File name: | details1910.xls |
Full analysis: | https://app.any.run/tasks/88c4ef1d-f974-4f29-8d25-96ef40fc7bd6 |
Verdict: | Malicious activity |
Analysis date: | October 19, 2020, 21:32:06 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: XMgXOblU, Last Saved By: fckav, Name of Creating Application: Microsoft Excel, Create Time/Date: Mon Sep 14 22:28:14 2020, Last Saved Time/Date: Mon Oct 19 12:56:08 2020, Security: 1 |
MD5: | AA533F3325ACA3C1DE116F1C6DED8E85 |
SHA1: | 9D19EE326384074D7C2A1ADF178276A58930C83E |
SHA256: | A449DB8785122E372305E3611767533D26DB08CA147B043FBCF15E006106EDAD |
SSDEEP: | 6144:YLtffRrlfODceiP1ZU2w4UbPaQrwG4T0IKxSLPG/rE5bkNSi:+OceiP1ZU2w40aQTIkSLPQrE5fi |
.xls | | | Microsoft Excel sheet (78.9) |
---|
Author: | XMgXOblU |
---|---|
LastModifiedBy: | fckav |
Software: | Microsoft Excel |
CreateDate: | 2020:09:14 21:28:14 |
ModifyDate: | 2020:10:19 11:56:08 |
Security: | Password protected |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: |
|
HeadingPairs: |
|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1204 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
2820 | "C:\Windows\System32\rundll32.exe" C:\vOLhDcU\QbsIdRa\izlpQqC.dll,DllRegisterServer | C:\Windows\System32\rundll32.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1204 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR4309.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1204 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\details1910.xls.LNK | lnk | |
MD5:3AD6536B3A6738BD639FFC815FCE88E0 | SHA256:58543F4396CEB6B4F46A41C38700F7DC286C040D0383D98C697E4997ABE15946 | |||
1204 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:8C13347D19F88BB2C15B06C16C7F236E | SHA256:B161E0880C7C6A9DA54FD69B2806E974D0E2DB2170EA4FD4F236B78B3C9321BB | |||
1204 | EXCEL.EXE | C:\Users\admin\Documents\My Data Sources\FOLDER.ICO | image | |
MD5:A6DDCCFDAD18D5CA7AAEB168B6D02253 | SHA256:3114451F95C7FB8D7D884A19C724F6C7FF906B6D9BEC1BF7C6300D2CCA4F43A6 | |||
1204 | EXCEL.EXE | C:\Users\admin\Documents\My Data Sources\+Connect to New Data Source.odc | html | |
MD5:16A8A9A2B0A8B65FAF28E1007DB6733F | SHA256:3A13080059292811E5AC3F9E8B04B2C8EEA95D6A5538116AD751D11C834E6056 | |||
1204 | EXCEL.EXE | C:\Users\admin\Documents\My Data Sources\+NewSQLServerConnection.odc | html | |
MD5:149E8C684B9EA9887DD2E7E596E7187C | SHA256:43B12E68FB3B5BCC4099D796FA670A62B116A894437454A20050661DEF9D8816 | |||
1204 | EXCEL.EXE | C:\Users\admin\Documents\My Data Sources\DESKTOP.INI | ini | |
MD5:466AFDBDD30770A1A6B47AFD85099E82 | SHA256:D63E228A2173E58FA14818AAF610E9E6676D2D9836C5C2ED83BA6A783B7BB999 |