File name: | 22be6422e8cc09bda69843acc405f104 |
Full analysis: | https://app.any.run/tasks/db8ebe67-53ea-4bba-ba80-7674d3d55ccc |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 07:38:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Testing, Last Saved By: Testing, Name of Creating Application: Microsoft Excel, Create Time/Date: Wed Jul 3 09:41:23 2019, Last Saved Time/Date: Wed Jan 8 07:07:06 2020, Security: 0 |
MD5: | 22BE6422E8CC09BDA69843ACC405F104 |
SHA1: | 6AA6440E24C8397A8D59FCBFF3D1DAAA59C40FEF |
SHA256: | 8892279F3D87BCD44D8F9AC1AF7E6DA0CFC7CF1731B531056E24E98510BEA83C |
SSDEEP: | 768:LZiYZ+RwPONXoRjDhIcp0fDlaGGx+cL26nAKdNhDn3IUj+Qmiu/vimxWnCBdjdud:LQYZ+RwPONXoRjDhIcp0fDlaGGx+cL2o |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
CompObjUserType: | Microsoft Office Excel 2003 Worksheet |
---|---|
CompObjUserTypeLen: | 38 |
HeadingPairs: |
|
TitleOfParts: |
|
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 12 |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
ModifyDate: | 2020:01:08 07:07:06 |
CreateDate: | 2019:07:03 08:41:23 |
Software: | Microsoft Excel |
LastModifiedBy: | Testing |
Author: | Testing |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2156 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
3252 | cmd /c C:\Drivers\Audio.bat | C:\Windows\system32\cmd.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2912 | attrib +a +h +s C:\Users\admin\Adobe | C:\Windows\system32\attrib.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3648 | attrib +a +h +s C:\Users\admin\Daily | C:\Windows\system32\attrib.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3704 | attrib +a +h +s C:\Drivers | C:\Windows\system32\attrib.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4052 | schtasks /delete /tn Winmgt_log /f | C:\Windows\system32\schtasks.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2348 | schtasks /delete /tn Yahoo_Drive /f | C:\Windows\system32\schtasks.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
340 | schtasks /create /sc minute /mo 10 /f /tn Winmgt_log /tr C:\Drivers\dphc.exe | C:\Windows\system32\schtasks.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
348 | schtasks /create /sc minute /mo 20 /f /tn Yahoo_Drive /tr C:\Drivers\Drive.vbs | C:\Windows\system32\schtasks.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2156 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR7782.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2156 | EXCEL.EXE | C:\Drivers\Audio.txt | — | |
MD5:— | SHA256:— | |||
3252 | cmd.exe | C:\Drivers\Drive.vbs | text | |
MD5:7253096500E1C347B6B7FC2F12B2A921 | SHA256:4F75622C2DD839FB5DB7E37FB0528E38C4EB107690F51F00B5331E863DC645D1 | |||
2156 | EXCEL.EXE | C:\Drivers\Drive.txt | text | |
MD5:7253096500E1C347B6B7FC2F12B2A921 | SHA256:4F75622C2DD839FB5DB7E37FB0528E38C4EB107690F51F00B5331E863DC645D1 | |||
3252 | cmd.exe | C:\Users\admin\Adobe\Driver\dwg\pid.txt | text | |
MD5:86327C9B47CC23D0167275D27ABBA9E3 | SHA256:A917305F9A70360045428BBF8F1031E078D9F06A43F7E5B633606E803C900230 | |||
3252 | cmd.exe | C:\Users\admin\Adobe\Driver\pdf\pid.txt | text | |
MD5:86327C9B47CC23D0167275D27ABBA9E3 | SHA256:A917305F9A70360045428BBF8F1031E078D9F06A43F7E5B633606E803C900230 | |||
2156 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:923B0212A0BA28D71C5AC38015A3E50F | SHA256:FC2CCAF1BCDC62EADFC451E4F7CE746AEC38381331485104ED755CDFFEA2D665 | |||
2156 | EXCEL.EXE | C:\Drivers\Audio.bat | text | |
MD5:5FC01ED2B2245F95C05A666716026993 | SHA256:6A35D4158A5CB8E764777BA05C3D7D8A93A3865B24550BFB2EB8756C11B57BE3 |