File name: | 42xx202o7a.xlsm |
Full analysis: | https://app.any.run/tasks/fb6d44c2-07f8-475b-937a-9125e578a3c5 |
Verdict: | Malicious activity |
Analysis date: | November 30, 2020, 06:19:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet |
File info: | Microsoft Excel 2007+ |
MD5: | 569EF374C994310BD11B48D663135B05 |
SHA1: | 1D5678BF3676AB70667629E32ABD75D1A5CB3D93 |
SHA256: | 7F9D36065BACA657CF9B1E624515938B57CDDBE9AFB2FC1594CF3B2EB2AC0024 |
SSDEEP: | 3072:c6Stgj2J6J/JgWJGOItpMAfJ/pMWTc9qBAKdT9QP4q/AAP:cADP9qBLiZ |
.xlsx | | | Excel Microsoft Office Open XML Format document (61.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (31.5) |
.zip | | | ZIP compressed archive (7.2) |
Creator: | - |
---|
ModifyDate: | 2020:11:30 00:30:19Z |
---|---|
CreateDate: | 2006:09:16 00:00:00Z |
LastModifiedBy: | - |
AppVersion: | 15.03 |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
TitlesOfParts: |
|
HeadingPairs: |
|
ScaleCrop: | No |
DocSecurity: | None |
Application: | Microsoft Excel |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1543 |
ZipCompressedSize: | 435 |
ZipCRC: | 0x2dd8890b |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0006 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2528 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
1892 | regsvr32 -s C:\ProgramData\guard.ocx | C:\Windows\system32\regsvr32.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft(C) Register Server Exit code: 3 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2528 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR7576.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2528 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\42xx202o7a.xlsm.LNK | lnk | |
MD5:950FBEAFDB7D9342ACD05999EA8A78F3 | SHA256:F4E4FF2C45C12310DCA7640D66CF750426D6208A7A222A201CB562217F819370 | |||
2528 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:AF35F3ECBA5EBA95F2A850224D6C0686 | SHA256:027C326C1B4D89AAB713A8258647715E51472CDB1D05FA66DF5CC2BA851BAB11 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2528 | EXCEL.EXE | GET | 403 | 62.173.139.128:80 | http://premiumstati.co/con3cti0n.dll | RU | html | 197 b | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2528 | EXCEL.EXE | 62.173.139.128:80 | premiumstati.co | JSC Internet-Cosmos | RU | unknown |
Domain | IP | Reputation |
---|---|---|
premiumstati.co |
| unknown |