File name: | 28bedd938ba05a172ea32a008d418e455a60267d7492dba66b940ef26964d37b.xlsm |
Full analysis: | https://app.any.run/tasks/5ea668f1-9ab9-4271-97e9-6d6b3f649629 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 17:42:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | 0D38ADC0B048BAB3BD91861D42CD39DF |
SHA1: | 545032F63A3561A571F69F81974C2F1637DD93C5 |
SHA256: | 28BEDD938BA05A172EA32A008D418E455A60267D7492DBA66B940EF26964D37B |
SSDEEP: | 49152:XDS9AG+dztjNMmWWaK4y290suNfpLqsycp+cjNYihwA:XkA3zE4VPyKusTtjyihB |
.xlam | | | Excel Macro-enabled Open XML add-in (42.4) |
---|---|---|
.xlsm | | | Excel Microsoft Office Open XML Format document (with Macro) (29.2) |
.xlsx | | | Excel Microsoft Office Open XML Format document (17.3) |
.zip | | | Open Packaging Conventions container (8.9) |
.zip | | | ZIP compressed archive (2) |
ModifyDate: | 2019:08:08 13:06:51Z |
---|---|
CreateDate: | 2019:08:07 10:56:35Z |
AppVersion: | 00.0000 |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
TitlesOfParts: | Sheet1 |
HeadingPairs: |
|
ScaleCrop: | No |
DocSecurity: | None |
Application: | Microsoft Excel |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1847 |
ZipCompressedSize: | 474 |
ZipCRC: | 0xc91ced1a |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2932 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Exit code: 0 Version: 14.0.6024.1000 | ||||
3980 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 | ||||
3328 | "C:\Users\admin\AppData\Roaming\MSBuild.exe" | C:\Users\admin\AppData\Roaming\MSBuild.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
2932 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRF064.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2932 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~$28bedd938ba05a172ea32a008d418e455a60267d7492dba66b940ef26964d37b.xlsm | — | |
MD5:— | SHA256:— | |||
2932 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoBDC.tmp | — | |
MD5:— | SHA256:— | |||
2932 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFDF40E0A10E66E5A9.TMP | — | |
MD5:— | SHA256:— | |||
2932 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\48041ACF.png | — | |
MD5:— | SHA256:— | |||
2932 | EXCEL.EXE | C:\Users\admin\Desktop\8D773000 | — | |
MD5:— | SHA256:— | |||
2932 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AC9F7086.jpeg | — | |
MD5:— | SHA256:— | |||
2932 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF890947172F65059C.TMP | — | |
MD5:— | SHA256:— | |||
2932 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FBF4E59.emf | emf | |
MD5:FE3FE0C4439FDBD1C17451D099D3A4D8 | SHA256:8D8D54E8769513DB9F92268E3B2705A808601D3CD05E0792D110FFB51918C204 | |||
2932 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\28bedd938ba05a172ea32a008d418e455a60267d7492dba66b940ef26964d37b.xlsm.LNK | lnk | |
MD5:184825D7D3399A70E74EE15A34ED8415 | SHA256:4DA9AE18CFD6351B8C4021669E75090AF0EF3E4E9ACC5C16F1D023D4BB580B6D |