Loading... Additional Content is being loaded

Analysis Report document230134.xlsx

Overview

General Information

Sample Name:	document230134.xlsx
Analysis ID:	427681
MD5:	badd03190784a6b9d067f2f7ff309a20
SHA1:	5bb5f2ca6419e2ec079d3b24f708f393a431196a
SHA256:	16b1d0cbb8eb4804ccedaed0abd454606f0d237abe3d4f8ac212ff3a027270c7
Infos:
Most interesting Screenshot:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Machine Learning detection for sample

Classification

Signatures

AV Detection:

Multi AV Scanner detection for submitted file

Source: document230134.xlsx	Virustotal: Detection: 53%			Perma Link
Source: document230134.xlsx	Metadefender: Detection: 17%			Perma Link
Source: document230134.xlsx	ReversingLabs: Detection: 46%

Machine Learning detection for sample

Source: document230134.xlsx

Joe Sandbox ML: detected

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Source: classification engine

Classification label: mal52.winXLSX@1/1@0/0

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$document230134.xlsx

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{16FF8D61-858F-4E6C-A473-A37975C5ED4A} - OProcSessId.dat

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: document230134.xlsx	Virustotal: Detection: 53%
Source: document230134.xlsx	Metadefender: Detection: 17%
Source: document230134.xlsx	ReversingLabs: Detection: 46%

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Source: document230134.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No contacted IP infos

Name	Type	MD5	SHA1	SHA256
C:\Users\user\Desktop\~$document230134.xlsx	data	7AB76C81182111AC93ACF915CA8331D5	68B94B5D4C83A6FB415C8026AF61F3F8745E2559	6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF

AV Detection:

Multi AV Scanner detection for submitted file

Source: document230134.xlsx	Virustotal: Detection: 53%			Perma Link
Source: document230134.xlsx	Metadefender: Detection: 17%			Perma Link
Source: document230134.xlsx	ReversingLabs: Detection: 46%

Machine Learning detection for sample

Source: document230134.xlsx

Joe Sandbox ML: detected

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Source: classification engine

Classification label: mal52.winXLSX@1/1@0/0

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$document230134.xlsx

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{16FF8D61-858F-4E6C-A473-A37975C5ED4A} - OProcSessId.dat

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: document230134.xlsx	Virustotal: Detection: 53%
Source: document230134.xlsx	Metadefender: Detection: 17%
Source: document230134.xlsx	ReversingLabs: Detection: 46%

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages

Jump to behavior

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE

File opened: C:\Windows\SysWOW64\MSVCR100.dll

Jump to behavior

Source: document230134.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: FAILCRITICALERRORS \| NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX			Jump to behavior