Loading... Additional Content is being loaded

Analysis Report Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx

Overview

General Information

Sample Name:	Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx
Analysis ID:	367670
MD5:	8ea35bdf2130db8f534db290aaceb9d0
SHA1:	ef23db1561ad4a51f3a3ba45e591a0ece7eff702
SHA256:	f0ffa6cda325df3c792de8f50f1fba7611c53731588d107bc40a8351d12d7da8
Infos:
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: classification engine

Classification label: clean0.winXLSX@1/1@0/0

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRBB24.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = xl/calcChain.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/item2.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/item3.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = docProps/custom.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\Users\user\Desktop\~$Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	data	797869BB881CFBCDAC2064F92B26E46F	61C1B8FBF505956A77E9A79CE74EF5E281B01F4B	D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185

There are no high impact signatures.

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: classification engine

Classification label: clean0.winXLSX@1/1@0/0

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRBB24.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = xl/calcChain.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/item2.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/item3.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = docProps/custom.xml
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: Copy of COVID-19 Testing Employee Names and DOB 3.9.2021.xlsx	Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior