A week or two ago reader Norris Carden submitted a malicious document. This document is another sleeper: it waits a couple of minutes before downloading and executing a malicious payload.
The trick used here is to start a ping command (from VBA macros) that will take several minutes to execute: cmd.exe /C ping 126.96.36.199 -n 250 nul
This command does 250 pings to Google DNS 188.8.131.52. It will take around 4 minutes and 10 seconds to execute. And after that, the VBA code downloads and executes malware.
Microsoft MVP Consumer Security
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.