Windows Analysis Report 00620 - 2011 Dept Expense Detail.xls
Overview
General Information
Detection
Score: | 20 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HiddenMacro | Yara detected hidden Macro 4.0 in Excel | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
Source: | File opened: |
Source: | String found in binary or memory: |
Source: | OLE indicator, VBA macros: |
Source: | File read: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: |
Source: | Classification label: |
Source: | Window detected: |
Source: | Key opened: |
Source: | File opened: |
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: | ||
Source: | Process information set: |
HIPS / PFW / Operating System Protection Evasion: |
---|
Yara detected hidden Macro 4.0 in Excel | Show sources |
Source: | File source: |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | Path Interception | Path Interception | Scripting1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Rootkit | LSASS Memory | System Information Discovery1 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
2% | Virustotal | Browse | ||
2% | ReversingLabs | Document.Trojan.CutwailOLE |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
No Antivirus matches |
---|
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 467210 |
Start date: | 18.08.2021 |
Start time: | 00:48:00 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 3m 51s |
Hypervisor based Inspection enabled: | false |
Report type: | light |
Sample file name: | 00620 - 2011 Dept Expense Detail.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Run name: | Without Instrumentation |
Number of analysed new started processes analysed: | 2 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | SUS |
Classification: | sus20.expl.winXLS@1/1@0/0 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 162688 |
Entropy (8bit): | 4.254329420014995 |
Encrypted: | false |
SSDEEP: | 1536:C6QL3FNSc8SetKB96vQVCBumVMOej6mXmYarrJQcd1FaLcm48s:C5JNSc83tKBAvQVCgOtmXmLpLm4l |
MD5: | BA3A5A8B120D0E05EC631751C07686D5 |
SHA1: | 97CC5690EFF6CA2B171FB5FC9C2DE275FF3E1C4F |
SHA-256: | 6C8F46438F09ED16AF36DF695946F806C5DD8406EBFA9D1930AC7BA6C941F7C8 |
SHA-512: | 85929616D6BB719D5DB8AFDDAF1A12CF61A4E38F6B8C8B2FC78FF05336CDA8A2151514D90AEF46BC9CB182D802D78BD801C77CB9721D1A878A3C2DD5004F8259 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 4.043229382190713 |
TrID: |
|
File name: | 00620 - 2011 Dept Expense Detail.xls |
File size: | 53760 |
MD5: | 57bcdf4ddd4c73eb7b1579edf9e10d62 |
SHA1: | fb7ee5e7a2ef599bcbf982ff6823387792a90335 |
SHA256: | 5c0e2dc5c3e763417c7fb8f02f8d12a64e9aad4f7fa4cf0e7a09e31bfe20e4fd |
SHA512: | f0f613246b8fd11cca39102e1aaeea11b3c2228cbee6778245bb34bc96c59bd4ac069e80020ba0bdfb0d90a4b8ccccc6387922b1ec72915fd15c8666bc90643b |
SSDEEP: | 768:g9RUbndMNmu2jm1xW5aUgAVZx5mXMr2q3rLrLn+zghx0QQDI:iKndMwfjSW5SAVZdygP8 |
File Content Preview: | ........................>...................................M.................................................................................................................................................................................................. |
File Icon |
---|
Icon Hash: | e4eea286a4b4bcb4 |
Static OLE Info |
---|
General | ||
---|---|---|
Document Type: | OLE | |
Number of OLE Files: | 1 |
OLE File "00620 - 2011 Dept Expense Detail.xls" |
---|
Indicators | |
---|---|
Has Summary Info: | True |
Application Name: | Microsoft Excel |
Encrypted Document: | False |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | |
Flash Objects Count: | |
Contains VBA Macros: | True |
Summary | |
---|---|
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 1999-02-04 16:48:36 |
Last Saved Time: | 2011-09-20 14:04:38 |
Creating Application: | |
Security: | 0 |
Document Summary | |
---|---|
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 730895 |
Streams with VBA |
---|
VBA File Name: Module1.bas, Stream Size: 3440 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/Module1 |
VBA File Name: | Module1.bas |
Stream Size: | 3440 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 06 f0 00 00 00 84 03 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff b2 03 00 00 26 0a 00 00 01 00 00 00 01 00 00 00 e9 9b 00 00 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 04 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
Time: |
DateTime |
(last |
data/layout |
insert |
"B").Value |
report |
Hideflag |
entire |
column) |
EndColumn |
Range("BeginColumn") |
found |
'places |
