IOCReport

loading gif

Files

File Path
Type
Category
Malicious
banUwVSwBY.xlsx
Microsoft Excel 2007+
initial sample
 malicious
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FC5BF66.tif
TIFF image data, little-endian, direntries=19, height=1600, bps=53710, compression=LZW, PhotometricIntepretation=RGB, width=1600
dropped
 clean
C:\Users\user\AppData\Local\Temp\060F0000
data
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Wed Jun 9 15:31:52 2021, atime=Wed Jun 9 15:31:52 2021, length=8192, window=hide
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\banUwVSwBY.LNK
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Jun 9 15:31:30 2021, mtime=Wed Jun 9 15:31:52 2021, atime=Wed Jun 9 15:31:52 2021, length=338387, window=hide
dropped
 clean
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
ASCII text, with CRLF line terminators
dropped
 clean
C:\Users\user\Desktop\D60F0000
data
dropped
 clean
C:\Users\user\Desktop\~$banUwVSwBY.xls
data
dropped
 clean
C:\Users\user\Desktop\~$banUwVSwBY.xlsx
data
dropped
 clean

Processes

Path
Cmdline
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32 -s ..\Post.storg
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32 -s ..\Post.storg1
 malicious
C:\Windows\System32\regsvr32.exe
regsvr32 -s ..\Post.storg2
 malicious

URLs

Name
IP
Malicious
http://51.89.115.124/44356.3971392361.dat
51.89.115.124
 clean
http://190.14.37.134/44356.3971392361.dat
190.14.37.134
 clean
http://servername/isapibackend.dll
unknown
 clean

IPs

IP
Domain
Country
Malicious
190.14.37.134
unknown
Panama
clean
51.89.115.124
unknown
France
clean
37.1.196.25
unknown
Ukraine
clean

Registry

Path
Value
Malicious
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
md8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
MTTT
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ReviewToken
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EF834
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
VBAFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DefaultSheetR2L
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
UseSystemSeparators
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ThousandsSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
DecimalSeparator
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EFCE5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EFDDF
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EFEAA
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EFFA3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F009D
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F0158
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F0252
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F031C
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F03E7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F04B2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F05AC
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F0676
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
F0741
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} {000214E6-0000-0000-C000-000000000046} 0xFFFF
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
{w8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
LastPurgeTime
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1013FE
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Max Display
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 1
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 2
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 3
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 4
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 5
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 6
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 7
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 8
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 9
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 10
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 11
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 12
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 13
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 14
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 15
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 16
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 17
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 18
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 19
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Item 20
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1016BC
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
EXCELFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_3082
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1036
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SpellingAndGrammarFiles_1033
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
ProductFiles
 clean
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
SavedLegacySettings
 clean
There are 104 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
530000
unkown
page read and write
 clean
1C0000
heap private
page read and write
 clean
2B7000
heap default
page read and write
 clean
257000
heap default
page read and write
 clean
1C4000
heap private
page read and write
 clean
7F0000
unkown
page readonly
 clean
670000
unkown
page readonly
 clean
48A000
heap default
page read and write
 clean
494000
heap private
page read and write
 clean
2250000
unkown
page write copy
 clean
103000
heap default
page read and write
 clean
3E6000
unkown
page read and write
 clean
2180000
heap private
page read and write
 clean
B7000
heap default
page read and write
 clean
2ED000
heap default
page read and write
 clean
250000
unkown
page read and write
 clean
437000
heap default
page read and write
 clean
270000
unkown
page readonly
 clean
15D000
unkown
page read and write
 clean
E0000
unkown
page read and write
 clean
20000
unkown
page readonly
 clean
430000
unkown
page read and write
 clean
28E000
heap default
page read and write
 clean
70000
unkown
page readonly
 clean
B0000
heap default
page read and write
 clean
7B0000
unkown
page readonly
 clean
21BB000
heap private
page read and write
 clean
4A5000
heap private
page read and write
 clean
F0000
unkown
page read and write
 clean
350000
unkown
page read and write
 clean
20A0000
unkown
page write copy
 clean
286000
unkown
page read and write
 clean
1D90000
unkown
page readonly
 clean
20F5000
heap private
page read and write
 clean
5A6000
unkown
page read and write
 clean
2FB000
heap default
page read and write
 clean
1CC0000
unkown
page readonly
 clean
2B0000
heap default
page read and write
 clean
564000
heap private
page read and write
 clean
20F0000
heap private
page read and write
 clean
10A000
heap default
page read and write
 clean
5CF000
unkown
page read and write
 clean
483000
heap default
page read and write
 clean
2170000
unkown
page write copy
 clean
4A0000
heap private
page read and write
 clean
2F6000
heap default
page read and write
 clean
E0000
unkown
page read and write
 clean
2AA000
heap default
page read and write
 clean
2170000
unkown
page readonly
 clean
5A0000
unkown
page readonly
 clean
3B0000
unkown
page read and write
 clean
20000
unkown
page readonly
 clean
80000
unkown
page read and write
 clean
26C000
unkown
page read and write
 clean
2090000
unkown
page readonly
 clean
594000
heap private
page read and write
 clean
630000
unkown
page readonly
 clean
466000
unkown
page read and write
 clean
46E000
heap default
page read and write
 clean
20C000
unkown
page read and write
 clean
EE000
heap default
page read and write
 clean
250000
heap default
page read and write
 clean
3E0000
heap private
page read and write
 clean
490000
heap private
page read and write
 clean
4DB000
heap private
page read and write
 clean
366000
unkown
page read and write
 clean
60000
unkown
page readonly
 clean
F0000
unkown
page read and write
 clean
560000
heap private
page read and write
 clean
2185000
heap private
page read and write
 clean
566000
unkown
page read and write
 clean
570000
unkown
page read and write
 clean
1FC0000
unkown
page readonly
 clean
2A3000
heap default
page read and write
 clean
320000
heap private
page read and write
 clean
20000
unkown
page readonly
 clean
2AF000
unkown
page read and write
 clean
810000
unkown
page readonly
 clean
1B0000
heap private
page read and write
 clean
70000
unkown
page read and write
 clean
330000
unkown
page read and write
 clean
324000
heap private
page read and write
 clean
B6F000
unkown
page read and write
 clean
1B4000
heap private
page read and write
 clean
3E4000
heap private
page read and write
 clean
430000
heap default
page read and write
 clean
78E000
unkown
page read and write
 clean
386000
unkown
page read and write
 clean
1D50000
unkown
page readonly
 clean
212B000
heap private
page read and write
 clean
70000
unkown
page readonly
 clean
720000
unkown
page readonly
 clean
24C000
unkown
page read and write
 clean
590000
heap private
page read and write
 clean
There are 84 hidden memdumps, click here to show them.