Windows
Analysis Report
MP REDDEMMA.xls
Overview
General Information
Detection
Score: | 48 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for domain / URL
Connects to many different domains
Document contains embedded VBA macros
Document embeds suspicious OLE2 link
IP address seen in connection with other malware
Classification
- System is w7x64
EXCEL.EXE (PID: 260 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\EXCEL. EXE" /auto mation -Em bedding MD5: D53B85E21886D2AF9815C377537BCAC3)
chrome.exe (PID: 904 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" --start-m aximized " about:blan k MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 2712 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=145 6 --field- trial-hand le=1336,i, 1258679060 5178663099 ,166411431 9188982876 6,131072 - -disable-f eatures=Op timization GuideModel Downloadin g,Optimiza tionHints, Optimizati onHintsFet ching,Opti mizationTa rgetPredic tion /pref etch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
chrome.exe (PID: 3732 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" "http://w ww.gunturb adi.in/ MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
chrome.exe (PID: 4044 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" --start-m aximized " about:blan k MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 4056 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=148 0 --field- trial-hand le=1264,i, 3986024260 508281898, 9799972572 760790742, 131072 --d isable-fea tures=Opti mizationGu ideModelDo wnloading, Optimizati onHints,Op timization HintsFetch ing,Optimi zationTarg etPredicti on /prefet ch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
chrome.exe (PID: 3772 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" "https:// cleartax.i n/s/hra-ho use-rent-a llowance MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 2180 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=151 2 --field- trial-hand le=1264,i, 4518865494 869135489, 1940999617 026406050, 131072 /pr efetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 3384 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=audi o.mojom.Au dioService --lang=en -US --serv ice-sandbo x-type=aud io --mojo- platform-c hannel-han dle=3816 - -field-tri al-handle= 1264,i,451 8865494869 135489,194 0999617026 406050,131 072 /prefe tch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
chrome.exe (PID: 3788 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" --start-m aximized " about:blan k MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 3424 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=143 2 --field- trial-hand le=1232,i, 7606401640 278545373, 9455838481 980212288, 131072 --d isable-fea tures=Opti mizationGu ideModelDo wnloading, Optimizati onHints,Op timization HintsFetch ing,Optimi zationTarg etPredicti on /prefet ch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
chrome.exe (PID: 3084 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" "https:// treasury.a p.gov.in/d doreq/inde x.php?serv ice=lpccre ationtot MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 3156 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=134 4 --field- trial-hand le=1284,i, 7641019570 019131459, 1953484209 132259327, 131072 /pr efetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
chrome.exe (PID: 3128 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" --start-m aximized " about:blan k MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 2004 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=147 2 --field- trial-hand le=1240,i, 1772186908 0354014107 ,451849308 8817661325 ,131072 -- disable-fe atures=Opt imizationG uideModelD ownloading ,Optimizat ionHints,O ptimizatio nHintsFetc hing,Optim izationTar getPredict ion /prefe tch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
chrome.exe (PID: 4032 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" "http://w ww.gunturb adi.in/ MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 3092 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=150 0 --field- trial-hand le=1244,i, 1043480120 1712269772 ,101274522 6598530590 3,131072 / prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
chrome.exe (PID: 3356 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" --start-m aximized " about:blan k MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 3860 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=142 0 --field- trial-hand le=1344,i, 9637087389 045136199, 8026001923 553671511, 131072 --d isable-fea tures=Opti mizationGu ideModelDo wnloading, Optimizati onHints,Op timization HintsFetch ing,Optimi zationTarg etPredicti on /prefet ch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
chrome.exe (PID: 3848 cmdline:
C:\Program Files (x8 6)\Google\ Chrome\App lication\c hrome.exe" "http://w ww.gunturb adi.in/ MD5: FFA2B8E17F645BCC20F0E0201FEF83ED) chrome.exe (PID: 1736 cmdline:
"C:\Progra m Files (x 86)\Google \Chrome\Ap plication\ chrome.exe " --type=u tility --u tility-sub -type=netw ork.mojom. NetworkSer vice --lan g=en-US -- service-sa ndbox-type =none --mo jo-platfor m-channel- handle=147 6 --field- trial-hand le=1332,i, 1274598621 9766070353 ,132043436 0060875253 5,131072 / prefetch:8 MD5: FFA2B8E17F645BCC20F0E0201FEF83ED)
- cleanup
⊘No configs have been found
⊘No yara matches
⊘No Sigma rule has matched
⊘No Snort rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | Virustotal: | Perma Link |
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior | ||
Source: | Directory created: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Network traffic detected: |
Source: | IP Address: | ||
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: |