File name: | sex.xls |
Full analysis: | https://app.any.run/tasks/656aec1f-ed26-4c96-b147-1a2476dbc3e5 |
Verdict: | Malicious activity |
Analysis date: | February 22, 2020, 06:54:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: WS, Subject: ppPDo, Author: mGwGod, Last Saved By: J, Revision Number: 602, Name of Creating Application: Microsoft Excel, Total Editing Time: 13:10:00, Create Time/Date: Fri Aug 30 10:14:50 2019, Last Saved Time/Date: Fri Feb 21 11:22:43 2020, Number of Pages: 1, Number of Words: 4902, Number of Characters: 4696, Security: 0 |
MD5: | B5EA9BC41A943B39305FBB493216812F |
SHA1: | FCA2D12B44F23FB8D582B32EE56B0B64BBB3C20E |
SHA256: | 6C6F773423EF4BF6FF592E4D2D4B0C2C4FA3C05F172B3BD9A2D00CF888CA9399 |
SSDEEP: | 12288:EA0qa36YhWY3Z3QTfQqEqHF1Pq2HNSpOqbVBBxKHjExVl3cyAuXdMtB:EAjlGZAT4vqHfi0urBEHjMV1cyA7B |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
CompObjUserTypeLen: | 25 |
---|---|
CompObjUserType: | Microsoft Forms 2.0 Form |
Title: | WS |
Subject: | ppPDo |
Author: | mGwGod |
LastModifiedBy: | J |
RevisionNumber: | 602 |
Software: | Microsoft Excel |
TotalEditTime: | 13.2 hours |
CreateDate: | 2019:08:30 09:14:50 |
ModifyDate: | 2020:02:21 11:22:43 |
Pages: | 1 |
Words: | 4902 |
Characters: | 4696 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
Bytes: | 63153 |
Lines: | 221 |
Paragraphs: | 29 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | Page2 |
HeadingPairs: |
|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3448 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR71BD.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\85ADFFC2.emf | emf | |
MD5:547067C026F403ADD46AB6FC9DC24264 | SHA256:054263D33C8212630C19B978004092CDB39BED7E8CE9B2CBC9335C18657DB671 | |||
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\32E775F2.emf | emf | |
MD5:8D92826B31BBE62E26E39622EFC3D7D8 | SHA256:7C9E5FBC698151D8AE90F0A7E274DDE10ADF82A5F8AD7827C73EED26D8EBB1E0 | |||
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E0C6746.emf | emf | |
MD5:AEB960ED01FE318CB0FCBE3018E91DFD | SHA256:86BBBE42E52D85E48FCFFCA106E3A077CC3C33F574EF97572D487EA61570BAE5 | |||
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9CB6BB44.emf | emf | |
MD5:5B152429BF2A750DE6C9D1F11E89F4E7 | SHA256:B0DE3E9B212E823B39651F8CD61580425D5889139366AA2FC48329AD7BBF4BAE | |||
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\49044278.emf | emf | |
MD5:9EE26F85695C3C88A26D0ED69F664FF2 | SHA256:BCE47AC892888B7B0BC78A7B5A6E4A98201B584C27A6E3E0E27C8E4201DE294A | |||
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\34A2B82E.emf | emf | |
MD5:2B2163CF080FD099510CF918FA59E2E2 | SHA256:A28E207E2970DCEF795AA3610B3DDB389B73DDB3CFF1B6CA87AAF250C8D2B8E7 | |||
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7E23AE57.emf | emf | |
MD5:79C94B04BF8710DE88A3A34C0C0EE4F5 | SHA256:C250C04F474AC7DC456D4BA9AF50437BADEE271DDB33C016AB1555BB0EA6FF42 | |||
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\29A3C894.emf | emf | |
MD5:9FB4781FB0BDD10E636A68705FE85F93 | SHA256:527A1B59121AC490954D760078A3CF7679C529CBAB4D70BC08D7DF6D108286C3 | |||
3448 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2850F520.emf | emf | |
MD5:496E9F126889E7025EFE095044098672 | SHA256:955556053097038D1CE582BA34E319881713D4AD3E45632EADD976500E62C7B8 |
Domain | IP | Reputation |
---|---|---|
microsoft-ware.com |
| unknown |