File name: | CVE-2018-15982_PoC.xls |
Full analysis: | https://app.any.run/tasks/20b419cb-ffb3-4e91-86d4-cf64e79d11d6 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2018, 09:24:01 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Wed Dec 5 21:49:00 2018, Security: 0 |
MD5: | 313C3DC60B2CF1B56D73CE652C8BD4E7 |
SHA1: | 544517BA4E6ACA8C252A4312410D73F24BA7D768 |
SHA256: | 7EADA4607BB4346CD5401096DD9859F7066B2C2FF8F70CE1CFED96FC8948261F |
SSDEEP: | 768:vwqwLxNpgG/RbDBHS2cxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAKDDYh9pQP/:vLqxNpgGZbhcxEtjPOtioVjDGUU1qfDA |
.xls | | | Microsoft Excel sheet (78.9) |
---|
CompObjUserType: | Microsoft Excel 2003 Worksheet |
---|---|
CompObjUserTypeLen: | 31 |
HeadingPairs: |
|
TitleOfParts: |
|
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 14 |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
ModifyDate: | 2018:12:05 21:49:00 |
CreateDate: | 2006:09:16 00:00:00 |
Software: | Microsoft Excel |
LastModifiedBy: | - |
Author: | - |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2824 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
2524 | C:\WINDOWS\system32\cmd.exe /c calc.exe | C:\WINDOWS\system32\cmd.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2876 | calc.exe | C:\Windows\system32\calc.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Calculator Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2824 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR6EA9.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2824 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\Excel8.0\ShockwaveFlashObjects.exd | tlb | |
MD5:6891ADBE3B8BC3D9D49D9D74F470FAF4 | SHA256:854965274A116BE9D2896311759B45D770DEACC6836F02EDEF29566CE728EBA6 | |||
2824 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol | sol | |
MD5:C18602D2718826D1D5B14C601D716E1C | SHA256:FF88A6144FEE8430898528F883B11B52AB5426FB6DA64CBDF26213A36ACA1BC6 | |||
2824 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx | sol | |
MD5:24064AA33F8D6C80531FDC8B964D6ADE | SHA256:9EFF0CC5DB68CFA7110547F258DE354C930BC0D35D79EA01A6C27C281880B1A7 | |||
2824 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2F29D53E.emf | emf | |
MD5:F9AFBE8A89F041F1D1B91A12D8FB717C | SHA256:BAB87068BC5847C2B2483FA1CDF0A2D0D5C1C562E8289DEAA64510D7AC8D77B7 |