File name: | 1c6496d96e1f0d0de39bdcb976a729e75c652869adb9fc3d0679895b94160280.xls |
Full analysis: | https://app.any.run/tasks/15f673fc-0238-4b81-bf17-7a6412237649 |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 10:13:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: epgJklhO, Last Saved By: Administrator, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Aug 5 10:52:25 2020, Last Saved Time/Date: Wed Aug 5 10:52:40 2020, Security: 0 |
MD5: | 6CC6B83C88A3F7D289C4AD7785240497 |
SHA1: | 9464B675361F72FC0F5FE71C17A981501F63C0EC |
SHA256: | 1C6496D96E1F0D0DE39BDCB976A729E75C652869ADB9FC3D0679895B94160280 |
SSDEEP: | 6144:2k3hbdlylKsgqopeJBWhZFVE+W2NdAF7bPautwpBIp/lqkC1y12hU:svPalr+weIm |
.xls | | | Microsoft Excel sheet (78.9) |
---|
HeadingPairs: |
|
---|---|
TitleOfParts: |
|
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
Company: | - |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
ModifyDate: | 2020:08:05 09:52:40 |
CreateDate: | 2020:08:05 09:52:25 |
Software: | Microsoft Excel |
LastModifiedBy: | Administrator |
Author: | epgJklhO |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2704 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
1332 | explorer.exe C:\Users\admin\AppData\Local\Temp\GG9.vbs | C:\Windows\explorer.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3476 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2164 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\GG9.vbs" | C:\Windows\System32\WScript.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2704 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRBD36.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2704 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF7AD9F31AB8CBF6E9.TMP | — | |
MD5:— | SHA256:— | |||
2704 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\1c6496d96e1f0d0de39bdcb976a729e75c652869adb9fc3d0679895b94160280.xls.LNK | lnk | |
MD5:CA00919E80BE9CA840393EB450DD61F2 | SHA256:5B68CCE4972658658285CD5539CB34E2F3CF7AF19EB80632A6342BDB926B4CA3 | |||
2704 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:8D304869418B8D3E353C26F3031B48F7 | SHA256:9C871E048402F4B8DAC892AD33101EA2D5DC4CEED824F037C29538A748290F27 | |||
2704 | EXCEL.EXE | C:\Users\admin\Desktop\1c6496d96e1f0d0de39bdcb976a729e75c652869adb9fc3d0679895b94160280.xls | document | |
MD5:9166FC266785680C5362F69381993A90 | SHA256:362431C081F07612705644A86B779F1CBB4610B1F5CCA170E2BBF51D84386AEF | |||
2704 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\GG9.vbs | text | |
MD5:1CC240C1DBBD2776223CAA725A865D12 | SHA256:52F2BFB2129072154FBDB9949EB84B4E0916721FB3E6D48E97E2F347C6723D4A | |||
2164 | WScript.exe | C:\Users\admin\AppData\Local\Temp\tu5k7ZU.txt | text | |
MD5:A5EA0AD9260B1550A14CC58D2C39B03D | SHA256:F1B2F662800122BED0FF255693DF89C4487FBDCF453D3524A42D4EC20C3D9C04 |