IOCReport

loading gif

Files

File Path
Type
Category
Malicious
Cancellation_1844611233_06082021.xlsm
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\Desktop\~$Cancellation_1844611233_06082021.xlsm
data
dropped
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\61190FA7.tif
TIFF image data, little-endian, direntries=19, height=1600, bps=53710, compression=LZW, PhotometricIntepretation=RGB, width=1600
dropped
 clean
C:\Users\user\AppData\Local\Temp\DCCE0000
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Cancellation_1844611233_06082021.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:13 2020, mtime=Wed Jun 9 11:27:37 2021, atime=Wed Jun 9 11:27:37 2021, length=340119, window=hide
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Jun 9 11:27:37 2021, atime=Wed Jun 9 11:27:37 2021, length=8192, window=hide
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\Desktop\ADCE0000
data
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32 -s ..\Post.storg
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32 -s ..\Post.storg1
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32 -s ..\Post.storg2
 malicious

URLs

Name
IP
Malicious
http://103.155.92.95/44356.227524537.dat
103.155.92.95
 clean
http://servername/isapibackend.dll
unknown
 clean
http://51.89.115.125/44356.227524537.dat
51.89.115.125
 clean

IPs

IP
Domain
Country
Malicious
103.155.92.95
unknown
unknown
clean
51.89.115.125
unknown
France
clean
45.144.31.105
unknown
United Kingdom
clean

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
{~6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC19A
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DefaultSheetR2L
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
UseSystemSeparators
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ThousandsSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DecimalSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC5DE
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC67A
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC745
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC7D2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC86E
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC938
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EC9C5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ECA61
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ECB5A
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ECBE7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ECCB2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ECD7C
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ECE18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
un6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
FD4FB
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
FD71D
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EXCELFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SavedLegacySettings
 clean
There are 104 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
5B6000
unkown
page read and write
 clean
3CE000
heap default
page read and write
 clean
580000
unkown
page read and write
 clean
740000
unkown
page readonly
 clean
5B6000
unkown
page read and write
 clean
450000
heap default
page read and write
 clean
2150000
unkown
page readonly
 clean
22C000
unkown
page read and write
 clean
48E000
heap default
page read and write
 clean
490000
unkown
page readonly
 clean
164000
heap private
page read and write
 clean
800000
unkown
page readonly
 clean
F0000
unkown
page read and write
 clean
70000
unkown
page readonly
 clean
730000
unkown
page readonly
 clean
734000
heap private
page read and write
 clean
4B6000
unkown
page read and write
 clean
296000
unkown
page read and write
 clean
20000
unkown
page readonly
 clean
260000
unkown
page read and write
 clean
674000
heap private
page read and write
 clean
303000
heap default
page read and write
 clean
720000
heap private
page read and write
 clean
397000
heap default
page read and write
 clean
20000
unkown
page readonly
 clean
457000
heap default
page read and write
 clean
390000
heap default
page read and write
 clean
724000
heap private
page read and write
 clean
E0000
unkown
page read and write
 clean
2160000
unkown
page write copy
 clean
730000
heap private
page read and write
 clean
226B000
heap private
page read and write
 clean
2235000
heap private
page read and write
 clean
680000
unkown
page readonly
 clean
70000
unkown
page readonly
 clean
270000
unkown
page read and write
 clean
B9F000
unkown
page read and write
 clean
2135000
heap private
page read and write
 clean
810000
unkown
page readonly
 clean
60000
unkown
page readonly
 clean
2250000
heap private
page read and write
 clean
470000
heap private
page read and write
 clean
22C000
unkown
page read and write
 clean
21B0000
unkown
page write copy
 clean
26C000
unkown
page read and write
 clean
216B000
heap private
page read and write
 clean
67E000
unkown
page read and write
 clean
116000
unkown
page read and write
 clean
3EA000
heap default
page read and write
 clean
2230000
heap private
page read and write
 clean
160000
heap private
page read and write
 clean
1E50000
unkown
page readonly
 clean
670000
heap private
page read and write
 clean
480000
unkown
page read and write
 clean
2255000
heap private
page read and write
 clean
2B7000
heap default
page read and write
 clean
E0000
heap private
page read and write
 clean
230000
unkown
page read and write
 clean
370000
unkown
page read and write
 clean
1E0000
unkown
page read and write
 clean
7BF000
unkown
page read and write
 clean
3B0000
unkown
page write copy
 clean
25D000
unkown
page read and write
 clean
41D000
heap default
page read and write
 clean
E0000
unkown
page read and write
 clean
20000
unkown
page readonly
 clean
E4000
heap private
page read and write
 clean
70000
unkown
page readonly
 clean
E0000
unkown
page read and write
 clean
228B000
heap private
page read and write
 clean
1DA0000
unkown
page readonly
 clean
4A3000
heap default
page read and write
 clean
3E7000
heap default
page read and write
 clean
2EE000
heap default
page read and write
 clean
550000
unkown
page readonly
 clean
2A6000
unkown
page read and write
 clean
8B0000
unkown
page readonly
 clean
266000
unkown
page read and write
 clean
71F000
unkown
page read and write
 clean
474000
heap private
page read and write
 clean
1E60000
unkown
page readonly
 clean
574000
heap private
page read and write
 clean
2B0000
heap default
page read and write
 clean
4AA000
heap default
page read and write
 clean
2130000
heap private
page read and write
 clean
30A000
heap default
page read and write
 clean
8C0000
unkown
page readonly
 clean
426000
heap default
page read and write
 clean
3E3000
heap default
page read and write
 clean
3E0000
heap default
page read and write
 clean
42B000
heap default
page read and write
 clean
570000
heap private
page read and write
 clean
580000
unkown
page read and write
 clean
F0000
unkown
page read and write
 clean
There are 84 hidden memdumps, click here to show them.