File name: | Cancellation_Letter_541411513-02242021.xls |
Full analysis: | https://app.any.run/tasks/cdc575db-64e1-4fc0-bf1e-285a79b0b177 |
Verdict: | Malicious activity |
Analysis date: | April 01, 2023, 09:19:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1251, Author: Admin, Last Saved By: Friner, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 00:00:00 2006, Last Saved Time/Date: Wed Feb 24 11:15:29 2021, Security: 0 |
MD5: | A7BA7BD69D41F3BE1E69740C33C4FBF8 |
SHA1: | D56BC9BF6E700C75B14322D174FF1C9FC881F3F0 |
SHA256: | 0C611FC0B990B1269C7E5D98613C9E0AB4D3A1166370ED707B8D6063F05F6DE0 |
SSDEEP: | 3072:6cPiTQAVW/89BQnmlcGvgZ6Gr3J8YUOMFt/BI/s/C/i/R/7/3/UQ/OhP/2/a/1/P:6cPiTQAVW/89BQnmlcGvgZ7r3J8YUOMq |
.xls | | | Microsoft Excel sheet (78.9) |
---|
Author: | Admin |
---|---|
LastModifiedBy: | Friner |
Software: | Microsoft Excel |
CreateDate: | 2006:09:16 00:00:00 |
ModifyDate: | 2021:02:24 11:15:29 |
Security: | None |
CodePage: | Windows Cyrillic |
ScaleCrop: | No |
LinksUpToDate: | No |
TitleOfParts: |
|
HeadingPairs: |
|
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2824 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 Modules
|
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1033 |
Value: On | |||
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1041 |
Value: On | |||
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1046 |
Value: On | |||
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1036 |
Value: On | |||
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1031 |
Value: On | |||
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1040 |
Value: On | |||
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1049 |
Value: On | |||
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 3082 |
Value: On | |||
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1042 |
Value: On | |||
(PID) Process: | (2824) EXCEL.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\LanguageResources\EnabledLanguages |
Operation: | write | Name: | 1055 |
Value: On |
PID | Process | Filename | Type | |
---|---|---|---|---|
2824 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRF5CA.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2824 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\45017430227662000000[1].htm | html | |
MD5:5219965DBCF4E3BE8317E962DDF334E9 | SHA256:93B88577E72A6A0AD0B0CC4ECCA2CDB8D4650604D8F7B9B480FFBF5791628D8D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2824 | EXCEL.EXE | GET | 301 | 185.104.29.76:80 | http://vngkinderopvang.nl/rmyjq/45017430227662000000.dat | NL | html | 265 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2824 | EXCEL.EXE | 185.104.29.76:443 | vngkinderopvang.nl | Stichting DIGI NL | NL | malicious |
2824 | EXCEL.EXE | 185.104.29.76:80 | vngkinderopvang.nl | Stichting DIGI NL | NL | malicious |
Domain | IP | Reputation |
---|---|---|
sumonpro.xyz |
| suspicious |
vngkinderopvang.nl |
| malicious |