File name: | ecb55b3ebbd9405138557a7cfcd00bea.xls |
Full analysis: | https://app.any.run/tasks/3008f00d-5067-4132-98ef-33e2a5764091 |
Verdict: | Malicious activity |
Analysis date: | January 18, 2019, 01:20:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Name of Creating Application: Microsoft Excel, Create Time/Date: Sat Sep 16 01:00:00 2006, Last Saved Time/Date: Mon Dec 24 18:20:02 2018, Security: 0 |
MD5: | ECB55B3EBBD9405138557A7CFCD00BEA |
SHA1: | AE7774754D0AC2E4846B72272D57BEDB13E63B4D |
SHA256: | B76FA69E7944C48D6F7D3DC415AFE62F601D7D7D2888F3D3E4D276A79DE02030 |
SSDEEP: | 6144:cZ+RwPONXoRjDhIcp0fDlavx+W26nAHvhJCeHfvgQb:hfR |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
Author: | - |
---|---|
LastModifiedBy: | - |
Software: | Microsoft Excel |
CreateDate: | 2006:09:16 00:00:00 |
ModifyDate: | 2018:12:24 18:20:02 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
AppVersion: | 12 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: |
|
HeadingPairs: |
|
CompObjUserTypeLen: | 38 |
CompObjUserType: | Microsoft Office Excel 2003 Worksheet |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2952 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
2164 | C:\Users\admin\Documents\procesexplorar3.51.exe | C:\Users\admin\Documents\procesexplorar3.51.exe | EXCEL.EXE | |
User: admin Company: Microsoft Corporation Inc Integrity Level: MEDIUM Description: Process Explorar Version: 3.01.1.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2952 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR8FA3.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2952 | EXCEL.EXE | C:\Users\admin\Documents\VB9D24.tmp | — | |
MD5:— | SHA256:— | |||
2952 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VB9D23.tmp | — | |
MD5:— | SHA256:— | |||
2952 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:41406772F8FB7E6CAA6E45CBE9A92DF2 | SHA256:339FD1A9C6F9C892F5735D233F4475EF8EFB26627BFC0A2FE575969F02F11725 | |||
2952 | EXCEL.EXE | C:\Users\admin\Documents\procesexplorar3.51.zip | compressed | |
MD5:DDDACBED33551439182B6CB1C67087CE | SHA256:FEFDF6AF5669ABB5DDB7B0527DD0609285319307538C573614B914CDD3085D04 | |||
2952 | EXCEL.EXE | C:\Users\admin\Documents\procesexplorar3.51.exe | executable | |
MD5:F08A0BB675F2DFF0C60A07CAE4D43E32 | SHA256:1EFD965617A1BBC312DFFEED1F21810660CBE2A9DDBF577754CA0B510D3CEA1E |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2164 | procesexplorar3.51.exe | 193.228.53.0:6881 | — | — | AT | unknown |
2164 | procesexplorar3.51.exe | 193.228.53.0:3927 | — | — | AT | unknown |
2164 | procesexplorar3.51.exe | 193.228.53.0:8419 | — | — | AT | unknown |
Domain | IP | Reputation |
---|---|---|
dns.msftncsi.com |
| shared |