Windows Analysis Report Seafood Order and Company Profile.xlsx
Overview
General Information
Detection
Score: | 56 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
Exploits: |
---|
Sigma detected: EQNEDT32.EXE connecting to internet | Show sources |
Source: | Author: Joe Security: |
Signature Overview |
---|
Click to jump to signature section
AV Detection: |
---|
Multi AV Scanner detection for submitted file | Show sources |
Source: | ReversingLabs: |
Exploits: |
---|
Source: | Process created: |
Source: | File opened: | Jump to behavior |
Source: | Memory has grown: |
Source: | TCP traffic: |
Source: | TCP traffic: |
Source: | ASN Name: |
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: |
Source: | HTTP traffic detected: |
Source: | String found in binary or memory: |
Source: | OLE stream indicators for Word, Excel, PowerPoint, and Visio: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | File read: | Jump to behavior |
Source: | File read: | Jump to behavior | ||
Source: | File read: | Jump to behavior |
Source: | ReversingLabs: |
Source: | Process created: | ||
Source: | Process created: |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | Static file information: |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'EncryptedPackage' entropy: |
Source: | Thread sleep time: | Jump to behavior | ||
Source: | Thread sleep time: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Exploitation for Client Execution2 | Path Interception | Process Injection1 | Masquerading1 | OS Credential Dumping | Virtualization/Sandbox Evasion1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Non-Application Layer Protocol2 | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Extra Window Memory Injection1 | Virtualization/Sandbox Evasion1 | LSASS Memory | File and Directory Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Application Layer Protocol12 | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Process Injection1 | Security Account Manager | System Information Discovery1 | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Ingress Tool Transfer4 | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Local Accounts | At (Windows) | Logon Script (Mac) | Logon Script (Mac) | Obfuscated Files or Information1 | NTDS | Remote System Discovery1 | Distributed Component Object Model | Input Capture | Scheduled Transfer | Protocol Impersonation | SIM Card Swap | Carrier Billing Fraud | |
Cloud Accounts | Cron | Network Logon Script | Network Logon Script | Extra Window Memory Injection1 | LSA Secrets | Remote System Discovery | SSH | Keylogging | Data Transfer Size Limits | Fallback Channels | Manipulate Device Communication | Manipulate App Store Rankings or Ratings |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
30% | ReversingLabs | Document-Office.Exploit.CVE-2017-11882 |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
Contacted URLs |
---|
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
true |
| unknown |
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
Public |
---|
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
