Windows Analysis Report Faturados_Externo_26_09.xls
Overview
General Information
Detection
Score: | 0 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
Process Tree |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
No Sigma rule has matched |
---|
Jbx Signature Overview |
---|
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | File opened: | Jump to behavior |
Source: | Memory has grown: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | OLE, VBA macro: | Name: Auto_Open |
Source: | File created: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Classification label: |
Source: | File read: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static file information: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Mitre Att&ck Matrix |
---|
Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Exfiltration | Command and Control | Network Effects | Remote Service Effects | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Valid Accounts | Scripting1 | Path Interception | Extra Window Memory Injection1 | Masquerading1 | OS Credential Dumping | File and Directory Discovery1 | Remote Services | Data from Local System | Exfiltration Over Other Network Medium | Data Obfuscation | Eavesdrop on Insecure Network Communication | Remotely Track Device Without Authorization | Modify System Partition |
Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | Scripting1 | LSASS Memory | System Information Discovery2 | Remote Desktop Protocol | Data from Removable Media | Exfiltration Over Bluetooth | Junk Data | Exploit SS7 to Redirect Phone Calls/SMS | Remotely Wipe Data Without Authorization | Device Lockout |
Domain Accounts | At (Linux) | Logon Script (Windows) | Logon Script (Windows) | Extra Window Memory Injection1 | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | Automated Exfiltration | Steganography | Exploit SS7 to Track Device Location | Obtain Device Cloud Backups | Delete Device Data |
Behavior Graph |
---|
Screenshots |
---|
Thumbnails
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Antivirus, Machine Learning and Genetic Malware Detection |
---|
Initial Sample |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Dropped Files |
---|
No Antivirus matches |
---|
Unpacked PE Files |
---|
No Antivirus matches |
---|
Domains |
---|
No Antivirus matches |
---|
URLs |
---|
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | URL Reputation | safe | ||
0% | Avira URL Cloud | safe |
Domains and IPs |
---|
Contacted Domains |
---|
No contacted domains info |
---|
URLs from Memory and Binaries |
---|
Name | Source | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false | high | |||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| unknown | ||
false | high | |||
false |
| unknown | ||
false |
| low | ||
false | high |
Contacted IPs |
---|
No contacted IP infos |
---|
General Information |
---|
Joe Sandbox Version: | 33.0.0 White Diamond |
Analysis ID: | 491709 |
Start date: | 27.09.2021 |
Start time: | 20:33:44 |
Joe Sandbox Product: | CloudBasic |
Overall analysis duration: | 0h 6m 41s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Sample file name: | Faturados_Externo_26_09.xls |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211 |
Run name: | Potential for more IOCs and behavior |
Number of analysed new started processes analysed: | 11 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Detection: | CLEAN |
Classification: | clean0.winXLS@1/4@0/0 |
Cookbook Comments: |
|
Warnings: | Show All
|
Simulations |
---|
Behavior and APIs |
---|
No simulations |
---|
Joe Sandbox View / Context |
---|
Created / dropped Files |
---|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 138701 |
Entropy (8bit): | 5.360733266434256 |
Encrypted: | false |
SSDEEP: | 1536:+cQIKNZeBdA3gBwfnQ9DQW+z2Y34Zli7nXboOidX8E6LWME9:lWQ9DQW+z6Xh1 |
MD5: | EA5D73D20641058609F3ADE1067F1245 |
SHA1: | CC453919CCBBA61E77B8F621232E0299B0768010 |
SHA-256: | 8A84ADAF927D4B7F7138C503757E957D5814C4E8B35093DA1FC5399D894DA1B1 |
SHA-512: | 2E34A49C7482E2D125C3CCF65650B597D6DD894727667B78E37976E5E7FB194CC27518B10C9B352BD56B4422EE77CF1694A75B44654BD61C85E4CFCBE1EEB3A7 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2804 |
Entropy (8bit): | 2.6224368355147445 |
Encrypted: | false |
SSDEEP: | 24:YAtE+Y0xEjrlbDK3XHqYdV7C2tEDEcq4nJssdCqzvYDy22PEnOds6gAMToFM166q:dmDKnZJdtJcqCJssdCqzvy7imTo |
