Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

COVID-19 Vaccine Provider Questionaire Health First CHC- Providence.xlsx

Microsoft Excel 2007+

initial sample

Details

Filetype:	Microsoft Excel 2007+
Entropy:	7.241265507017585
Filename:	COVID-19 Vaccine Provider Questionaire Health First CHC- Providence.xlsx
Filesize:	14085
MD5:	da088a6ac0526f528932271fc37d58ff
SHA1:	ed00c3d987c76ca406e42d915190250e528e99e1
SHA256:	2d7a5d5f2e435088ea7a90e399e6b40693bf04dd82aa179572a7421f6f9f5dd7
SHA512:	3330f3f07826b89aa3c0bee2bba301d5417158e9bccb91050b093e2a01836752f8ba1d98a53a706dfedeb1bdde99de6c06a3d0034ae016a6e44abd90d7e7ffc6
SSDEEP:	384:KH3k5m0ubJPBc8fzjC4UiB+WCUP/MOova:Kq8f64Us7PUW
Preview:	PK..........!.A7..n...........[Content_Types].xml ...(.........................................................................................................................................................................................................

C:\Users\user\Desktop\~$COVID-19 Vaccine Provider Questionaire Health First CHC- Providence.xlsx

data

dropped

Details

File:	C:\Users\user\Desktop\~$COVID-19 Vaccine Provider Questionaire Health First CHC- Providence.xlsx
Category:	dropped
Dump:	~$COVID-19 Vaccine Provider Questionaire Health First CHC- Providence.xlsx.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Type:	data
Entropy:	1.4377382811115937
Encrypted:	false
Ssdeep:	3:vZ/FFDJw2fV:vBFFGS
Size:	165
Whitelisted:	false
Reputation:	moderate

Signature Hits	Behavior Group	Mitre Attack
Creates files inside the user directory	System Summary,	Masquerading

Processes

Path

Cmdline

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	2512
Target ID:	0
Parent PID:	584
Name:	EXCEL.EXE
Class:	excel
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Size:	27641504
MD5:	5FB0A0F93382ECD19F5F499A5CAA59F0
Time:	21:36:45
Date:	25/01/2021
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13feb0000
Modulesize:	27758592
Wow64:	false

Registry

Path

Value

Malicious

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

?x6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

MTTT

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ReviewToken

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EEF6E

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

VBAFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DefaultSheetR2L

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

UseSystemSeparators

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ThousandsSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

DecimalSeparator

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

s|6

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

LastPurgeTime

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

EXCELFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_3082

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1036

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

SpellingAndGrammarFiles_1033

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

ProductFiles

There are 21 hidden registries, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOCReport

Files

Processes

Registry