103.133.109.192 | unknown | Viet Nam | 135905 | VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN | true |
General Information |
---|
Joe Sandbox Version: | 32.0.0 Black Diamond |
Analysis ID: | 435320 |
Start date: | 16.06.2021 |
Start time: | 12:16:23 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 4m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Seafood Order and Company Profile.xlsx |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 4 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | MAL |
Classification: | mal56.expl.winXLSX@2/18@0/1 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
Time | Type | Description |
---|---|---|
12:17:04 | API Interceptor |
Joe Sandbox View / Context |
---|
IPs |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
103.133.109.192 | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
Domains |
---|
No context |
---|
ASN |
---|
Match | Associated Sample Name / URL | SHA 256 | Detection | Link | Context |
---|---|---|---|---|---|
VNPT-AS-VNVIETNAMPOSTSANDTELECOMMUNICATIONSGROUPVN | Get hash | malicious | Browse |
| |
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
| ||
Get hash | malicious | Browse |
|
JA3 Fingerprints |
---|
No context |
---|
Dropped Files |
---|
No context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 79394 |
Entropy (8bit): | 7.864111100215953 |
Encrypted: | false |
SSDEEP: | 1536:ACLfq2zNFewyOGGG0QZ+6G0GGGLvjpP7OGGGeLEnf85dUGkm6COLZgf3BNUdQ:7PzbewyOGGGv+6G0GGG7jpP7OGGGeLEe |
MD5: | 16925690E9B366EA60B610F517789AF1 |
SHA1: | 9F3FE15AE44644F9ED8C2CA668B7020DF726426B |
SHA-256: | C3D7308B11E8C1EFD9C0A7F6EC370A13EC2C87123811865ED372435784579C1F |
SHA-512: | AEF16EA5F33602233D60F6B6861980488FD252F14DCAE10A9A328338A6890B081D59DCBD9F5B68E93D394DEF2E71AD06937CE2711290E7DD410451A3B1E54CDD |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8815 |
Entropy (8bit): | 7.944898651451431 |
Encrypted: | false |
SSDEEP: | 192:Qjnr2Il8e7li2YRD5x5dlyuaQ0ugZIBn+0O2yHQGYtPto:QZl8e7li2YdRyuZ0b+JGgtPW |
MD5: | F06432656347B7042C803FE58F4043E1 |
SHA1: | 4BD52B10B24EADECA4B227969170C1D06626A639 |
SHA-256: | 409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6 |
SHA-512: | 358FEB8CBFFBE6329F31959F0F03C079CF95B494D3C76CF3669D28CA8CDB42B04307AE46CED1FC0605DEF31D9839A0283B43AA5D409ADC283A1CAD787BE95F0E |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 50311 |
Entropy (8bit): | 7.960958863022709 |
Encrypted: | false |
SSDEEP: | 768:hfo72tRlBZeeRugjj8yooVAK92SYAD0PSsX35SVFN0t3HcoNz8WEK6Hm8bbxXVGx:hf0WBueSoVAKxLD06w35SEVNz8im0AEH |
MD5: | 4141C7515CE64FED13BE6D2BA33299AA |
SHA1: | B290F533537A734B7030CE1269AC8C5398754194 |
SHA-256: | F6B0FE628E1469769E6BD3660611B078CEF6EE396F693361B1B42A9100973B75 |
SHA-512: | 74E9927BF0C6F8CB9C3973FD68DAD12B422DC4358D5CCED956BC6A20139B21D929E47165F77D208698924CB7950A7D5132953C75770E4A357580BF271BD9BD88 |
Malicious: | false |
Reputation: | moderate, very likely benign file |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 49744 |
Entropy (8bit): | 7.99056926749243 |
Encrypted: | true |
SSDEEP: | 768:wnuJ6p14x3egT1LYye1wBiPaaBsZbkCev17dGOhRkJjsv+gZB/UcVaxZJ2LEz:Yfp1UeWNYF1UiPm+/q1sxZB/ZS |