MD5: | 14FC01BED46EB78EB1F149A96B852DBF |
SHA1: | 156279B5667F0ECFC5ECC1E73E6F5F6B0AB2FCBD |
SHA-256: | BC79B5AF0298E761109C737731B9832513C86254DC84CABFD6C2C93C813E3A42 |
SHA-512: | 97E0CE4DA26D7239A43F8590E4BBF86FD4C90DE60D8D4F8F9AD9176E4F0F21A5147D4A3B01CC06D9080F4682975C7179D67C9DE6EA1B8CB779918AAFBE4F8D9E |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 2708 |
Entropy (8bit): | 2.5786874272687887 |
Encrypted: | false |
SSDEEP: | 24:YWtEK0iSjIEbAFl1dLMHoaYxD6xZ0Hv539Dv28fEhzds6gh/DA:LLEcFlDoIam53Be8wIE |
MD5: | C44F1D185564C8F67F6AA4B5816D39C5 |
SHA1: | 0C2824967371BED57208D775A41F27FA5F67076E |
SHA-256: | 0D97E2158715C2464899F235E76F91BAFBBF4ABEC8E4EA8B5854EC4D7AFE0E21 |
SHA-512: | 1C7D6A91B45468FE64484D06AA5653D3CBB401B9E4C8F7D9B2083912526FF01BB96E7FFBABD0F62EA135EE603364684AEC1548A691850332A6FADBC1E5C67CB9 |
Malicious: | false |
Reputation: | low |
Preview: |
|
Process: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 248808 |
Entropy (8bit): | 4.291083963049068 |
Encrypted: | false |
SSDEEP: | 3072:XzuSNQT8WZFVKKHSRDqBcA+FLM0Ar6t3s6bh:XzlNQAMFVTHSIcA+FLM0Awjbh |
MD5: | 55DF7CB1D2449438B44C234E2F035524 |
SHA1: | A5435D19D53BC5406A14D4D5473054CA24C07402 |
SHA-256: | 4F02C73E5BE9C15EEE7E5A58DA8A662372F6EF276AC4E7E3D9C16ABB1F7078CE |
SHA-512: | B9135D660C6399811DC02F4C77CDB143FB43E7C7ED1F573BEC6EB2562632E4B01626D5298F5E281D06BE8B88564DFE94233A32CC23F3E81AAA89137A9AC0DF3D |
Malicious: | false |
Reputation: | low |
Preview: |
|
Static File Info |
---|
General | |
---|---|
File type: | |
Entropy (8bit): | 7.504037198033761 |
TrID: |
|
File name: | Faturados_Externo_26_09.xls |
File size: | 6468096 |
MD5: | bb5c37e33e7e1fb9bb7b13960aad6b27 |
SHA1: | 03066751e384c6b9c7df910cd01844f86cbaa43b |
SHA256: | 002b87472b1991ce420fbaccf76e14620aaf567ee11e2081a559dcefab05fef5 |
SHA512: | 6c8b98b91e9ed390cd6b77ea3d0a077aefa6caf2465d6386574a0a7aa31a38163351b67c2eeb3962753c12eef510fb86a8880e30d63efaf158694e74286c5c59 |
SSDEEP: | 196608:uQfhzNeEyOb5U4TzBLqKU7zgqTvFV21Xq1kYTqE3ZpMf1m+K+76P5veG2cn:npReEzdUVKUQqTvFV/1kYuEZKfs+p7AH |
File Content Preview: | ........................>...................c...................................c.......e.......g.......i.......k.......m.......o.......q.......s.......u.......w.......y.......{.......}...............a.......c.......e.......g.......i.......k.......m...... |
File Icon |
---|
Icon Hash: | 74ecd4c6c3c6c4d8 |
Network Behavior |
---|
Network Port Distribution |
---|
UDP Packets |
---|
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 27, 2021 20:34:39.267716885 CEST | 57820 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:34:39.285800934 CEST | 53 | 57820 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:34:50.538496017 CEST | 50848 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:34:50.621289015 CEST | 53 | 50848 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:01.330779076 CEST | 61242 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:01.362319946 CEST | 53 | 61242 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:01.959630013 CEST | 58562 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:01.986485004 CEST | 53 | 58562 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:02.222446918 CEST | 56590 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:02.258907080 CEST | 53 | 56590 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:02.382972002 CEST | 60501 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:02.396140099 CEST | 53 | 60501 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:03.360610008 CEST | 53775 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:03.374425888 CEST | 53 | 53775 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:05.268197060 CEST | 51837 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:05.281961918 CEST | 53 | 51837 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:10.411232948 CEST | 55411 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:10.441078901 CEST | 53 | 55411 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:15.767214060 CEST | 63668 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:15.800151110 CEST | 53 | 63668 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:15.969851971 CEST | 54640 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:15.982896090 