File name: | doc_9115.xls |
Full analysis: | https://app.any.run/tasks/bfcea719-c814-45b9-b700-bc7ffa8304f7 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 13:46:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: gfRakAyfjO, Last Saved By: Administrator, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:17:20 2015, Last Saved Time/Date: Thu Oct 15 10:27:57 2020, Security: 0 |
MD5: | 7447D4A3C526CBDCDB0903AF620C2A05 |
SHA1: | E4D9AE87E7C31FD51C5666C75126845CE3B66C32 |
SHA256: | 041B3F30644287344352243F458B2D496C29D83F3DF8BC9988EF385AC458692A |
SSDEEP: | 768:zmQk3hOdsylKlgxopeiBNhZFGzE+cL2kdAJHQAwDUd8Y8QQLoDO87sUaPBxJWW:Zk3hOdsylKlgxopeiBNhZFGzE+cL2kd9 |
.xls | | | Microsoft Excel sheet (78.9) |
---|
Author: | gfRakAyfjO |
---|---|
LastModifiedBy: | Administrator |
Software: | Microsoft Excel |
CreateDate: | 2015:06:05 18:17:20 |
ModifyDate: | 2020:10:15 09:27:57 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: |
|
HeadingPairs: |
|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3084 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3084 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR4FAB.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3084 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFF8D52A439E5FDB43.TMP | — | |
MD5:— | SHA256:— | |||
3084 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\28D61000 | — | |
MD5:— | SHA256:— | |||
3084 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~$doc_9115.xlsm | — | |
MD5:— | SHA256:— | |||
3084 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\QGQNpZY7.dat | text | |
MD5:E1322901684DB4D74F7385A6C3DF90DC | SHA256:0C97E8CF7D3ED6DF078266293E56AAC03DEC12EBEF6FB45A6AA7C519592CF618 | |||
3084 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\doc_9115.xlsm | document | |
MD5:049FF135BAFCF2CB35B0E16782805342 | SHA256:FD69DDC8CA86B1CFBBF59AF16AEA746BC9E709EAEA1C339483FFF04BDCB2FE0F | |||
3084 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\doc_9115.xls | document | |
MD5:9362E594A5EB8E7A3F2BF95B2BA8BB22 | SHA256:FA7C0EBB9740A5F2E6FE7A11C196EF051A41693E1BF4D79D0B1CEFDCF6C68E2A |