MD5: | 63A6CB15B2B8ECD64F1158F5C8FBDCC8 |
SHA1: | 8783B949B93383C2A5AF7369C6EEB9D5DD7A56F6 |
SHA-256: | AEA49B54BA0E46F19E04BB883DA311518AF3711132E39D3AF143833920CDD232 |
SHA-512: | BB42A40E6EADF558C2AAE82F5FB60B8D3AC06E669F41B46FCBE65028F02B2E63491DB40E1C6F1B21A830E72EE52586B83A24A055A06C2CCC2D1207C2D5AD6B45 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 29499 |
Entropy (8bit): | 7.667442162526095 |
Encrypted: | false |
SSDEEP: | 384:ac8UyN1qqyn7FdNfzZY3AJ0NcoEwa4OXyTqEunn9k+MPiEWsKHBm8oguHh9kt98g:p8wn7TNfzZ0NcnwR6kvKPsPWghY6g |
MD5: | 4FBDDF16124B6C9368537DF70A238C14 |
SHA1: | 45E34D715128C6954F589910E6D0429370D3E01A |
SHA-256: | 0668A8E7DA394FE73B994AD85F6CA782F6C09BFF2F35581854C2408CF3909D86 |
SHA-512: | EA17593F175D49792629EC35320AD21D5707CB4CF9E3A7B5DA362FC86AF207F0C14059B51233C3E371F2B7830EAD693B604264CA50968891B420FEA2FC4B29EC |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7592 |
Entropy (8bit): | 5.452334018432516 |
Encrypted: | false |
SSDEEP: | 96:znY+f/mcqblJaXn/08pnDp0d7vilxL01/G37uVH1oL6lcQtoVhZxGOme3SBwi:bYCVSTxK/LA/FVoL3QtKhn+e3+wi |
MD5: | 174F7349639B3C21402C2DE53E860A70 |
SHA1: | D6215A38F72901A6A2832056E783CACD84B3855A |
SHA-256: | BD4277F040C3459648B8B3121B63E0B7D3F801BD538EE715447506ACBC0187DB |
SHA-512: | C35A4C84082AC42D30F4D5EA644037EFB623EA7F67AA6E48DA7CCFB52E38F8EFD4D3C6775B724110EB580AF524E749E320C5987F2230544925BF2A85CAD9B167 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 49744 |
Entropy (8bit): | 7.99056926749243 |
Encrypted: | true |
SSDEEP: | 768:wnuJ6p14x3egT1LYye1wBiPaaBsZbkCev17dGOhRkJjsv+gZB/UcVaxZJ2LEz:Yfp1UeWNYF1UiPm+/q1sxZB/ZS |
MD5: | 63A6CB15B2B8ECD64F1158F5C8FBDCC8 |
SHA1: | 8783B949B93383C2A5AF7369C6EEB9D5DD7A56F6 |
SHA-256: | AEA49B54BA0E46F19E04BB883DA311518AF3711132E39D3AF143833920CDD232 |
SHA-512: | BB42A40E6EADF558C2AAE82F5FB60B8D3AC06E669F41B46FCBE65028F02B2E63491DB40E1C6F1B21A830E72EE52586B83A24A055A06C2CCC2D1207C2D5AD6B45 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 84203 |
Entropy (8bit): | 7.979766688932294 |
Encrypted: | false |
SSDEEP: | 1536:RrpoeM3WUHO25A8HD3So4lL9jvtO63O2l/Wr9nuQvs+9QvM4PmgZuVHdJ5v3ZK7+:H5YHOhwx4lRTtO6349uQvXJ4PmgZu11J |
MD5: | 208FD40D2F72D9AED77A86A44782E9E2 |
SHA1: | 216B99E777ED782BDC3BFD1075DB90DFDDABD20F |
SHA-256: | CBFDB963E074C150190C93796163F3889165BF4471CA77C39E756CF3F6F703FF |
SHA-512: | 7BCE80FFA8B0707E4598639023876286B6371AE465A9365FA21D2C01405AB090517C448514880713CA22875013074DB9D5ED8DA93C223F265C179CFADA609A64 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 51166 |
Entropy (8bit): | 7.767050944061069 |
Encrypted: | false |
SSDEEP: | 1536:zdKgAwKoL5H8LiLtoEdJ9OSbB7laAvRXDlBig49A:JDAQ9H8/GMSdhahg49A |
MD5: | 8C29CF033A1357A8DE6BF1FC4D0B2354 |
SHA1: | 85B228BBC80DC60D40F4D3473E10B742E7B9039E |
SHA-256: | E7B744F45621B40AC44F270A9D714312170762CA4A7DAF2BA78D5071300EF454 |
SHA-512: | F2431F3345AAB82CFCE2F96E1D54E53539964726F2E0DBC1724A836AD6281493291156AAD7CA263B829E4A1210A118E6FA791F198B869B4741CB47047A5E6D6A |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 50311 |
Entropy (8bit): | 7.960958863022709 |
