Windows Analysis Report Faturados_Externo_26_09.xls

Overview

General Information

Sample Name: Faturados_Externo_26_09.xls
Analysis ID: 491709
MD5: bb5c37e33e7e1fb9bb7b13960aad6b27
SHA1: 03066751e384c6b9c7df910cd01844f86cbaa43b
SHA256: 002b87472b1991ce420fbaccf76e14620aaf567ee11e2081a559dcefab05fef5
Tags: geoPRTxls
Infos:

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

Document contains an embedded VBA macro which executes code when the document is opened / closed

Classification

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B250F412.emf Jump to behavior

System Summary:

barindex
Document contains an embedded VBA macro which executes code when the document is opened / closed
Source: VBA code instrumentation OLE, VBA macro: Module M\xf3dulo1, Function Auto_Open Name: Auto_Open
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE File created: C:\Users\user\AppData\Local\Temp\CVR7C31.tmp Jump to behavior
Source: classification engine Classification label: clean0.winXLS@1/3@0/0
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Automated click: OK
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Automated click: OK
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Automated click: OK
Source: Window Recorder Window detected: More than 3 window changes detected
Source: Faturados_Externo_26_09.xls Static file information: File size 6468096 > 1048576
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE Process information set: NOOPENFILEERRORBOX Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 491709 Sample: Faturados_Externo_26_09.xls Startdate: 27/09/2021 Architecture: WINDOWS Score: 0 4 EXCEL.EXE 143 17 2->4         started       
No contacted IP infos