File name: | PO266048.xls |
Full analysis: | https://app.any.run/tasks/05d9a007-d4a6-4ae3-9577-e4abbda77315 |
Verdict: | Malicious activity |
Analysis date: | March 30, 2020, 16:56:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: nBCrHDV, Subject: i, Author: VKiV, Last Saved By: Administrator, Revision Number: 615, Name of Creating Application: Microsoft Excel, Total Editing Time: 10:56:00, Create Time/Date: Fri Aug 30 10:14:50 2019, Last Saved Time/Date: Thu Mar 19 17:18:47 2020, Number of Pages: 1, Number of Words: 1168, Number of Characters: 9074, Security: 0 |
MD5: | F00090EB4995C93199B5E21460540FDC |
SHA1: | F5ECA436D5B21CB0EEF5E408A241878D680007AD |
SHA256: | C72DC55BD6D32968BCBA7F85D4A77692D019850B9508AA941E402B488B3D48C1 |
SSDEEP: | 12288:XxZ92/aqiNntFCF7iqEbpXjpC2nxvgz8FnQnsEjNO6bh+De98Cd671osO:XxjyIx/bpzp2YFQnZjNO6NJvd67Wj |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
CompObjUserTypeLen: | 25 |
---|---|
CompObjUserType: | Microsoft Forms 2.0 Form |
Title: | nBCrHDV |
Subject: | i |
Author: | VKiV |
LastModifiedBy: | Administrator |
RevisionNumber: | 615 |
Software: | Microsoft Excel |
TotalEditTime: | 10.9 hours |
CreateDate: | 2019:08:30 09:14:50 |
ModifyDate: | 2020:03:19 17:18:47 |
Pages: | 1 |
Words: | 1168 |
Characters: | 9074 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
Bytes: | 26494 |
Lines: | 786 |
Paragraphs: | 95 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: |
|
HeadingPairs: |
|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3772 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR6CFB.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\47CE858D.emf | emf | |
MD5:79C94B04BF8710DE88A3A34C0C0EE4F5 | SHA256:C250C04F474AC7DC456D4BA9AF50437BADEE271DDB33C016AB1555BB0EA6FF42 | |||
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\44AEA220.emf | emf | |
MD5:8D92826B31BBE62E26E39622EFC3D7D8 | SHA256:7C9E5FBC698151D8AE90F0A7E274DDE10ADF82A5F8AD7827C73EED26D8EBB1E0 | |||
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\26872116.emf | emf | |
MD5:9EE26F85695C3C88A26D0ED69F664FF2 | SHA256:BCE47AC892888B7B0BC78A7B5A6E4A98201B584C27A6E3E0E27C8E4201DE294A | |||
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8C7577FE.emf | emf | |
MD5:496E9F126889E7025EFE095044098672 | SHA256:955556053097038D1CE582BA34E319881713D4AD3E45632EADD976500E62C7B8 | |||
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B0A1FA92.emf | emf | |
MD5:9FB4781FB0BDD10E636A68705FE85F93 | SHA256:527A1B59121AC490954D760078A3CF7679C529CBAB4D70BC08D7DF6D108286C3 | |||
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6BF1FFC8.emf | emf | |
MD5:958478837FB2BAFDBC7024C01C6BCF43 | SHA256:C7F967BF1D85A65B87BD1141AA746A36FDE949C954A27913116CB8A0DBF0DEFA | |||
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A7944BE7.emf | emf | |
MD5:B66A05AA32740E9A15275C5BC2BF144C | SHA256:F7840EC63C8E82D8426F145932F6B5A6BDB20D02090B5D34330A1779C5358052 | |||
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F16564C2.emf | emf | |
MD5:5B152429BF2A750DE6C9D1F11E89F4E7 | SHA256:B0DE3E9B212E823B39651F8CD61580425D5889139366AA2FC48329AD7BBF4BAE | |||
3772 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7B044DB1.emf | emf | |
MD5:2F0611CA745C318450034721515B3AE0 | SHA256:37BAA0A1CE26E4F38684229F57F364048CB677DC3F105B19AB8975CFF32D5E5D |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3772 | EXCEL.EXE | 185.176.221.216:443 | static-downloads.com | — | LV | unknown |
Domain | IP | Reputation |
---|---|---|
static-downloads.com |
| unknown |