CEST | 53 | 54640 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:16.472429991 CEST | 58739 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:16.527059078 CEST | 53 | 58739 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:16.937247038 CEST | 60338 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:16.950819016 CEST | 53 | 60338 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:17.211555004 CEST | 58717 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:17.224188089 CEST | 53 | 58717 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:17.624660015 CEST | 59762 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:17.705667973 CEST | 53 | 59762 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:18.026458025 CEST | 54329 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:18.039784908 CEST | 53 | 54329 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:18.468652010 CEST | 58052 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:18.483472109 CEST | 53 | 58052 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:19.036345959 CEST | 54008 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:19.050621986 CEST | 53 | 54008 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:19.515542030 CEST | 59451 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:19.581887007 CEST | 53 | 59451 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:19.869642019 CEST | 52914 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:19.883462906 CEST | 53 | 52914 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:23.115374088 CEST | 64569 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:23.190433979 CEST | 53 | 64569 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:23.813245058 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:23.844614029 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:24.813949108 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:24.849855900 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:25.860825062 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:25.920773029 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:27.881825924 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:27.921606064 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:31.908091068 CEST | 52816 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:31.948730946 CEST | 53 | 52816 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:32.631789923 CEST | 50781 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:32.674144983 CEST | 53 | 50781 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:44.540184975 CEST | 54230 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:44.548353910 CEST | 54911 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:44.553406000 CEST | 53 | 54230 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:44.577534914 CEST | 53 | 54911 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:35:48.888216019 CEST | 49958 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:35:48.902065992 CEST | 53 | 49958 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:36:21.822010040 CEST | 50860 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:36:21.853615999 CEST | 53 | 50860 | 8.8.8.8 | 192.168.2.7 |
Sep 27, 2021 20:36:23.466706038 CEST | 50452 | 53 | 192.168.2.7 | 8.8.8.8 |
Sep 27, 2021 20:36:23.496978998 CEST | 53 | 50452 | 8.8.8.8 | 192.168.2.7 |
Code Manipulations |
---|
Statistics |
---|
CPU Usage |
---|
Click to jump to process
Memory Usage |
---|
Click to jump to process
High Level Behavior Distribution |
---|
back
Click to dive into process behavior distribution
System Behavior |
---|
General |
---|
Start time: | 20:35:21 |
Start date: | 27/09/2021 |
Path: | C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE |
Wow64 process (32bit): | true |
Commandline: | |
Imagebase: | 0x1350000 |
File size: | 27110184 bytes |
MD5 hash: | 5D6638F2C8F8571C593999C58866007E |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Disassembly |
---|
Call Graph |
---|
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: EstaPasta_de_trabalho |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "EstaPasta_de_trabalho" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: M\xf3dulo1 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "M\xf3dulo1" |
Executed Functions |
