File name: | MIL0001776442.xls |
Full analysis: | https://app.any.run/tasks/f47e0c43-d354-40b7-9ce1-5a3195834a91 |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 11:21:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Sep 26 11:42:14 2019, Last Saved Time/Date: Mon Sep 30 13:23:51 2019, Security: 0 |
MD5: | 52438F028ADD40E96A58EA3E110429B9 |
SHA1: | 7188E2C62DDEC51F3D6465953304FA4C4625681F |
SHA256: | 4DAB3D7A2A6370BAB032F80FB94647DE55AF039ECA9B5383AD17CE8DB67AC32A |
SSDEEP: | 1536:hwhW4elYkEIbSkKBEqEXPgsRZmbaoFhZhR0cixIHm0NwwKcdL6tYxRDS6cKqoWCa:hwhWRlYkEIuPm3fNRZmbaoFhZhR0cixN |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
Author: | - |
---|---|
LastModifiedBy: | - |
Software: | Microsoft Excel |
CreateDate: | 2019:09:26 10:42:14 |
ModifyDate: | 2019:09:30 12:23:51 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | Notifica |
HeadingPairs: |
|
CompObjUserTypeLen: | 42 |
CompObjUserType: | (Foglio di lavoro di Microsoft Excel 2003 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1556 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
2824 | "C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE" -x -s 1268 | C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Application Error Reporting Version: 14.0.6015.1000 | ||||
2112 | C:\Windows\system32\dwwin.exe -x -s 1268 | C:\Windows\system32\dwwin.exe | — | DW20.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Watson Client Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRA850.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFFE9931FEE051E9D8.TMP | — | |
MD5:— | SHA256:— | |||
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFCF71C0C5FAAFA335.TMP | — | |
MD5:— | SHA256:— | |||
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFCE53B6E63F97ECA9.TMP | — | |
MD5:— | SHA256:— | |||
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFC40F33E1E7908592.TMP | — | |
MD5:— | SHA256:— | |||
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1624E063.emf | emf | |
MD5:8DAD60848C6B432897EDB83C16C559B9 | SHA256:2AF9F17686EDB6BF584D6D519499740413AE016C95548E25DEC6B629CD04C975 | |||
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D9BD1B69.emf | emf | |
MD5:E033F76A03ABC9D334655C2894E5813B | SHA256:D100706963663DAF6B679A964E8C2E9F58BB6B902009496B0F430F3FFC80BF95 | |||
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\49425B6A.emf | emf | |
MD5:CB606F1B7025F650FC1C708D385427CB | SHA256:57B13EDEB6DC0BD7A03CF8E2F644F32B3371B46BAFAA904397B7479460D49DE5 | |||
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\3780890.cvr | sqm | |
MD5:350FCC14AB357692C9A25D41036D5395 | SHA256:A01EAF0180B1F5988DE09C01BBFBE7ACD25B176D0BE4DD086E81A80ADDC34D5E | |||
1556 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\Excel8.0\MSForms.exd | tlb | |
MD5:A324D912A6B60D92E23F8B1A37C45A02 | SHA256:B54BE842DFEF0D4384FB4A15835FBBEF7105B5A1330B68FC9574563F0442CEED |