searching |
cursor |
BeginRow |
'this |
Cnum).Select |
Worksheets("Actuals").Activate |
EndRow |
column |
ActiveSheet.Cells(Rnum, |
Range("End") |
Integer, |
HideRows.VB_ProcData.VB_Invoke_Func |
Integer |
Attribute |
hasn't |
value |
.Column |
zeroes. |
VB_Name |
HideRows() |
Range("EndColumn") |
other |
ActiveCell.Value |
Range("BeginRow") |
Selection.EntireRow.Hidden |
BeginColumn |
first |
VBA Code |
---|
|
VBA File Name: ThisWorkbook.cls, Stream Size: 985 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 e9 9b 89 96 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
VBA Code Keywords |
---|
Keyword |
---|
False |
VB_Exposed |
Attribute |
VB_Name |
VB_Creatable |
"ThisWorkbook" |
VB_PredeclaredId |
VB_GlobalNameSpace |
VB_Base |
VB_Customizable |
VB_TemplateDerived |
VBA Code |
---|
|
Streams |
---|
Stream Path: \x1CompObj, File Type: data, Stream Size: 109 |
---|
General | |
---|---|
Stream Path: | \x1CompObj |
File Type: | data |
Stream Size: | 109 |
Entropy: | 4.12087539431 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . F ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 376 |
---|
General | |
---|---|
Stream Path: | \x5DocumentSummaryInformation |
File Type: | data |
Stream Size: | 376 |
Entropy: | 3.8484246152 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . H . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . ' . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A c t u a l s . . . . . M a c r o 1 . . . . . B e g i n C o l u m n . . . . . E n d C o l u m n . . . . . A c t u a l s ! P r i n t _ A r e a . . . . . |
Data Raw: | fe ff 00 00 05 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 48 01 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 e5 00 00 00 02 00 00 00 e4 04 00 00 |
Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 216 |
---|
General | |
---|---|
Stream Path: | \x5SummaryInformation |
File Type: | data |
Stream Size: | 216 |
Entropy: | 3.75113746536 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . ` . . . . . . . p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A u t o N a t i o n U S A . . . . . . . . . . D u p r e e P . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . . 5 ^ P . . @ . . . . _ . ; . w . . . . . . . . . . |
Data Raw: | fe ff 00 00 05 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 a8 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 60 00 00 00 12 00 00 00 70 00 00 00 0c 00 00 00 88 00 00 00 0d 00 00 00 94 00 00 00 13 00 00 00 a0 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 10 00 00 00 |
Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 37717 |
---|
General | |
---|---|
Stream Path: | Workbook |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 37717 |
Entropy: | 3.85189249275 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . D u p r e e P B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . T h i s W o r k b o o k . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . . F . 8 . . . . . . |
Data Raw: | 09 08 10 00 00 06 05 00 88 20 cd 07 c9 c0 00 00 06 03 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 07 00 00 44 75 70 72 65 65 50 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 |
Stream Path: _VBA_PROJECT_CUR/PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 405 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 405 |
Entropy: | 5.34110993151 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 6 0 B 0 5 3 F 8 - 9 E 9 D - 1 1 D 2 - 8 F B 6 - 0 0 C 0 4 F 7 7 2 2 2 6 } " . . M o d u l e = M o d u l e 1 . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . N a m e = " F T C O R P . X N V " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 0 7 0 5 B D 4 6 4 F C 6 4 C C A 4 C C A 4 C C A 4 C C A " . . D P B = " 0 0 0 2 B A B D B B B D B B B D " . . G C = " F 9 F B 4 3 B 4 4 4 B 4 4 4 4 B " . . . . [ H o s t |
Data Raw: | 49 44 3d 22 7b 36 30 42 30 35 33 46 38 2d 39 45 39 44 2d 31 31 44 32 2d 38 46 42 36 2d 30 30 43 30 34 46 37 37 32 32 32 36 7d 22 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4e 61 6d 65 3d 22 46 54 43 4f 52 50 2e 58 4e 56 22 0d 0a 48 65 6c 70 43 6f 6e 74 65 78 74 49 44 3d |
Stream Path: _VBA_PROJECT_CUR/PROJECTwm, File Type: data, Stream Size: 65 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
File Type: | data |
Stream Size: | 65 |
Entropy: | 3.15495300444 |
Base64 Encoded: | False |
Data ASCII: | M o d u l e 1 . M . o . d . u . l . e . 1 . . . T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . . . |
