Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Cybersecurity Course Mapping- FY24H2+.xlsx

Overview

General Information

Sample name:Cybersecurity Course Mapping- FY24H2+.xlsx
Analysis ID:1428886
MD5:c8a147e3a7a3ae4118c72c03423c926a
SHA1:17d0f969aa1475987efe91b8995620867534f5af
SHA256:4d112d85332f4cfef517d7aca2282f60f11711b02ad03b88d80d52ef154415fc
Infos:

Detection

Score:2
Range:0 - 100
Whitelisted:false
Confidence:60%

Signatures

Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Sigma detected: Excel Network Connections
Sigma detected: Suspicious Office Outbound Connections

Classification

Analysis Advice

No malicious behavior found, analyze the document also on other version of Office / Acrobat
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis

Process Tree

  • System is w10x64_ra
  • EXCEL.EXE (PID: 7044 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Cybersecurity Course Mapping- FY24H2+.xlsx" MD5: 4A871771235598812032C822E6F68F19)
    • splwow64.exe (PID: 6516 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

Sigma detected: Excel Network Connections
Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: Data: DestinationIp: 13.107.213.41, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7044, Protocol: tcp, SourceIp: 192.168.2.16, SourceIsIpv6: false, SourcePort: 49716
Sigma detected: Suspicious Office Outbound Connections
Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.16, DestinationIsIpv6: false, DestinationPort: 49716, EventID: 3, Image: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE, Initiated: true, ProcessId: 7044, Protocol: tcp, SourceIp: 13.107.213.41, SourceIsIpv6: false, SourcePort: 443

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 192.168.2.16:49717 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49717
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 192.168.2.16:49719 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49719
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49718 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49718
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 192.168.2.16:49716 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49716
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49720 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49720
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49721 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49721
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 192.168.2.16:49724 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49724
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global trafficTCP traffic: 192.168.2.16:49725 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49725
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49723 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49723
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 192.168.2.16:49722 -> 13.107.213.41:443
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: global trafficTCP traffic: 13.107.213.41:443 -> 192.168.2.16:49722
Source: excel.exeMemory has grown: Private usage: 1MB later: 98MB
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49717 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49720 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49716 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.213.41:443 -> 192.168.2.16:49718 version: TLS 1.2
Source: classification engineClassification label: clean2.winXLSX@3/3@0/51
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Cybersecurity Course Mapping- FY24H2+.xlsx
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{FCC69225-369F-4FA5-8EFF-B43C92B70960} - OProcSessId.dat
Source: Cybersecurity Course Mapping- FY24H2+.xlsxOLE indicator, Workbook stream: true
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile read: C:\Users\desktop.ini
Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\Desktop\Cybersecurity Course Mapping- FY24H2+.xlsx"
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{77F10CF0-3DB5-4966-B520-B7C54FD35ED6}\InProcServer32
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/worksheets/sheet6.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/worksheets/_rels/sheet6.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/worksheets/_rels/sheet5.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/media/image1.png
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/tables/table1.xml
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE zip file path = xl/comments1.xml
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common
Source: Cybersecurity Course Mapping- FY24H2+.xlsxInitial sample: OLE indicators vbamacros = False
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information queried: ProcessInformation

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Exploitation for Client Execution		Path Interception1
Process Injection		1
Masquerading		OS Credential Dumping1
Process Discovery		Remote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Extra Window Memory Injection		1
Virtualization/Sandbox Evasion		LSASS Memory1
Virtualization/Sandbox Evasion		Remote Desktop ProtocolData from Removable Media1
Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Process Injection		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Extra Window Memory Injection		NTDS1
System Information Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
part-0013.t-0009.t-msedge.net
13.107.213.41
truefalse
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    52.109.124.28
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    52.113.194.132
    		unknownUnited States
    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    52.109.8.36
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    13.107.213.41
    		part-0013.t-0009.t-msedge.netUnited States
    		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
    23.201.212.130
    		unknownUnited States
    		5432PROXIMUS-ISP-ASBEfalse
    13.89.178.26
    		unknownUnited States
    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

