File name: | PMT_3567381618_200054047_201112170000.xls |
Full analysis: | https://app.any.run/tasks/c4992f45-8a92-4549-b5b0-75fdd2095e58 |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 07:46:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: A, Subject: caP, Author: Atl, Last Saved By: Microsoft Office, Revision Number: 699, Name of Creating Application: Microsoft Excel, Total Editing Time: 09:05:00, Create Time/Date: Fri Aug 30 10:14:50 2019, Last Saved Time/Date: Tue Sep 10 11:38:59 2019, Number of Pages: 1, Number of Words: 4669, Number of Characters: 1838, Security: 0 |
MD5: | 73E8D7D3213A4462EFC116E814904C69 |
SHA1: | CD270E97760A1AC1BB06C03791EE3E54511173E6 |
SHA256: | 8FBCC5E457C4E223148820CF4A1B6F760C819BF0BF0B5C61B92DCF8D5F8B5805 |
SSDEEP: | 6144:F8mdr74qRlm5ibfVdLkUikJdGC1XcONnxusA2:F8UrDtdoUfPTfV |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
HeadingPairs: |
|
---|---|
TitleOfParts: | 1 |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 11.9999 |
Paragraphs: | 46 |
Lines: | 526 |
Bytes: | 86400 |
Company: | - |
CodePage: | Windows Cyrillic |
Security: | None |
Characters: | 1838 |
Words: | 4669 |
Pages: | 1 |
ModifyDate: | 2019:09:10 10:38:59 |
CreateDate: | 2019:08:30 09:14:50 |
TotalEditTime: | 9.1 hours |
Software: | Microsoft Excel |
RevisionNumber: | 699 |
LastModifiedBy: | Microsoft Office |
Author: | Atl |
Subject: | caP |
Title: | A |
CompObjUserType: | Microsoft Forms 2.0 Form |
CompObjUserTypeLen: | 25 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3452 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3452 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR9B1C.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3452 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBA58E.tmp | — | |
MD5:— | SHA256:— | |||
3452 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBA58D.tmp | — | |
MD5:— | SHA256:— | |||
3452 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF1226A315AB6B2400.TMP | — | |
MD5:— | SHA256:— | |||
3452 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\F5A61000 | — | |
MD5:— | SHA256:— | |||
3452 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF544E16F350F2B1FB.TMP | — | |
MD5:— | SHA256:— | |||
3452 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~$13.xlsx | — | |
MD5:— | SHA256:— | |||
3452 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFD575585D348B6E2D.TMP | — | |
MD5:— | SHA256:— | |||
3452 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:01BD4D484839B2AEC7FD7FA23B16CCD8 | SHA256:3D4BF8B933F0E08A0D36F406D6E9C33D97EB96B509888B4144916D28B4845F9A | |||
3452 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\carpc1.dll | executable | |
MD5:CD4C856F0C7E2906ABFBC0E83B3C1C0D | SHA256:00208B70C6C214A7DC5CBBFF6D5D50A5952AD2ACFD35BC56CC930E52803D278E |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3452 | EXCEL.EXE | 95.216.147.100:443 | windows-update-02-en.com | Hetzner Online GmbH | DE | unknown |
Domain | IP | Reputation |
---|---|---|
windows-update-02-en.com |
| malicious |