Encrypted: | false |
SSDEEP: | 768:hfo72tRlBZeeRugjj8yooVAK92SYAD0PSsX35SVFN0t3HcoNz8WEK6Hm8bbxXVGx:hf0WBueSoVAKxLD06w35SEVNz8im0AEH |
MD5: | 4141C7515CE64FED13BE6D2BA33299AA |
SHA1: | B290F533537A734B7030CE1269AC8C5398754194 |
SHA-256: | F6B0FE628E1469769E6BD3660611B078CEF6EE396F693361B1B42A9100973B75 |
SHA-512: | 74E9927BF0C6F8CB9C3973FD68DAD12B422DC4358D5CCED956BC6A20139B21D929E47165F77D208698924CB7950A7D5132953C75770E4A357580BF271BD9BD88 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 7608 |
Entropy (8bit): | 5.091127811854214 |
Encrypted: | false |
SSDEEP: | 96:+SDjyLSR5gs3iwiMO10VCVU7ckQadVDYM/PVfmhDqpH:5Djr+sW31RGtdVDYM3VfmkpH |
MD5: | EB06F07412A815AED391F20298C1087B |
SHA1: | AC0601FFC173F50B56C3AE2265C61B76711FBE01 |
SHA-256: | 5CA81C391E8CA113254221D535BE4E0677908DA61DE0016EC963DD443F535FDE |
SHA-512: | 38AEF603FAC0AB6FB7159EBA5B48BD7E191A433739710AEACB11538E51ADA5E99CD724BE5B3886986FCBB02375B0C132B0C303AE8838602BCE88475DDD727A49 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 8815 |
Entropy (8bit): | 7.944898651451431 |
Encrypted: | false |
SSDEEP: | 192:Qjnr2Il8e7li2YRD5x5dlyuaQ0ugZIBn+0O2yHQGYtPto:QZl8e7li2YdRyuZ0b+JGgtPW |
MD5: | F06432656347B7042C803FE58F4043E1 |
SHA1: | 4BD52B10B24EADECA4B227969170C1D06626A639 |
SHA-256: | 409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6 |
SHA-512: | 358FEB8CBFFBE6329F31959F0F03C079CF95B494D3C76CF3669D28CA8CDB42B04307AE46CED1FC0605DEF31D9839A0283B43AA5D409ADC283A1CAD787BE95F0E |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 29499 |
Entropy (8bit): | 7.667442162526095 |
Encrypted: | false |
SSDEEP: | 384:ac8UyN1qqyn7FdNfzZY3AJ0NcoEwa4OXyTqEunn9k+MPiEWsKHBm8oguHh9kt98g:p8wn7TNfzZ0NcnwR6kvKPsPWghY6g |
MD5: | 4FBDDF16124B6C9368537DF70A238C14 |
SHA1: | 45E34D715128C6954F589910E6D0429370D3E01A |
SHA-256: | 0668A8E7DA394FE73B994AD85F6CA782F6C09BFF2F35581854C2408CF3909D86 |
SHA-512: | EA17593F175D49792629EC35320AD21D5707CB4CF9E3A7B5DA362FC86AF207F0C14059B51233C3E371F2B7830EAD693B604264CA50968891B420FEA2FC4B29EC |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 79394 |
Entropy (8bit): | 7.864111100215953 |
Encrypted: | false |
SSDEEP: | 1536:ACLfq2zNFewyOGGG0QZ+6G0GGGLvjpP7OGGGeLEnf85dUGkm6COLZgf3BNUdQ:7PzbewyOGGGv+6G0GGG7jpP7OGGGeLEe |
MD5: | 16925690E9B366EA60B610F517789AF1 |
SHA1: | 9F3FE15AE44644F9ED8C2CA668B7020DF726426B |
SHA-256: | C3D7308B11E8C1EFD9C0A7F6EC370A13EC2C87123811865ED372435784579C1F |
SHA-512: | AEF16EA5F33602233D60F6B6861980488FD252F14DCAE10A9A328338A6890B081D59DCBD9F5B68E93D394DEF2E71AD06937CE2711290E7DD410451A3B1E54CDD |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 84203 |
Entropy (8bit): | 7.979766688932294 |
Encrypted: | false |
SSDEEP: | 1536:RrpoeM3WUHO25A8HD3So4lL9jvtO63O2l/Wr9nuQvs+9QvM4PmgZuVHdJ5v3ZK7+:H5YHOhwx4lRTtO6349uQvXJ4PmgZu11J |
MD5: | 208FD40D2F72D9AED77A86A44782E9E2 |
SHA1: | 216B99E777ED782BDC3BFD1075DB90DFDDABD20F |
SHA-256: | CBFDB963E074C150190C93796163F3889165BF4471CA77C39E756CF3F6F703FF |
SHA-512: | 7BCE80FFA8B0707E4598639023876286B6371AE465A9365FA21D2C01405AB090517C448514880713CA22875013074DB9D5ED8DA93C223F265C179CFADA609A64 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 648132 |
