File name: | payroll_nov_19.xls |
Full analysis: | https://app.any.run/tasks/20b6a518-f4d6-4f6c-9ea9-993f606c0ed4 |
Verdict: | Malicious activity |
Analysis date: | January 18, 2020, 11:12:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, Code page: 1252, Title: WSIQyUC, Subject: X, Author: Lzinxr, Last Saved By: Administrator, Revision Number: 537, Name of Creating Application: Microsoft Excel, Total Editing Time: 1d+07:43:00, Create Time/Date: Fri Aug 30 10:14:50 2019, Last Saved Time/Date: Mon Nov 18 21:09:41 2019, Number of Pages: 2, Number of Words: 4065, Number of Characters: 9188, Security: 0 |
MD5: | 8B818BF5E8F2C343D5A01BBE5C386157 |
SHA1: | B374FF2203E3FE0D8AC2EAA787FFBB15A6130552 |
SHA256: | 0592254E14ABD3411F87743237355D4B2EF78E6D3C0EE9EF15275836DBC2B78B |
SSDEEP: | 24576:cgWiQJVgAkrE2wicVdqjMyq5339kH9fVZn0rfKli9V:NQjQHK4qRkxn0F |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
CompObjUserTypeLen: | 25 |
---|---|
CompObjUserType: | Microsoft Forms 2.0 Form |
Title: | WSIQyUC |
Subject: | X |
Author: | Lzinxr |
LastModifiedBy: | Administrator |
RevisionNumber: | 537 |
Software: | Microsoft Excel |
TotalEditTime: | 1.3 days |
CreateDate: | 2019:08:30 09:14:50 |
ModifyDate: | 2019:11:18 21:09:41 |
Pages: | 2 |
Words: | 4065 |
Characters: | 9188 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
Bytes: | 19408 |
Lines: | 285 |
Paragraphs: | 90 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: |
|
HeadingPairs: |
|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1016 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR9C0C.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBA342.tmp | — | |
MD5:— | SHA256:— | |||
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBA341.tmp | — | |
MD5:— | SHA256:— | |||
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFBF43E692303BDDB3.TMP | — | |
MD5:— | SHA256:— | |||
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBA365.tmp | — | |
MD5:— | SHA256:— | |||
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBA364.tmp | — | |
MD5:— | SHA256:— | |||
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\83A93000 | — | |
MD5:— | SHA256:— | |||
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF6F8A2949AA58ED59.TMP | — | |
MD5:— | SHA256:— | |||
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~$main_tamplate.xlsx | — | |
MD5:— | SHA256:— | |||
1016 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF6276A6C42EDB553D.TMP | — | |
MD5:— | SHA256:— |