File name: | 60431edef1154bb832f78bcbd7eb414778cbd1880cc06c959354916d95a3fa20 |
Full analysis: | https://app.any.run/tasks/b647cad4-d723-43a5-a539-f3d15055bcb2 |
Verdict: | Malicious activity |
Analysis date: | August 18, 2019, 07:31:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Last Saved By: alex, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jul 18 20:19:14 2019, Last Saved Time/Date: Mon Jul 29 05:27:48 2019, Security: 0 |
MD5: | B4D6D40B7C0EF2799C3412576EE3BD3F |
SHA1: | 1A42A56131CCD31F618D2D7A98636E06DD2F2033 |
SHA256: | 60431EDEF1154BB832F78BCBD7EB414778CBD1880CC06C959354916D95A3FA20 |
SSDEEP: | 3072:tdvxHlcaAy0iWYOcG4BDhnxDV8ixGKpb8rGYrMPelwhKmFV5xtezEsg8/dgSxnXd:tdvxHlcaAy0iWYOcG4BDhnxDV8ixGKpY |
.xls | | | Microsoft Excel sheet (78.9) |
---|
CompObjUserTypeLen: | 25 |
---|---|
CompObjUserType: | Microsoft Forms 2.0 Form |
Author: | - |
LastModifiedBy: | alex |
Software: | Microsoft Excel |
CreateDate: | 2019:07:18 19:19:14 |
ModifyDate: | 2019:07:29 04:27:48 |
Security: | None |
CodePage: | Windows Cyrillic |
Company: | - |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | w3 |
HeadingPairs: |
|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3504 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3504 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR96E5.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3504 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:2C0A252A8C10CEEF3A15F45988104053 | SHA256:34E520BA3358754AB02F7D0FB8E1AB10E07C9722C9729A2A88FF8771ADC93D2A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3504 | EXCEL.EXE | GET | — | 185.225.17.5:80 | http://185.225.17.5/r1 | unknown | — | — | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3504 | EXCEL.EXE | 185.225.17.5:80 | — | — | — | suspicious |