File name: | Proforma Invoice.xlsx |
Full analysis: | https://app.any.run/tasks/9baa056f-db5f-440b-8195-d53bfd6e2648 |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 08:36:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | 85FD3F8E1CB90FEC5BC35C97BB4DE904 |
SHA1: | 517AF559C97ADD6A0526ECAA34064FA3047BCEF6 |
SHA256: | 229C4F5533C38F1AEBAAA570D977DCAD5B63D9876B2862D2623BFB6D33A58452 |
SSDEEP: | 192:hQ9aX3d/X+1Q918FuLJ3RnLpcuryxyBmJyjqdxKPXel:hAG39uwZJ3ouryxy25xKml |
.xlsx | | | Excel Microsoft Office Open XML Format document (61.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (31.5) |
.zip | | | ZIP compressed archive (7.2) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0002 |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:07:17 23:56:00 |
ZipCRC: | 0xb0fb548e |
ZipCompressedSize: | 373 |
ZipUncompressedSize: | 1396 |
ZipFileName: | [Content_Types].xml |
Application: | Microsoft Excel |
---|---|
DocSecurity: | None |
ScaleCrop: | No |
HeadingPairs: |
|
TitlesOfParts: | Sheet1 |
Company: | - |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
AppVersion: | 14.03 |
CreateDate: | 2006:09:16 00:00:00Z |
ModifyDate: | 2006:09:16 00:00:00Z |
Creator: | xx |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3712 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
4088 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
116 | C:\Users\admin\AppData\Roaming\name.exe | C:\Users\admin\AppData\Roaming\name.exe | — | EQNEDT32.EXE |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
3712 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRF8D7.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3712 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\Proforma Invoice.xlsx.LNK | lnk | |
MD5:B663394AD2AD2C454AD92D4CDEFE9C9E | SHA256:1C5217252B0F09F25010E2C6D5A9F823FA1EA17CFE6EFCBC6FA7D005D2075780 | |||
3712 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:B372A74C0230184DD2F59E0004F0B845 | SHA256:E5AA64D5EA9FF55DC41481632D89EB32FDBC41EDF53C878072C75457629CA0D3 | |||
4088 | EQNEDT32.EXE | C:\Users\admin\AppData\Roaming\name.exe | executable | |
MD5:83B3900947FCDDDA5B65C72A26398FF2 | SHA256:6B8AE8976390C33D7338D5250E24CA3BEFD7F10EBAC8F4B64871CEF08FB0A879 | |||
4088 | EQNEDT32.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\test[1].exe | executable | |
MD5:83B3900947FCDDDA5B65C72A26398FF2 | SHA256:6B8AE8976390C33D7338D5250E24CA3BEFD7F10EBAC8F4B64871CEF08FB0A879 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4088 | EQNEDT32.EXE | 50.87.115.208:443 | bonbonii.com | Unified Layer | US | malicious |
Domain | IP | Reputation |
---|---|---|
bonbonii.com |
| malicious |