File name: | faktura.xlsm |
Full analysis: | https://app.any.run/tasks/6dfafd1b-bbc2-4a19-9277-cc5130fed054 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 13:49:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet |
File info: | Microsoft Excel 2007+ |
MD5: | 8A4BA13095DAFD4C9BA66ACF3C5C6447 |
SHA1: | 2E7131ECD2A8A012ECAE52B7C17A6A2C117DDC02 |
SHA256: | 704ED14AD1E52F9616429148BB11D859A479A7268EF873F857A107031040E03C |
SSDEEP: | 1536:V0TqxkDNIVXnR8TeYSSkCXgN+Uu+j6XJaRqWD/0ACKNDGbmJ0bzXmURi1:VsxWXnCjiubXKD/ECJCTe |
.xlsx | | | Excel Microsoft Office Open XML Format document (61.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (31.5) |
.zip | | | ZIP compressed archive (7.2) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0006 |
ZipCompression: | Deflated |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCRC: | 0x3091ed74 |
ZipCompressedSize: | 469 |
ZipUncompressedSize: | 3193 |
ZipFileName: | [Content_Types].xml |
Application: | Microsoft Excel |
---|---|
DocSecurity: | None |
ScaleCrop: | No |
HeadingPairs: |
|
TitlesOfParts: |
|
Company: | - |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
AppVersion: | 14.03 |
LastModifiedBy: | - |
CreateDate: | 2020:05:27 22:50:01Z |
ModifyDate: | 2020:05:27 22:56:17Z |
Creator: | - |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2420 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
3020 | "C:\Windows\System32\rundll32.exe" mHMUKpx.dll,DllRegisterServer | C:\Windows\System32\rundll32.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2420 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRA164.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2420 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\faktura.xlsm.LNK | lnk | |
MD5:6AF5C74694A0D967CA27B502AF3EA42E | SHA256:C2B654FE5133D5AA5FC1357088AA22294188DF2ED60F014684FAF0545D2383C5 | |||
2420 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:041E60CA6960112463167302BF0EAE46 | SHA256:FF1862428E56BB6141FB591F5DEEDAA96E650A1400BE3EF9018B4E595D9F3F47 |