File name: | order_091019.xls |
Full analysis: | https://app.any.run/tasks/3c407a1c-ad18-4cf6-b22a-799750655639 |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 17:03:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.ms-excel |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1251, Author: 1, Last Saved By: 1, Name of Creating Application: Microsoft Excel, Create Time/Date: Fri Aug 30 10:14:50 2019, Last Saved Time/Date: Wed Oct 9 12:36:59 2019, Security: 0 |
MD5: | 0E8199B87CEA34AF9D5A919C3152C989 |
SHA1: | 2B2DB989545C2C2559D425D43FC5E4F0F606DF17 |
SHA256: | F9704B16C55B131C8B80BE4CDC46A5B9EE4EC3B07C9060DA846C6F46F5669459 |
SSDEEP: | 12288:RcngSigpoTkKN/zLYBYPGcHdPlOga9uLNZx57gZJoTcfEhwtFN04R:R/tTkKN7LYBYOcJkga9eTHqE+t8s |
.xls | | | Microsoft Excel sheet (48) |
---|---|---|
.xls | | | Microsoft Excel sheet (alternate) (39.2) |
HeadingPairs: |
|
---|---|
TitleOfParts: | Page2 |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
Company: | - |
CodePage: | Windows Cyrillic |
Security: | None |
ModifyDate: | 2019:10:09 11:36:59 |
CreateDate: | 2019:08:30 09:14:50 |
Software: | Microsoft Excel |
LastModifiedBy: | 1 |
Author: | 1 |
CompObjUserType: | Microsoft Forms 2.0 Form |
CompObjUserTypeLen: | 25 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
676 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.4756.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR95C1.tmp.cvr | — | |
MD5:— | SHA256:— | |||
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\VBB67A.tmp | — | |
MD5:— | SHA256:— | |||
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF86E27E022D4663FE.TMP | — | |
MD5:— | SHA256:— | |||
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\67B51000 | — | |
MD5:— | SHA256:— | |||
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF8DFCD99B9BC5CB34.TMP | — | |
MD5:— | SHA256:— | |||
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~$favorite.xlsx | — | |
MD5:— | SHA256:— | |||
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF36C3562E260AD1FF.TMP | — | |
MD5:— | SHA256:— | |||
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\oleObject1.bin | binary | |
MD5:5A90D5E52A978FEDB1A7859A19CEB858 | SHA256:CA3DF9FC11E5766270773DE2FE12DAE0646D02F1140E9E1F27FAB4D6F5065BB7 | |||
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\favorite.xlsx | document | |
MD5:A5F7CA81E0B6501B55246AF4FD10D984 | SHA256:39C4922A81D9EC4690E0B53CD4945DF01E6AB4020052ADA39B244C37BFA88C4D | |||
676 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\favorite.xlsx.zip | document | |
MD5:A5F7CA81E0B6501B55246AF4FD10D984 | SHA256:39C4922A81D9EC4690E0B53CD4945DF01E6AB4020052ADA39B244C37BFA88C4D |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
676 | EXCEL.EXE | 195.123.228.14:443 | windows-sys-update.com | ITL Company | BG | malicious |
Domain | IP | Reputation |
---|---|---|
windows-sys-update.com |
| malicious |
dns.msftncsi.com |
| shared |