo, intKoumoku).Value = "=明細書06!R" & intT & "C" & intY
End Select
intKoumoku = intKoumoku + 1
Next x
intT = intT + 1
intCount = intCount + 1
intKoumoku = 158
intGyo = intGyo + 1
Next y
'*************************************
intWSCount = ActiveWorkbook.Worksheets.Count
Range(gstrM).Value = intWSCount - 1
ActiveWindow.ScrollRow = 2
ActiveWindow.ScrollColumn = 2
Range("A1").Select
Beep
ElseIf bytMeisai(3) = 6 Then
Sheets("明細書01").Select
Sheets("明細書01").Copy after:=Sheets(2)
Worksheets("明細書01 (2)").name = "明細書07"
Call 削除3
Range(gstrMP).Value = 7
Worksheets("明細書07").Move after:=Worksheets("明細書06")
Sheets(gstrMS).Select
Range(gstrSokei(7)).Select
'総計07に明細書07参照の計算式を代入 =IF(ISERROR(明細書07!AB30),0,明細書07!AB30)
Range(gstrSokei(7)).Value = "=IF(ISERROR(明細書07!" & gstrCell(6) & "),0,明細書07!" _
& gstrCell(6) & ")"
Range("CE107") = 0 '明細書07を表示にするときにセルの値に0を代入する
'********** データ参照07 **********
intGyo = 251
intKoumoku = 158
intCount = 1
intT = 7
For y = 1 To 23
For x = 1 To 8 '項目の繰り返し処理
Select Case x
Case 1
Cells(intGyo, intKoumoku).Value = 7
Case 2
Cells(intGyo, intKoumoku).Value = intCount
Case 3
intY = 3
Cells(intGyo, intKoumoku).Value = "=明細書07!R" & intT & "C" & intY
Case 4
intY = 21
Cells(intGyo, intKoumoku).Value = "=明細書07!R" & intT & "C" & intY
Case 5
intY = 25
Cells(intGyo, intKoumoku).Value = "=明細書07!R" & intT & "C" & intY
Case 6
intY = 28
Cells(intGyo, intKoumoku).Value = "=明細書07!R" & intT & "C" & intY
Case 7
intY = 33
Cells(intGyo, intKoumoku).Value = "=明細書07!R" & intT & "C" & intY
Case 8
intY = 40
Cells(intGyo, intKoumoku).Value = "=明細書07!R" & intT & "C" & intY
End Select
intKoumoku = intKoumoku + 1
Next x
intT = intT + 1
intCount = intCount + 1
intKoumoku = 158
intGyo = intGyo + 1
Next y
'*************************************
intWSCount = ActiveWorkbook.Worksheets.Count
Range(gstrM).Value = intWSCount - 1
ActiveWindow.ScrollRow = 2
ActiveWindow.ScrollColumn = 2
Range("A1").Select
Beep
ElseIf bytMeisai(3) = 7 Then
Sheets("明細書01").Select
Sheets("明細書01").Copy after:=Sheets(2)
Worksheets("明細書01 (2)").name = "明細書08"
Call 削除3
Range(gstrMP).Value = 8
Worksheets("明細書08").Move after:=Worksheets("明細書07")
Sheets(gstrMS).Select
Range(gstrSokei(8)).Select
'総計08に明細書08参照の計算式を代入 =IF(ISERROR(明細書08!AB30),0,明細書08!AB30)
Range(gstrSokei(8)).Value = "=IF(ISERROR(明細書08!" & gstrCell(6) & "),0,明細書08!" _
& gstrCell(6) & ")"
Range("CE107") = 0 '明細書08を表示にするときにセルの値に0を代入する
'********** データ参照08 **********
intGyo = 274
intKoumoku = 158
intCount = 1
intT = 7
For y = 1 To 23
For x = 1 To 8 '項目の繰り返し処理
Select Case x
Case 1
Cells(intGyo, intKoumoku).Value = 8
Case 2
Cells(intGyo, intKoumoku).Value = intCount
Case 3
intY = 3
Cells(intGyo, intKoumoku).Value = "=明細書08!R" & intT & "C" & intY
Case 4
intY = 21
Cells(intGyo, intKoumoku).Value = "=明細書08!R" & intT & "C" & intY
Case 5
intY = 25
Cells(intGyo, intKoumoku).Value = "=明細書08!R" & intT & "C" & intY
Case 6
intY = 28
Cells(intGyo, intKoumoku).Value = "=明細書08!R" & intT & "C" & intY
Case 7
intY = 33
Cells(intGyo, intKoumoku).Value = "=明細書08!R" & intT & "C" & intY
Case 8
intY = 40
Cells(intGyo, intKoumoku).Value = "=明細書08!R" & intT & "C" & intY
End Select
intKoumoku = intKoumoku + 1
Next x
intT = intT + 1
intCount = intCount + 1
intKoumoku = 158
intGyo = intGyo + 1
Next y
'*************************************
intWSCount = ActiveWorkbook.Worksheets.Count
Range(gstrM).Value = intWSCount - 1
ActiveWindow.ScrollRow = 2
ActiveWindow.ScrollColumn = 2
Range("A1").Select
Beep
ElseIf bytMeisai(3) = 8 Then
Sheets("明細書01").Select
Sheets("明細書01").Copy after:=Sheets(2)
Worksheets("明細書01 (2)").name = "明細書09"
Call 削除3
…
|
|||
Open this report in the interactive analyzer, or submit your own file for analysis.