File name: | statement Nov.xls |
Full analysis: | https://app.any.run/tasks/c88fc0d9-e9b8-4551-89a0-c69c3b63a6a8 |
Verdict: | Malicious activity |
Analysis date: | December 02, 2019, 17:59:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Author: Jawina Convention, Last Saved By: VirusTotal, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Oct 15 09:15:31 2019, Last Saved Time/Date: Mon Dec 2 14:08:24 2019, Security: 0 |
MD5: | E290D705B7161CDCA3D3CAC608CB692B |
SHA1: | 67FAD6DB56DB256F46F5F73AA9FE2EC5F8536B6D |
SHA256: | F3CEC11F47655D61E01C1CD2099CD9F9B0D90A9285D67F9461E6372000E7BC2F |
SSDEEP: | 6144:CZ+RwPONXoRjDhIcp0fDlavx+W26nA05+aH73IcpHOS7soW3oe2rHS3XrpcfBJ4v:wrbtQfx |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
CompObjUserType: | Microsoft Office Excel 2003 Worksheet |
---|---|
CompObjUserTypeLen: | 38 |
HeadingPairs: |
|
TitleOfParts: |
|
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 12 |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
ModifyDate: | 2019:12:02 14:08:24 |
CreateDate: | 2019:10:15 08:15:31 |
Software: | Microsoft Excel |
LastModifiedBy: | VirusTotal |
Author: | Jawina Convention |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
4036 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
2264 | "C:\Users\admin\Intel Graphics Driver\Intel.exe" | C:\Users\admin\Intel Graphics Driver\Intel.exe | EXCEL.EXE | |
User: admin Integrity Level: MEDIUM | ||||
2812 | "C:\Users\admin\Intel Graphics Driver\Intel.exe" | C:\Users\admin\Intel Graphics Driver\Intel.exe | Intel.exe | |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
4036 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRADFD.tmp.cvr | — | |
MD5:— | SHA256:— | |||
4036 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBB7F2.tmp | — | |
MD5:— | SHA256:— | |||
4036 | EXCEL.EXE | C:\Users\admin\Intel Graphics Driver\new.txt | text | |
MD5:9AE2E0AFC9C1458DAF1151C9A9C318FF | SHA256:5A9DAB8DCB99FD682C0FF590E72FA898FD7C95F4C8EC182ED866FC14D27C1A0D | |||
4036 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:638B1143E674DA555D5A6D995B13593A | SHA256:E30A8C0F27477AC30893EC3A820426931AAAA942A41128CB3AC217B56A88D53D | |||
2264 | Intel.exe | C:\Users\admin\RtlUpd64\RtlUpd64.vbs | text | |
MD5:E069242673043969B0F3BB6C8CB36DD0 | SHA256:2D426072C5508715AD283119FDD26F909269BA67FB6081177B442E67DF40B411 | |||
4036 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:987C9FCA5EE9349C3E1F9AFF8F30832D | SHA256:7BB84A51D238477C94D2BC11809D125FF6F427960CB31F901EF29D4CEC02BDAD | |||
2264 | Intel.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RtlUpd64.url | text | |
MD5:C8971CEFDED522F1C9EA8A9589805ABE | SHA256:4F254BDAD3E5180960F0FAA6E17E51B4A83E2F2749A8D967B6B11AEE3B472A17 | |||
4036 | EXCEL.EXE | C:\Users\admin\Intel Graphics Driver\Intel.exe | executable | |
MD5:CF1206CD2088B5F4573F7EA0BB101B4D | SHA256:C3FB1A453C0B853A2181EE73E0B74D8E62C97A3AB3ECA4F3574A0564E4675EC9 | |||
2264 | Intel.exe | C:\Users\admin\RtlUpd64\UevTemplateConfigItemGenerator.exe | executable | |
MD5:CF1206CD2088B5F4573F7EA0BB101B4D | SHA256:C3FB1A453C0B853A2181EE73E0B74D8E62C97A3AB3ECA4F3574A0564E4675EC9 | |||
4036 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\statement Nov.xls.LNK | lnk | |
MD5:136689CAFFE95680DCCBE3277301A930 | SHA256:34434C7E3AFF7665786F22F84CFC00BFFF0AB3001602AEF943766FEB39B7682E |