Analysis Report myResume_787.xlsb
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
Compliance: |
---|
Uses new MSVCR Dlls | Show sources |
Source: | File opened: | Jump to behavior |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: | Jump to behavior |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Found abnormal large hidden Excel 4.0 Macro sheet | Show sources |
Source: | Initial sample: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting2 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution22 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rundll321 | LSASS Memory | System Information Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol12 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection1 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer3 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Scripting2 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
2% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
209.141.51.196 | unknown | United States | 53667 | PONYNETUS | false |
General Information |
---|
Joe Sandbox Version: | 31.0.0 Red Diamond |
Analysis ID: | 342307 |
Start date: | 20.01.2021 |
Start time: | 19:12:47 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 28s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | myResume_787.xlsb |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 17 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal60.expl.evad.winXLSB@3/5@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
No context |
---|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
PONYNETUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 132942 |
Entropy (8bit): | 5.372923032705822 |
Encrypted: | false |
SSDEEP: | 1536:2cQceNgaBtA3gZw+pQ9DQW+zAUH34ZldpKWXboOilXPErLL8Eh:4rQ9DQW+zBX8P |
MD5: | 49C344DDB2A56A073DE9D993EB7034D5 |
SHA1: | BB61AA2A495D17AAE065A26C885932B74000FFB5 |
SHA-256: | 4822F38317D53603AC53AF95FFDA9EDC743293FA3D70FEEAFDAB2FF5D7E1D1FB |
SHA-512: | 851F088B10272B73B4237A9E51C92FB5B8F29F44C576DF189D70956C819348E2B2B2E97DECDD14A83F8343B0BFA254C37BA40A7C657D87BD5C61ACB9F01AF4D0 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 55961 |
Entropy (8bit): | 7.8745563773940725 |
Encrypted: | false |
SSDEEP: | 1536:QUQt43PNewplZDlm1ajiDPnp3AvLJ03ntpE3g+O0t2DoV:UwbZRQJAd0MrO0UEV |
MD5: | 102DCD780DA80675F5038CFB42D936CE |
SHA1: | 417033D6C45E4209909A2EF7B5436673A74FB164 |
SHA-256: | 88F6B392616EA29C03682E3EC079F58C5E8BDC18C7CCB09BA6D5DC0BEDC13EA8 |
SHA-512: | 6478CD1B6F256ABA81374018B751D4ABE03B99B6A1CCB528D97E2ADA7558373161F002CA7D8D6088E897390F9A0F2CE3E925C604B3F855C1EBAA04E53F01ECEF |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 214824 |
Entropy (8bit): | 7.9598111087102374 |
Encrypted: | false |
SSDEEP: | 6144:h5I2ZOJAd0MrO0UEYsqXG1K4u0hjNp6GaDrw3xu:DAJAdFrOpEYsiGkKjjpEr |
MD5: | 0D19C0A4E20BAC8A2DB941B82E953D65 |
SHA1: | D967AEA934947F972A2EFDB42597EB600403DF74 |
SHA-256: | 5DF21B6C179C4797002394D8964C9CC9EFE107E523ECA0259B49E6BC782C939B |
SHA-512: | C64A84010FEC3A55B6678072555BC38F4E8800C338B190531661AE37ED0CE0570B3666FAACF6526857AF2B11A7794B736FC3F5334903CD01ACDD59EF5E3861DB |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtt:RJ1 |
MD5: | 7AB76C81182111AC93ACF915CA8331D5 |
SHA1: | 68B94B5D4C83A6FB415C8026AF61F3F8745E2559 |
SHA-256: | 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF |
SHA-512: | A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.956967333067683 |
TrID: |
|
File name: | myResume_787.xlsb |
File size: | 237346 |
MD5: | 89394df2bb1ba2e4b62d510b8bcb97fb |
SHA1: | 78147f2bcc5f4aeebae3c2cf333f4821a3d5c84f |
SHA256: | 09e73c5d8c0236688d9c690189601400b7c720f99aa05b1090c93608bdb96d01 |
SHA512: | 457ce008c726282290318b8037e30b884236ff72cfebd08fa8413c6f9887e9202de3c4ead02dbd5c5446bcda834eb1b51289120e9d8336ddb15cf361edc5b3b0 |
SSDEEP: | 6144:yGqra5ujbf9SeP2ZOJAd0MrO0UEPCSY/N30Wq:V5ufcBAJAdFrOpEqz30Wq |
File Content Preview: | PK..........!...L.....#.......[Content_Types].xml ...(......................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74f0d0d2c6d6d0f4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "myResume_787.xlsb" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
,,,,,,,,,,,,,,,,,,,,,,,,,=ASSIGN.TO.OBJECT(PfildDRKuceybgtqZmMMnvJkFjIZzal),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=CLOSE.ALL(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=ALERT(FjhPEYOFTdMMyzajvXrWuNYN),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=CANCEL.KEY(TRUE),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=BRING.TO.FRONT(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=CLOSE.ALL(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=BRING.TO.FRONT(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,d,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=ASSIGN.TO.OBJECT(NsQiI),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 20, 2021 19:13:42.389256954 CET | 49741 | 80 | 192.168.2.4 | 209.141.51.196 |
Jan 20, 2021 19:13:42.588630915 CET | 80 | 49741 | 209.141.51.196 | 192.168.2.4 |
Jan 20, 2021 19:13:42.588795900 CET | 49741 | 80 | 192.168.2.4 | 209.141.51.196 |
Jan 20, 2021 19:13:42.589246988 CET | 49741 | 80 | 192.168.2.4 | 209.141.51.196 |
Jan 20, 2021 19:13:42.788156986 CET | 80 | 49741 | 209.141.51.196 | 192.168.2.4 |
Jan 20, 2021 19:13:42.811311007 CET | 80 | 49741 | 209.141.51.196 | 192.168.2.4 |
Jan 20, 2021 19:13:42.811491013 CET | 49741 | 80 | 192.168.2.4 | 209.141.51.196 |
Jan 20, 2021 19:14:47.823390961 CET | 80 | 49741 | 209.141.51.196 | 192.168.2.4 |
Jan 20, 2021 19:14:47.823595047 CET | 49741 | 80 | 192.168.2.4 | 209.141.51.196 |
Jan 20, 2021 19:15:29.045985937 CET | 49741 | 80 | 192.168.2.4 | 209.141.51.196 |