Entropy (8bit): | 2.8124530118203914 |
Encrypted: | false |
SSDEEP: | 3072:134UL0tS6WB0JOqFB5AEA7rgXuzqr8nG/qc+L+:l4UcLe0JOcXuurhqcJ |
MD5: | 955A9E08DFD3A0E31C7BCF66F9519FFC |
SHA1: | F677467423105ACF39B76CB366F08152527052B3 |
SHA-256: | 08A70584E1492DA4EC8557567B12F3EA3C375DAD72EC15226CAFB857527E86A5 |
SHA-512: | 39A2A0C062DEB58768083A946B8BCE0E46FDB2F9DDFB487FE9C544792E50FEBB45CEEE37627AA0B6FEC1053AB48841219E12B7E4B97C51F6A4FD308B52555688 |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 51166 |
Entropy (8bit): | 7.767050944061069 |
Encrypted: | false |
SSDEEP: | 1536:zdKgAwKoL5H8LiLtoEdJ9OSbB7laAvRXDlBig49A:JDAQ9H8/GMSdhahg49A |
MD5: | 8C29CF033A1357A8DE6BF1FC4D0B2354 |
SHA1: | 85B228BBC80DC60D40F4D3473E10B742E7B9039E |
SHA-256: | E7B744F45621B40AC44F270A9D714312170762CA4A7DAF2BA78D5071300EF454 |
SHA-512: | F2431F3345AAB82CFCE2F96E1D54E53539964726F2E0DBC1724A836AD6281493291156AAD7CA263B829E4A1210A118E6FA791F198B869B4741CB47047A5E6D6A |
Malicious: | false |
Preview: |
|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 330 |
Entropy (8bit): | 1.4377382811115937 |
Encrypted: | false |
SSDEEP: | 3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS |
MD5: | 96114D75E30EBD26B572C1FC83D1D02E |
SHA1: | A44EEBDA5EB09862AC46346227F06F8CFAF19407 |
SHA-256: | 0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523 |
SHA-512: | 52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0 |
Malicious: | true |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.995552020832647 |
TrID: |
|
File name: | Seafood Order and Company Profile.xlsx |
File size: | 1315840 |
MD5: | 4c9867155a69c0e089cbf6e287442798 |
SHA1: | 72fd5acd0ce33714c3aff9e837af3be0db733800 |
SHA256: | 9fcc8435ac8254ae9b1dea93cff53098e94d193ea4edef5b5300e7c8f0328d2c |
SHA512: | 4855ee30d0d5b56f6fa33ef20cf709b80aae2dfabc7eadfb65e21328aaa3d8634086b7a31bb8cfe2201fec21ccb18f6424e09f8cdd332de1df4655bcfe076f35 |
SSDEEP: | 24576:0qPFc03WtYM1mvUtca7XBUBMfaM0XeUSkiRROa:XChtYvvqRUBqazu/H |
File Content Preview: | ........................>.......................................................................................................|.......~...............z...................................................................................................... |
File Icon |
---|
Icon Hash: | e4e2aa8aa4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "Seafood Order and Company Profile.xlsx" |
---|
Indicators | |
---|---|
Has Summary Info: | False |
Application Name: | unknown |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | False |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | False |
Streams |
---|
Stream Path: \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace, File Type: data, Stream Size: 64 |
---|
General | |
---|---|
Stream Path: | \x6DataSpaces/DataSpaceInfo/StrongEncryptionDataSpace |
File Type: | data |
Stream Size: | 64 |
Entropy: | 2.73637206947 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . |
Data Raw: | 08 00 00 00 01 00 00 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 54 00 72 00 61 00 6e 00 73 00 66 00 6f 00 72 00 6d 00 00 00 |
