File name: | Documento_Sollecito 0057_del_08102019.xls |
Full analysis: | https://app.any.run/tasks/869cb194-065f-4622-9f57-5dd3c6557a0b |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 14:04:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Create Time/Date: Wed Oct 9 07:38:35 2019, Last Saved Time/Date: Wed Oct 9 07:38:41 2019, Security: 0 |
MD5: | 363579A6B75ABF6B3E009FB5B30C0DDA |
SHA1: | 5DA690B54BDEEBEEBC470765917ED18B204A0504 |
SHA256: | ED836BA2FFDA033626959330600E6390884BB63F49D79494F501946EFDBC5FA3 |
SSDEEP: | 1536:RwxSlYkEIbSkKBEqEXPgsRZmbaoFhZhR0cfIHm0SLzPw6uVRfbZWhMvZblg22PXE:RwxSlYkEIuPm3fNRZmbaoFhZhR0cfIHD |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
CompObjUserType: | (Foglio di lavoro di Microsoft Excel 2019 |
---|---|
CompObjUserTypeLen: | 42 |
HeadingPairs: |
|
TitleOfParts: |
|
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
ModifyDate: | 2019:10:09 06:38:41 |
CreateDate: | 2019:10:09 06:38:35 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2816 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2816 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR142B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2816 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFA184039A87001F88.TMP | — | |
MD5:— | SHA256:— | |||
2816 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF72253A944015A455.TMP | — | |
MD5:— | SHA256:— | |||
2816 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF770A067D896DE78E.TMP | — | |
MD5:— | SHA256:— | |||
2816 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AF89DF12.emf | emf | |
MD5:3FB704BE7B847A4DD5FE755324BB0A61 | SHA256:1DCB28028DB56B809EC665D3601D992A59F464346BEE551D72008EB321352432 | |||
2816 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\Excel8.0\MSForms.exd | tlb | |
MD5:59D861BDB86E3F9BA069FD3FAE0D9474 | SHA256:EE514C6BFF5CB57D529F156862910915E785E173A1417D4E647D8411A087E4EF | |||
2816 | EXCEL.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\86A68015.emf | emf | |
MD5:4A4A3AA96A61277CA1F0CD523F168960 | SHA256:0481260197795CE84CD3914DB6B15062ABADF9E876D0C0BC9B2521776A78C9EA |