Jan 20, 2021 19:15:29.245212078 CET | 80 | 49741 | 209.141.51.196 | 192.168.2.4 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jan 20, 2021 19:13:26.988920927 CET | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:27.040029049 CET | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:27.932039976 CET | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:27.982959032 CET | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:28.876959085 CET | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:28.925070047 CET | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:29.795716047 CET | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:29.843913078 CET | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:30.851855993 CET | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:30.899816990 CET | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:32.149019957 CET | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:32.197221041 CET | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:36.125978947 CET | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:36.173906088 CET | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:38.046649933 CET | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:38.094772100 CET | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:39.068912029 CET | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:39.127012968 CET | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:39.575742006 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:39.632322073 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:40.585644960 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:40.642421007 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:41.589840889 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:41.646461010 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:42.118364096 CET | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:42.175108910 CET | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:43.106162071 CET | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:43.157186031 CET | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:43.603379965 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:43.660763979 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:44.141845942 CET | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:44.201088905 CET | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:45.111267090 CET | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:45.159754992 CET | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:46.560995102 CET | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:46.611943007 CET | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:47.614927053 CET | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:47.671833992 CET | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:52.513715029 CET | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:52.561850071 CET | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:13:56.588123083 CET | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:13:56.645776987 CET | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:08.394100904 CET | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:08.457283020 CET | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:09.048290968 CET | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:09.113248110 CET | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:09.799602985 CET | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:09.856142044 CET | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:10.272778034 CET | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:10.329411983 CET | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:10.409471989 CET | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:10.475780964 CET | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:10.760950089 CET | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:10.822180986 CET | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:11.349204063 CET | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:11.408370972 CET | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:12.067596912 CET | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:12.127182961 CET | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:12.904978037 CET | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:12.961225986 CET | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:13.852346897 CET | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:13.911751032 CET | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:14.410186052 CET | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:14.466749907 CET | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:16.865715981 CET | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:16.922097921 CET | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:27.618455887 CET | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:27.666399956 CET | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:27.717717886 CET | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:27.792284966 CET | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:14:30.834867954 CET | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:14:30.895483017 CET | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:15:01.420727015 CET | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:15:01.468831062 CET | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Jan 20, 2021 19:15:03.149983883 CET | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Jan 20, 2021 19:15:03.206461906 CET | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.4 | 49741 | 209.141.51.196 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jan 20, 2021 19:13:42.589246988 CET | 236 | OUT | |
Jan 20, 2021 19:13:42.811311007 CET | 239 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 19:13:37 |
Start date: | 20/01/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe40000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 19:13:41 |
Start date: | 20/01/2021 |
Path: | C:\Windows\SysWOW64\rundll32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xa70000 |
File size: | 61952 bytes |
MD5 hash: | D7CA562B0DB4F4DD0F03A89A1FDAD63D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|