Stream Path: \x6DataSpaces/DataSpaceMap, File Type: data, Stream Size: 112 |
---|
General | |
---|---|
Stream Path: | \x6DataSpaces/DataSpaceMap |
File Type: | data |
Stream Size: | 112 |
Entropy: | 2.7597816111 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . h . . . . . . . . . . . . . . E . n . c . r . y . p . t . e . d . P . a . c . k . a . g . e . 2 . . . S . t . r . o . n . g . E . n . c . r . y . p . t . i . o . n . D . a . t . a . S . p . a . c . e . . . |
Data Raw: | 08 00 00 00 01 00 00 00 68 00 00 00 01 00 00 00 00 00 00 00 20 00 00 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 65 00 64 00 50 00 61 00 63 00 6b 00 61 00 67 00 65 00 32 00 00 00 53 00 74 00 72 00 6f 00 6e 00 67 00 45 00 6e 00 63 00 72 00 79 00 70 00 74 00 69 00 6f 00 6e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 00 00 |
Stream Path: \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary, File Type: data, Stream Size: 200 |
---|
General | |
---|---|
Stream Path: | \x6DataSpaces/TransformInfo/StrongEncryptionTransform/\x6Primary |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.13335930328 |
Base64 Encoded: | False |
Data ASCII: | X . . . . . . . L . . . { . F . F . 9 . A . 3 . F . 0 . 3 . - . 5 . 6 . E . F . - . 4 . 6 . 1 . 3 . - . B . D . D . 5 . - . 5 . A . 4 . 1 . C . 1 . D . 0 . 7 . 2 . 4 . 6 . } . N . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . E . n . c . r . y . p . t . i . o . n . T . r . a . n . s . f . o . r . m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 58 00 00 00 01 00 00 00 4c 00 00 00 7b 00 46 00 46 00 39 00 41 00 33 00 46 00 30 00 33 00 2d 00 35 00 36 00 45 00 46 00 2d 00 34 00 36 00 31 00 33 00 2d 00 42 00 44 00 44 00 35 00 2d 00 35 00 41 00 34 00 31 00 43 00 31 00 44 00 30 00 37 00 32 00 34 00 36 00 7d 00 4e 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 |
Stream Path: \x6DataSpaces/Version, File Type: data, Stream Size: 76 |
---|
General | |
---|---|
Stream Path: | \x6DataSpaces/Version |
File Type: | data |
Stream Size: | 76 |
Entropy: | 2.79079600998 |
Base64 Encoded: | False |
Data ASCII: | < . . . M . i . c . r . o . s . o . f . t . . . C . o . n . t . a . i . n . e . r . . . D . a . t . a . S . p . a . c . e . s . . . . . . . . . . . . . |
Data Raw: | 3c 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 2e 00 43 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 72 00 2e 00 44 00 61 00 74 00 61 00 53 00 70 00 61 00 63 00 65 00 73 00 01 00 00 00 01 00 00 00 01 00 00 00 |
Stream Path: EncryptedPackage, File Type: data, Stream Size: 1301128 |
---|
General | |
---|---|
Stream Path: | EncryptedPackage |
File Type: | data |
Stream Size: | 1301128 |
Entropy: | 7.9998536578 |
Base64 Encoded: | True |
Data ASCII: | } . . . . . . . . . . . . . . O . . . . . . - . U . E h % f . Y . . . . 0 ) . . . . . i u . . . + , . . . . . . h H . . . . . N | K e . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . % . . . . . . . . . . . . . E . |
