File name: | b9a8c91ca53684394cd34b32477240a60579c89c048bafdb67cdd897606341ba.xls |
Full analysis: | https://app.any.run/tasks/d96f92a6-299b-4e90-af4b-0c9d97ebf8ed |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | March 21, 2019, 02:58:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Brian Hitchcock, Last Saved By: Brian Hitchcock, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Aug 9 16:30:26 2018, Last Saved Time/Date: Wed Mar 20 17:16:49 2019, Security: 0 |
MD5: | AE38F216E93723BAA21FFDD25BD6E893 |
SHA1: | B457B9A7165A39A6AFEA81C7916A924E8D7A5929 |
SHA256: | B9A8C91CA53684394CD34B32477240A60579C89C048BAFDB67CDD897606341BA |
SSDEEP: | 3072:QVk3hbdlylKsgqopeJBWhZFGkE+cL2NdAhU/+WgEY5z/RO+kz5+RyexNoxhrbYLC:Gk3hbdlylKsgqopeJBWhZFVE+W2NdAgR |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
Author: | Brian Hitchcock |
---|---|
LastModifiedBy: | Brian Hitchcock |
Software: | Microsoft Excel |
CreateDate: | 2018:08:09 15:30:26 |
ModifyDate: | 2019:03:20 17:16:49 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | Sheet1 |
HeadingPairs: |
|
CompObjUserTypeLen: | 31 |
CompObjUserType: | Microsoft Excel 2003 Worksheet |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
688 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
2212 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe" \\ec2-18-191-166-175.us-east-2.compute.amazonaws.com\webdav\msbuild.xml" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\msbuild.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: MSBuild.exe Exit code: 1 Version: 4.6.1055.0 built by: NETFXREL2 |
PID | Process | Filename | Type | |
---|---|---|---|---|
688 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR89C8.tmp.cvr | — | |
MD5:— | SHA256:— |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 18.191.166.175:445 | ec2-18-191-166-175.us-east-2.compute.amazonaws.com | — | US | unknown |
4 | System | 18.191.166.175:139 | ec2-18-191-166-175.us-east-2.compute.amazonaws.com | — | US | unknown |
Domain | IP | Reputation |
---|---|---|
ec2-18-191-166-175.us-east-2.compute.amazonaws.com |
| unknown |