File name: | Shqyrtimi i taksave 2019 03172_k2.xls |
Full analysis: | https://app.any.run/tasks/40666608-dd38-4764-b54e-fde9e6b4873a |
Verdict: | Malicious activity |
Analysis date: | January 17, 2020, 21:02:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Create Time/Date: Tue Nov 19 14:58:31 2019, Last Saved Time/Date: Wed Nov 20 21:49:32 2019, Security: 0 |
MD5: | B1D34757594DC11A3FA9F917083C4358 |
SHA1: | 0726DA8B5DF0D79B1D9CF73AE7ED6361C7FC183D |
SHA256: | E537F6064E582602E4F1E64A6FDBCE2C7A6FD923D7B39D91BC3C1B5052340210 |
SSDEEP: | 1536:+fQzl3ZpWh+QO3uMdS9dSttRJwyE/4XZlLAr+cd5UG:+fQzl3ZpWh+QO3uMdS9dSttRJwyE/4XI |
.xls | | | Microsoft Excel sheet (78.9) |
---|
CreateDate: | 2019:11:19 14:58:31 |
---|---|
ModifyDate: | 2019:11:20 21:49:32 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: |
|
HeadingPairs: |
|
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | GET | 301 | 104.20.68.143:80 | http://pastebin.com/ | US | — | — | shared |
— | — | GET | 200 | 173.194.5.216:80 | http://r2---sn-aigl6n7d.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mip=78.157.214.134&mm=28&mn=sn-aigl6n7d&ms=nvh&mt=1579295115&mv=m&mvi=1&pl=19&shardbypass=yes | US | crx | 293 Kb | whitelisted |
— | — | GET | 302 | 172.217.22.78:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 515 b | whitelisted |
— | — | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D | US | der | 1.47 Kb | whitelisted |
— | — | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEAxHWpoyfQpCuYL7zNoKQA4%3D | US | der | 279 b | whitelisted |
— | — | GET | 200 | 52.109.88.8:80 | http://office14client.microsoft.com/config14?UILCID=1033&CLCID=1033&ILCID=1033&HelpLCID=1033&App={538F6C89-2AD5-4006-8154-C6670774E980}&build=14.0.6023 | NL | xml | 1.99 Kb | whitelisted |
— | — | GET | 302 | 172.217.22.78:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx | US | html | 510 b | whitelisted |
— | — | GET | 200 | 173.194.183.168:80 | http://r3---sn-aigl6ney.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=78.157.214.134&mm=28&mn=sn-aigl6ney&ms=nvh&mt=1579295115&mv=m&mvi=2&pl=19&shardbypass=yes | US | crx | 862 Kb | whitelisted |
— | — | GET | 200 | 2.20.188.35:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | unknown | compressed | 57.4 Kb | whitelisted |
— | — | GET | 200 | 204.13.202.71:80 | http://ssl.trustwave.com/issuers/STCA.crt | US | der | 956 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 52.109.88.8:80 | office14client.microsoft.com | Microsoft Corporation | NL | whitelisted |
— | — | 104.31.88.28:443 | notepad-plus-plus.org | Cloudflare Inc | US | shared |
— | — | 172.217.22.3:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
— | — | 52.109.120.28:443 | rr.office.microsoft.com | Microsoft Corporation | HK | whitelisted |
— | — | 172.217.18.173:443 | accounts.google.com | Google Inc. | US | whitelisted |
— | — | 216.58.205.225:443 | clients2.googleusercontent.com | Google Inc. | US | whitelisted |
— | — | 172.217.21.234:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
— | — | 172.217.23.131:443 | www.google.com.ua | Google Inc. | US | whitelisted |
— | — | 172.217.18.99:443 | www.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
office14client.microsoft.com |
| whitelisted |
rr.office.microsoft.com |
| whitelisted |
notepad-plus-plus.org |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com.ua |
| whitelisted |
clients2.google.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
clients2.googleusercontent.com |
| whitelisted |