File name: | DHL CUSTOMER PARCEL.xlsx |
Full analysis: | https://app.any.run/tasks/1abc8691-8dd9-42cd-a25c-b9e2ddd5a74c |
Verdict: | Malicious activity |
Analysis date: | November 15, 2018, 11:33:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/encrypted |
File info: | CDFV2 Encrypted |
MD5: | B9D116BF296CDE5018F5144116CD199B |
SHA1: | 9D0C3F92512806C996E3916351E44A8F53752EE7 |
SHA256: | 8CF3BB0B6C11E5201FDDD998EFD042AE25B044D08AA121C6641258185DBF5D48 |
SSDEEP: | 3072:kHj3vOne3IrVsokkcOTswtweVkN/GhnYH0Ph1U6YdLANHI4critDzC:kHj/3lo/zweCNwnYWN+LANmiBC |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3240 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
2284 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Exit code: 0 Version: 00110900 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3240 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR9A60.tmp.cvr | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2284 | EQNEDT32.EXE | GET | 404 | 23.249.161.100:80 | http://23.249.161.100/extrum/spdzn.exe | US | xml | 1.03 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2284 | EQNEDT32.EXE | 23.249.161.100:80 | — | ColoCrossing | US | malicious |
PID | Process | Class | Message |
---|---|---|---|
2284 | EQNEDT32.EXE | A Network Trojan was detected | ET INFO Executable Download from dotted-quad Host |