Data Raw: | 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/_VBA_PROJECT, File Type: data, Stream Size: 2821 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
File Type: | data |
Stream Size: | 2821 |
Entropy: | 4.25301737665 |
Base64 Encoded: | False |
Data ASCII: | . a y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . U . : . \\ . P . R . O . G . R . A . ~ . 1 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . |
Data Raw: | cc 61 79 00 00 01 00 ff 09 04 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_0, File Type: data, Stream Size: 1169 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_0 |
File Type: | data |
Stream Size: | 1169 |
Entropy: | 3.99317680234 |
Base64 Encoded: | False |
Data ASCII: | . K * y . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . . . . . . . . . . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ . . . ~ m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . f H { 4 . . . K . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . Q . . . . . . . . . . . . . . . . . . . . . . . . . 1 . . . . . . . . . . . . . . . . . . . |
Data Raw: | 93 4b 2a 79 01 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 00 00 00 00 00 00 01 00 02 00 00 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 00 01 00 00 80 00 00 00 80 00 00 00 80 00 00 00 04 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 01 00 00 7e 02 00 00 7e 6d 00 00 7f 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_1, File Type: data, Stream Size: 82 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_1 |
File Type: | data |
Stream Size: | 82 |
Entropy: | 2.2010509371 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 4 q . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 0a 00 00 00 09 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 09 00 00 00 00 00 03 00 ff ff ff ff 02 00 00 08 04 00 00 00 20 0a 31 34 71 00 00 7f 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_2, File Type: data, Stream Size: 136 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_2 |
File Type: | data |
Stream Size: | 136 |
Entropy: | 1.6161992012 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . ~ | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . k . . . . . . . |
Data Raw: | 72 55 80 00 00 00 80 00 00 00 80 00 00 00 80 00 00 00 02 00 00 7e 7c 00 00 7f 00 00 00 00 0e 00 00 00 09 00 00 00 00 00 00 00 09 00 00 00 00 00 03 00 08 00 00 00 00 00 02 00 01 00 01 00 00 00 00 00 30 00 00 00 0c 00 00 00 fc c6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 04 00 00 12 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/__SRP_3, File Type: data, Stream Size: 107 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/__SRP_3 |
File Type: | data |
Stream Size: | 107 |
Entropy: | 1.90767783468 |
Base64 Encoded: | False |
Data ASCII: | r U . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . ` . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . . . n . . . . . . . |
Data Raw: | 72 55 80 00 00 00 00 00 00 00 80 00 00 00 80 00 00 00 00 00 00 00 10 00 00 00 09 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff 00 00 00 00 08 00 00 00 04 00 24 00 81 00 00 00 00 00 02 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff 61 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6e 00 00 7f 00 00 00 00 |
Stream Path: _VBA_PROJECT_CUR/VBA/dir, File Type: data, Stream Size: 641 |
---|
General | |
---|---|
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
File Type: | data |
Stream Size: | 641 |
Entropy: | 6.36296368332 |
Base64 Encoded: | True |
Data ASCII: | . } . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . F T C O R P . X . N V . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . . 6 . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # U : \\ W I N D . O W S \\ s y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . . . . . . M S F o r m s > . . . . . . S . F . F . r . m . s . 3 . . . . . . E |
Data Raw: | 01 7d b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 46 54 43 4f 52 50 2e 58 88 4e 56 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 2e fa 87 36 04 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Network Behavior |
---|
No network behavior found |
---|
Code Manipulations |
---|
Statistics |
---|
System Behavior |
---|
General |
---|
Start time: | 00:48:36 |
Start date: | 18/08/2021 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13f030000 |
File size: | 27641504 bytes |
MD5 hash: | 5FB0A0F93382ECD19F5F499A5CAA59F0 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|