File name: | new doc.xlsx |
Full analysis: | https://app.any.run/tasks/65ae73b9-cc3e-4cf1-aa51-aa41510224cc |
Verdict: | Malicious activity |
Analysis date: | December 18, 2018, 15:54:16 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 1005552EBB05987A9EF527A6A8C2BFEB |
SHA1: | 55CE3D7B2AABC6A79A52B13CD5DC2643D7BC04E0 |
SHA256: | E1B8CB4422E8C01AD0AEE329BEE39198B6BAAB4F65D83DE36EF3F654239464EC |
SSDEEP: | 3072:Ye/rkbFb15YByCEU2HHo0pVNZjcHyFRFunifMFFYMhnUJFyOKnIq2EsyJD:zkFbDYrEUbkVNVcEFua+UJFpqL |
.xlsx | | | Excel Microsoft Office Open XML Format document (61.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (31.5) |
.zip | | | ZIP compressed archive (7.2) |
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2018:10:29 17:58:09 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | docProps/ |
Application: | Microsoft Macintosh Excel |
---|---|
DocSecurity: | None |
ScaleCrop: | No |
HeadingPairs: |
|
TitlesOfParts: |
|
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
AppVersion: | 16.03 |
LastModifiedBy: | KB4 |
CreateDate: | 2014:07:08 19:37:28Z |
ModifyDate: | 2018:06:21 06:47:40Z |
Creator: | brian |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2708 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Exit code: 1 Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2708 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR95AC.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2708 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\98BAAF06.jpg | — | |
MD5:— | SHA256:— | |||
2708 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~$new doc.xlsx | — | |
MD5:— | SHA256:— | |||
2708 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat | dat | |
MD5:D7A950FEFD60DBAA01DF2D85FEFB3862 | SHA256:75D0B1743F61B76A35B1FEDD32378837805DE58D79FA950CB6E8164BFA72073A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2708 | EXCEL.EXE | GET | 200 | 52.207.201.209:80 | http://us-api.mimecast.com.kb4.io/XcmVkjaXBpZWt50X2lkPTxQwMzM0lYMjc0KNyZjYW1wNYWJlnbl9ydW5faWQ9MTY0fMDgxMyZhY3Rpb249YXR0YWNobWVudA== | US | — | — | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2708 | EXCEL.EXE | 52.207.201.209:80 | us-api.mimecast.com.kb4.io | Amazon.com, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
us-api.mimecast.com.kb4.io |
| suspicious |