URL: | http://www.tot.jp/scrc/2015%E7%B5%84%E7%B9%94%E8%A1%A8.xls |
Full analysis: | https://app.any.run/tasks/564482db-003b-49ef-bd39-7e25022f5496 |
Verdict: | Malicious activity |
Analysis date: | January 11, 2019, 10:38:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 4B42A7175FDE1CD62B422E3F241E4DA1 |
SHA1: | 8349C80E00AEE1D9B748C6CE19A3A3D68BD062E6 |
SHA256: | 927E1E258B396D45BBFBBADE73862FA05A4F854ABE9BB9F374D18661F770FE24 |
SSDEEP: | 3:N1KJS4w3GXGNyTFzxcRAYYdW:Cc4FzaRYdW |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2876 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3180 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2876 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2228 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
3708 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2876 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2876 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2228 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRFA04.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2228 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\{74D6D0DC-C89B-40C0-8E41-05E5D057F789} | — | |
MD5:— | SHA256:— | |||
2228 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\{CF84B719-4C59-4483-A668-63E19557F825} | — | |
MD5:— | SHA256:— | |||
2228 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF547AA07A23D82BDE.TMP | — | |
MD5:— | SHA256:— | |||
2228 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFD389998C839D2312.TMP | — | |
MD5:— | SHA256:— | |||
2876 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFEEAE9F0F9760A238.TMP | — | |
MD5:— | SHA256:— | |||
2876 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{01019A0C-158D-11E9-AA93-5254004A04AF}.dat | — | |
MD5:— | SHA256:— | |||
2228 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | binary | |
MD5:709F88A8FAF4104F0DC5F2501B4C0E8E | SHA256:52BB2DEFF59CCD6F5F491A266F96BF52B762758EA25A1E98FA169F729F8FD424 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2228 | EXCEL.EXE | HEAD | 200 | 219.118.219.167:80 | http://www.tot.jp/scrc/2015%E7%B5%84%E7%B9%94%E8%A1%A8.xls | JP | — | — | malicious |
2228 | EXCEL.EXE | OPTIONS | 200 | 219.118.219.167:80 | http://www.tot.jp/scrc/ | JP | — | — | malicious |
3180 | iexplore.exe | GET | 200 | 219.118.219.167:80 | http://www.tot.jp/scrc/2015%E7%B5%84%E7%B9%94%E8%A1%A8.xls | JP | document | 45.5 Kb | malicious |
976 | svchost.exe | OPTIONS | 301 | 219.118.219.167:80 | http://www.tot.jp/scrc | JP | html | 304 b | malicious |
976 | svchost.exe | PROPFIND | 301 | 219.118.219.167:80 | http://www.tot.jp/scrc | JP | html | 304 b | malicious |
2228 | EXCEL.EXE | HEAD | 200 | 219.118.219.167:80 | http://www.tot.jp/scrc/2015%E7%B5%84%E7%B9%94%E8%A1%A8.xls | JP | — | — | malicious |
976 | svchost.exe | PROPFIND | 301 | 219.118.219.167:80 | http://www.tot.jp/scrc | JP | html | 304 b | malicious |
976 | svchost.exe | OPTIONS | 200 | 219.118.219.167:80 | http://www.tot.jp/scrc/ | JP | html | 304 b | malicious |
2876 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
976 | svchost.exe | PROPFIND | 405 | 219.118.219.167:80 | http://www.tot.jp/ | JP | html | 308 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2876 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3180 | iexplore.exe | 219.118.219.167:80 | www.tot.jp | ASJ INC. | JP | malicious |
2228 | EXCEL.EXE | 219.118.219.167:80 | www.tot.jp | ASJ INC. | JP | malicious |
976 | svchost.exe | 219.118.219.167:80 | www.tot.jp | ASJ INC. | JP | malicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.tot.jp |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2228 | EXCEL.EXE | A Network Trojan was detected | SC TROJAN_DOWNLOADER Suspicious DOC loader of embedded OLE from external source |