File name: | 60431edef1154bb832f78bcbd7eb414778cbd1880cc06c959354916d95a3fa20.xls |
Full analysis: | https://app.any.run/tasks/33e81180-0499-41ac-9069-b61d686d75cb |
Verdict: | Malicious activity |
Analysis date: | August 18, 2019, 07:33:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Last Saved By: alex, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jul 18 20:19:14 2019, Last Saved Time/Date: Mon Jul 29 05:27:48 2019, Security: 0 |
MD5: | B4D6D40B7C0EF2799C3412576EE3BD3F |
SHA1: | 1A42A56131CCD31F618D2D7A98636E06DD2F2033 |
SHA256: | 60431EDEF1154BB832F78BCBD7EB414778CBD1880CC06C959354916D95A3FA20 |
SSDEEP: | 3072:tdvxHlcaAy0iWYOcG4BDhnxDV8ixGKpb8rGYrMPelwhKmFV5xtezEsg8/dgSxnXd:tdvxHlcaAy0iWYOcG4BDhnxDV8ixGKpY |
.xls | | | Microsoft Excel sheet (78.9) |
---|
HeadingPairs: |
|
---|---|
TitleOfParts: | w3 |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
Company: | - |
CodePage: | Windows Cyrillic |
Security: | None |
ModifyDate: | 2019:07:29 04:27:48 |
CreateDate: | 2019:07:18 19:19:14 |
Software: | Microsoft Excel |
LastModifiedBy: | alex |
Author: | - |
CompObjUserType: | Microsoft Forms 2.0 Form |
CompObjUserTypeLen: | 25 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3404 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3404 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR9985.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3404 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:F89EB61D5B9C700877797F6B6F3BC7EE | SHA256:B265996CFE50FBACE2007B2CFE8BED86A766568B7DC6DF9A1F295DC90C937287 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3404 | EXCEL.EXE | GET | — | 185.225.17.5:80 | http://185.225.17.5/r1 | unknown | — | — | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3404 | EXCEL.EXE | 185.225.17.5:80 | — | — | — | suspicious |