    General Information

    Joe Sandbox version:40.0.0 Tourmaline
    Analysis ID:1428886
    Start date and time:2024-04-19 19:13:37 +02:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:defaultwindowsinteractivecookbook.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:16
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • EGA enabled
    Analysis Mode:stream
    Analysis stop reason:Timeout
    Sample name:Cybersecurity Course Mapping- FY24H2+.xlsx
    Detection:CLEAN
    Classification:clean2.winXLSX@3/3@0/51
    Cookbook Comments:
    • Found application associated with file extension: .xlsx

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe, SgrmBroker.exe, MoUsoCoreWorker.exe, svchost.exe
    • Excluded IPs from analysis (whitelisted): 52.109.124.28, 52.109.8.36, 23.201.212.130, 52.113.194.132, 13.89.178.26, 13.85.23.206
    • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, onedscolprdcus00.centralus.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, asia.configsvc1.live.com.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, osiprod-cus-buff-azsc-000.centralus.cloudapp.azure.com, login.live.com, e16604.g.akamaiedge.net, glb.cws.prod.dcat.dsp.trafficmanager.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, sea-azsc-config.officeapps.live.com, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, cus-azsc-000.roaming.officeapps.live.com, fe3cr.delivery.mp.microsoft.com, us1.roaming1.live.com.akadns.net, fe3.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, ecs.office.trafficmanager.net
    • Not all processes where analyzed, report is missing behavior information
    • Report size getting too big, too many NtCreateKey calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • VT rate limit hit for: Cybersecurity Course Mapping- FY24H2+.xlsx

    Created / dropped Files

    C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D6FF007.png

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    File Type:PNG image data, 443 x 276, 8-bit/color RGBA, non-interlaced
    Category:dropped
    Size (bytes):50985
    Entropy (8bit):7.9860446161856915
    Encrypted:false
    SSDEEP:
    MD5:1C202558540EFE306A5E0C6902DD84A3
    SHA1:3EFD1908A9C447CA1DF4CEDB0234C3D381841A5A
    SHA-256:A3FD59F6B2BD37E1AD162D2A3D624B6A0E6E060365EE108CB03A6627EC2E81A1
    SHA-512:48D8F65C154A961E1018AACBE53F06EA15AF1D26D1CA95E5F91AC9EE170CFCA73FD8D53707B003932FF69797F91F6EE87E539BA4DA5402CF933F2536F2BFF9B2
    Malicious:false
    Reputation:unknown
    Preview:.PNG........IHDR..............#.%....sRGB.........gAMA......a.....pHYs..........+.....IDATx^.]......f^...t..((!"`.....-v...7..nL......|.....7.{,.....=.0u.......o.........)o....=....8.P.{.......M~c...'.R.I.w0...n o.....>..N..W!U...Er......O%.I.w0.].q.%n.(...6Q(.f..d'!!qb...t{b.".N."......=y;.QRS......7.n$$$$N........FY.8.8.....F.-...=....qh.f.....&7...m.....N$$..X.%b...M.7..e...}3.fQ.N_...d.L.....Iv.....v..]3hM.R...4z.+..)......G.K......Iv.....j..%..)[G.k&.....4y......!-b...NBB.C....B..N..},m.ZE...j......f...%.o5.B..Iu'!!qB!.N.?.U...{.C....3..*.p..HY.t..u$i.Q.a.....|K..IHH.0H...O`..7..o...=e{2...=..Ney.:c1-.?.,F.5...v'.NBB.A.....E.....A..!..R.l.1.....i.....R(...BR.IHH.8H..8f.....V.....s*....eI.....V.....P..d.hd.L'!!q. .N.=o..YBk3...eIU...$X..I.Ra(..!..D"R.IHH..H..8&D..?..@.Qk..<o....$.l..Z...f.H..j...P....n.MG...E.0.....y..j.Iv...x.i..."m>+7....A.E..M.2.r|i..;L#....,..7.x#..s.q.y..o.....:u...;.L.q...c(...^{-..".N.:.}..k..>.C1..Z^^.r.

