mraptor: write and execute should lead to "suspicious"

[rsaccani]

Is your feature request related to a problem? Please describe. Samples with autoexec and (write or execute) are currently flagged as suspicious. Threat actors are delivering malicious files without autoexec. They trigger the macro on pressing a button. Such samples have write and execute characteristics. See attached. sample.zip

Describe the solution you'd like Besides

        if self.autoexec and (self.execute or self.write):
            self.suspicious = True

This could be added:

        if self.execute and self.write:
            self.suspicious = True

Describe alternatives you've considered Looking at the attached sample, there is no alternative.

Additional context Droppers like the attached sample are currently being delivered via email campaigns.