File name: | Invoice for PB525076.xls |
Full analysis: | https://app.any.run/tasks/a9b718a2-10ac-4fe9-aeea-e2b43bd516b2 |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 23:42:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Title: Q, Subject: KYJ, Author: XzU, Last Saved By: 1, Revision Number: 385, Name of Creating Application: Microsoft Excel, Total Editing Time: 1d+15:54:00, Create Time/Date: Fri Aug 30 10:14:50 2019, Last Saved Time/Date: Wed Sep 18 13:06:42 2019, Number of Pages: 3, Number of Words: 1354, Number of Characters: 4079, Security: 0 |
MD5: | FA9B1EA6C92B8DFCF7E153FDD93466C5 |
SHA1: | 9B9166A29D468FA9C8451714CDFC17EBE3B902A5 |
SHA256: | 9E07435060FAE9619B948D690550FAA9A47B1040C55D161D3F62A58EF9818A71 |
SSDEEP: | 6144:Fbwu5lJZa1PFY3CVjzTmnGk3hOdsylKlgryzc4bNhZF+E+W/gEGH+uQcekYJQQVQ:JJZEPFYYsgewekY4 |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
CompObjUserTypeLen: | 25 |
---|---|
CompObjUserType: | Microsoft Forms 2.0 Form |
Title: | Q |
Subject: | KYJ |
Author: | XzU |
LastModifiedBy: | 1 |
RevisionNumber: | 385 |
Software: | Microsoft Excel |
TotalEditTime: | 1.7 days |
CreateDate: | 2019:08:30 09:14:50 |
ModifyDate: | 2019:09:18 12:06:42 |
Pages: | 3 |
Words: | 1354 |
Characters: | 4079 |
Security: | None |
CodePage: | Windows Cyrillic |
Company: | - |
Bytes: | 54908 |
Lines: | 866 |
Paragraphs: | 83 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | 1 |
HeadingPairs: |
|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3524 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3524 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR9ADD.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3524 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBA502.tmp | — | |
MD5:— | SHA256:— | |||
3524 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBA501.tmp | — | |
MD5:— | SHA256:— | |||
3524 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF48E921984F097571.TMP | — | |
MD5:— | SHA256:— | |||
3524 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\85A61000 | — | |
MD5:— | SHA256:— | |||
3524 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFC2D02AD42E206137.TMP | — | |
MD5:— | SHA256:— | |||
3524 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~$pesgdhb_.xlsx | — | |
MD5:— | SHA256:— | |||
3524 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFDC76F9348DDB7051.TMP | — | |
MD5:— | SHA256:— | |||
3524 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\pattern1.dll | executable | |
MD5:8BB5A3C1FC6EA41AD660BF376D202E53 | SHA256:D2E12A993BB27D58F2B335084A9DFB81C5FCEB894D2B7AF1E23B04D373C83963 | |||
3524 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:DAB28B1C81EC08562436E1609F90AECE | SHA256:E8DFA6FE6D372789201AA247132AD41705EA55D1916E3BFB81EB7BBCF10C5D27 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3524 | EXCEL.EXE | 195.123.247.92:443 | office365-en-gb.com | — | UA | unknown |
Domain | IP | Reputation |
---|---|---|
office365-en-gb.com |
| unknown |