Data Raw: | 7d da 13 00 00 00 00 00 9b 1e fc ad 9f 90 a7 4f 8a 13 d5 81 0d 87 2d 95 55 a2 45 68 25 66 04 59 86 04 d9 c7 30 29 e4 d6 1a cc a2 69 75 b6 0c d6 2b 2c 1a f3 82 b3 09 c7 68 48 12 0a c1 17 ae 4e 7c 4b 65 b9 8b d5 03 af 9c 98 9b eb b5 9c 45 1b 25 8e c3 f4 83 82 1e 83 9c 98 9b eb b5 9c 45 1b 25 8e c3 f4 83 82 1e 83 9c 98 9b eb b5 9c 45 1b 25 8e c3 f4 83 82 1e 83 9c 98 9b eb b5 9c 45 1b |
Stream Path: EncryptionInfo, File Type: data, Stream Size: 224 |
---|
General | |
---|---|
Stream Path: | EncryptionInfo |
File Type: | data |
Stream Size: | 224 |
Entropy: | 4.54585124335 |
Base64 Encoded: | False |
Data ASCII: | . . . . $ . . . . . . . $ . . . . . . . . f . . . . . . . . . . . . . . . . . . . . . . M . i . c . r . o . s . o . f . t . . E . n . h . a . n . c . e . d . . R . S . A . . a . n . d . . A . E . S . . C . r . y . p . t . o . g . r . a . p . h . i . c . . P . r . o . v . i . d . e . r . . . . . . . e . ` . ` . > . . . . [ . . + ) . . . . . . . J 5 . . _ V 3 . . . . . ) . d . . 3 ^ Y . . . . . r . . . ; ) . 4 . . V . . . 2 . x . 1 |
Data Raw: | 04 00 02 00 24 00 00 00 8c 00 00 00 24 00 00 00 00 00 00 00 0e 66 00 00 04 80 00 00 80 00 00 00 18 00 00 00 00 00 00 00 00 00 00 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 20 00 45 00 6e 00 68 00 61 00 6e 00 63 00 65 00 64 00 20 00 52 00 53 00 41 00 20 00 61 00 6e 00 64 00 20 00 41 00 45 00 53 00 20 00 43 00 72 00 79 00 70 00 74 00 6f 00 67 00 72 00 61 00 70 00 68 00 |
Network Behavior |
---|
Network Port Distribution |
---|
TCP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Jun 16, 2021 12:17:42.105499983 CEST | 49167 | 80 | 192.168.2.22 | 103.133.109.192 |
Jun 16, 2021 12:17:42.354635000 CEST | 80 | 49167 | 103.133.109.192 | 192.168.2.22 |
Jun 16, 2021 12:17:42.354748011 CEST | 49167 | 80 | 192.168.2.22 | 103.133.109.192 |
Jun 16, 2021 12:17:42.355107069 CEST | 49167 | 80 | 192.168.2.22 | 103.133.109.192 |
Jun 16, 2021 12:17:42.607487917 CEST | 80 | 49167 | 103.133.109.192 | 192.168.2.22 |
Jun 16, 2021 12:17:42.608426094 CEST | 49167 | 80 | 192.168.2.22 | 103.133.109.192 |
Jun 16, 2021 12:17:45.411159039 CEST | 49167 | 80 | 192.168.2.22 | 103.133.109.192 |
HTTP Request Dependency Graph |
---|
|
HTTP Packets |
---|
Session ID | Source IP | Source Port | Destination IP | Destination Port | Process |
---|---|---|---|---|---|
0 | 192.168.2.22 | 49167 | 103.133.109.192 | 80 | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Timestamp | kBytes transferred | Direction | Data |
---|---|---|---|
Jun 16, 2021 12:17:42.355107069 CEST | 1 | OUT | |
Jun 16, 2021 12:17:42.607487917 CEST | 1 | IN |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
Behavior |
---|
Click to jump to process
System Behavior |
---|
General |
---|
Start time: | 12:16:43 |
Start date: | 16/06/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fdc0000 |
File size: | 27641504 bytes |
MD5 hash: | 5FB0A0F93382ECD19F5F499A5CAA59F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
General |
---|
Start time: | 12:17:04 |
Start date: | 16/06/2021 |
Path: | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x400000 |
File size: | 543304 bytes |
MD5 hash: | A87236E214F6D42A65F5DEDAC816AEC8 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|