    C:\Users\user\AppData\Local\Temp\error070440_01.xml

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    File Type:XML 1.0 document, ASCII text, with very long lines (379), with CRLF line terminators
    Category:dropped
    Size (bytes):436
    Entropy (8bit):5.095482775575995
    Encrypted:false
    SSDEEP:
    MD5:CEEC48C4F585E785D0A9D4270E172320
    SHA1:D3A2E6DAA6360979BA91DDF8482AC23A0FFBE61C
    SHA-256:E833340ACB02DCBEE8D6CF8875700AEBCF16AFB40C993674E905FE8490075648
    SHA-512:E6546FF07548C1D26D1234EE84054C1EF4ED623D8F6E70F1860EBA73102324BD0A8D9680D09ED13B16A5488E1531C5BAC73BBD0BD6A4A5A2FA0CB40E27EE06D0
    Malicious:false
    Reputation:unknown
    Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<recoveryLog xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main"><logFileName>error070440_01.xml</logFileName><summary>Errors were detected in file 'C:\Users\user\Desktop\Cybersecurity Course Mapping- FY24H2+.xlsx'</summary><removedRecords><removedRecord>Removed Records: Hyperlinks from /xl/worksheets/sheet2.xml part</removedRecord></removedRecords></recoveryLog>

    C:\Users\user\Desktop\~$Cybersecurity Course Mapping- FY24H2+.xlsx

    Download File
    Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
    File Type:data
    Category:dropped
    Size (bytes):165
    Entropy (8bit):1.3520167401771568
    Encrypted:false
    SSDEEP:
    MD5:9AC4D67F6E514F452D4A1DB79CE3B2E8
    SHA1:33F8C665ECBB81275D2E49D48F2565A58A282043
    SHA-256:407E1D871964C93DBDBD4D00613CD0A9E30D3ED6352D8052C58E7A252D52FC5A
    SHA-512:018D0F54AB0AB01F27E9FB870A128F2F581A58487399DD7FB56A94EC4AAEC6874708A5AD5650F362485E45E2C6A557ED08524C5B8335F83F240E0962281A0F1A
    Malicious:false
    Reputation:unknown
    Preview:.user ..c.a.l.i. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

    Static File Info

    General

    File type:Microsoft Excel 2007+
    Entropy (8bit):7.95735715214225
    TrID:
    • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
    • ZIP compressed archive (8000/1) 16.67%
    File name:Cybersecurity Course Mapping- FY24H2+.xlsx
    File size:139'048 bytes
    MD5:c8a147e3a7a3ae4118c72c03423c926a
    SHA1:17d0f969aa1475987efe91b8995620867534f5af
    SHA256:4d112d85332f4cfef517d7aca2282f60f11711b02ad03b88d80d52ef154415fc
    SHA512:5353dcab1b096ee8cd0b8dea0e1b40a2682de95829942c65e6a9ccef59cb29b2b7144722e70862413b7f3c12ce55205eee1287dc3e0f34eb4c5f4ea633b4362a
    SSDEEP:3072:oIMxcSi1HQKRmqPYB9+xHVL7ch4WFR3xHCdiTFx0nQ:oIMx0HTP4+v7g3MkTZ
    TLSH:84D3022DD9F4665CCCC5E9B1DA5444FE72182E69A046B3BC356CBF0D0B248AE078BB1C
    File Content Preview:PK..........!.nKa.............[Content_Types].xml ...(.........................................................................................................................................................................................................

    File Icon

    Icon Hash:35e58a8c0c8a85b9

    Static OLE Info

    General

    Document Type:OpenXML
    Number of OLE Files:1

    OLE File "Cybersecurity Course Mapping- FY24H2+.xlsx"

    Indicators
    Has Summary Info:
    Application Name:
    Encrypted Document:False
    Contains Word Document Stream:False
    Contains Workbook/Book Stream:True
    Contains PowerPoint Document Stream:False
    Contains Visio Document Stream:False
    Contains ObjectPool Stream:False
    Flash Objects Count:0
    Contains VBA Macros:False