File name: | sample2.XLS |
Full analysis: | https://app.any.run/tasks/33f558c3-6cdb-4a1a-80de-9d1a52dcc72d |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 07:29:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: autore, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Jun 5 19:19:34 2015, Last Saved Time/Date: Tue Jul 16 12:19:40 2019, Security: 0 |
MD5: | 9582B06BFF0F2B43D6693150FCB49C6A |
SHA1: | 2A90CA7964576B9210C8F35234214F32B412684E |
SHA256: | 1145EEE29B0805AFBB9CF03FA578CF79A1F94C43125AE6F3D2867810248FB555 |
SSDEEP: | 3072:PjvlYkRIPPm3eNCZmbpoahZhC0cixIiG0iIFLR8m9xe0VukmBj:rvlYkRIPPm3eNCZmbpoahZhC0cixIiGb |
.xls | | | Microsoft Excel sheet (78.9) |
---|
CompObjUserType: | (Foglio di lavoro di Microsoft Excel 2019 |
---|---|
CompObjUserTypeLen: | 42 |
HeadingPairs: |
|
TitleOfParts: | 20190716-83748 |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
Company: | - |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
ModifyDate: | 2019:07:16 11:19:40 |
CreateDate: | 2015:06:05 18:19:34 |
Software: | Microsoft Excel |
Author: | autore |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3488 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Exit code: 0 Version: 14.0.6024.1000 | ||||
2528 | "C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,Control_RunDLL C:\Windows\System32\intl.cpl | C:\Windows\System32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2104 | "C:\Windows\system32\rundll32.exe" shell32.dll,Control_RunDLL input.dll | C:\Windows\system32\rundll32.exe | — | rundll32.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3812 | C:\Windows\system32\mctadmin.exe | C:\Windows\system32\mctadmin.exe | — | rundll32.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: MCTAdmin Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2400 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Exit code: 0 Version: 14.0.6024.1000 | ||||
2500 | "C:\Windows\System32\control.exe" "C:\Windows\system32\timedate.cpl", | C:\Windows\System32\control.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Control Panel Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3612 | "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Windows\system32\timedate.cpl", | C:\Windows\system32\rundll32.exe | — | control.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3640 | C:\Windows\system32\DllHost.exe /Processid:{9DF523B0-A6C0-4EA9-B5F1-F4565C3AC8B8} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3456 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3488 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRF6D4.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3488 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF90DD056DCE54FBED.TMP | — | |
MD5:— | SHA256:— | |||
3488 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF383DB5876C1A33E7.TMP | — | |
MD5:— | SHA256:— | |||
3488 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF7BAF8E4231920060.TMP | — | |
MD5:— | SHA256:— | |||
3488 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFBBE944049C329B94.TMP | — | |
MD5:— | SHA256:— | |||
3488 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFE56138C220672BB1.TMP | — | |
MD5:— | SHA256:— | |||
3488 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF782F12CCF48F347F.TMP | — | |
MD5:— | SHA256:— | |||
2400 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRE7DB.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2400 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFAFAADDCFEB963309.TMP | — | |
MD5:— | SHA256:— | |||
2400 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF46BB699C1C619370.TMP | — | |
MD5:— | SHA256:— |