---|
APIs | Meta Information |
---|---|
WindowState | |
xlNormal | |
Width | |
Height | |
InputBox | |
InputBox | |
EnableCancelKey | |
xlDisabled | |
Cells | |
Protect | |
Unprotect | |
Activate | |
Select | |
Activate | |
Find | |
ActiveCell | |
xlValues | |
xlWhole | |
xlByRows | |
xlNext | |
Row | |
Cells | |
Activate | |
Select | |
AutoFilter | |
AutoFilter | |
Select | |
Select | |
Copy | |
Activate | |
Select | |
Paste | |
Select | |
Select | |
Select | |
CutCopyMode | |
AutoFilter | |
Activate | |
Protect | |
WindowState | |
xlMaximized | |
EnableCancelKey | |
xlInterrupt | |
MsgBox | |
Protect | |
EnableCancelKey | |
xlInterrupt | |
Close | |
WindowState | |
xlMaximized | |
MsgBox | |
Protect | |
EnableCancelKey | |
xlInterrupt | |
Close | |
WindowState | |
xlMaximized |
Strings | Decrypted Strings |
---|---|
"Qual o c\xf3digo de cliente ?" | |
"Favor digitar a senha da planilha." | |
"Apoio" | |
"""" | |
"""" | |
"Clientes" | |
"Clientes" | |
"A:A" | |
"A1" | |
"9:9" | |
"A1" | |
"Clientes" | |
"Final" | |
"IV65536" | |
"Lista Pendentes" | |
"Lista Pendentes" | |
"Lista Pendentes" | |
"9:9" | |
"A1" | |
"IV65536" | |
"Final" | |
"A1" | |
"A1" | |
"Lista Pendentes" | |
"A1" | |
"Lista Pendentes" | |
"Clientes" | |
"Final" | |
"O c\xf3digo do cliente n\xe3o confere." | |
"A senha do cliente n\xe3o confere." |
Line | Instruction | Meta Information |
---|---|---|
2 | Sub Auto_Open() | |
3 | Attribute Auto_Open.VB_Description = "Macro gravada em 27/8/2008 por Mauro R Mello" | executed |
4 | Attribute Auto_Open.VB_ProcData.VB_Invoke_Func = " \n14" ' BAD ! | |
11 | On Error Goto Pula1 | |
13 | Application.WindowState = xlNormal | WindowState xlNormal |
14 | Application.Width = 127.5 | Width |
15 | Application.Height = 30.75 | Height |
17 | Codigo = InputBox("Qual o c\xf3digo de cliente ?") | InputBox |
19 | SenhaCliente = InputBox("Favor digitar a senha da planilha.") | InputBox |
21 | Application.EnableCancelKey = xlDisabled | EnableCancelKey xlDisabled |
23 | SenhaPlanilha = Sheets("Apoio").Cells(1, 1).Value | Cells |
25 | ActiveWorkbook.Protect Password := SenhaPlanilha, Structure := True, Windows := True | Protect |
27 | ActiveWorkbook.Unprotect Password := SenhaPlanilha | Unprotect |
30 | If Codigo = "" Then | |
30 | Goto PulaCodigo | |
30 | Endif | |
31 | If SenhaCliente = "" Then | |
31 | Goto PulaSenha | |
31 | Endif | |
33 | Sheets("Clientes").Visible = True | |
34 | Sheets("Clientes").Activate | Activate |
35 | Columns("A:A").Select | Select |
36 | Range("A1").Activate | Activate |
43 | Set Existe = Selection.Find(What := Codigo, After := ActiveCell, LookIn := xlValues, LookAt := xlWhole, SearchOrder := xlByRows, SearchDirection := xlNext, MatchCase := False) | Find ActiveCell xlValues xlWhole xlByRows xlNext |
47 | If Not Existe Is Nothing Then | |
51 | LinhaExiste = Existe.Row | Row |
52 | Senha = Cells(LinhaExiste, 3).Value | Cells |
53 | Else | |
54 | Goto PulaCodigo | |
55 | Endif | |
57 | If SenhaCliente = Senha Then | |
59 | Sheets("Lista Pendentes").Visible = True | |
60 | Sheets("Lista Pendentes").Activate | Activate |
61 | Rows("9:9").Select | Select |
62 | Selection.AutoFilter | AutoFilter |
63 | Selection.AutoFilter Field := 4, Criteria1 := Codigo | AutoFilter |
64 | Range("A1", "IV65536").Select | Select |
66 | Selection.SpecialCells(xlCellTypeVisible).Select | Select |
68 | Selection.Copy | Copy |
69 | Sheets("Final").Activate | Activate |
70 | Range("A1").Select | Select |
71 | ActiveSheet.Paste | Paste |
72 | Range("A1").Select | Select |
73 | Sheets("Lista Pendentes").Select | Select |
74 | Range("A1").Select | Select |
75 | Application.CutCopyMode = False | CutCopyMode |
76 | Selection.AutoFilter | AutoFilter |
77 | Sheets("Lista Pendentes").Visible = False | |
78 | Sheets("Clientes").Visible = False | |
79 | Sheets("Final").Activate | Activate |
81 | ActiveWorkbook.Protect Password := SenhaPlanilha, Structure := True, Windows := True | Protect |
83 | Application.WindowState = xlMaximized | WindowState xlMaximized |
85 | Else | |
87 | Goto PulaSenha | |
89 | Endif | |
90 | Application.EnableCancelKey = xlInterrupt | EnableCancelKey xlInterrupt |
91 | Exit Sub | |
92 | PulaCodigo: | |
94 | MsgBox ("O c\xf3digo do cliente n\xe3o confere.") | MsgBox |
94 | Pula1: | |
96 | ActiveWorkbook.Protect Password := SenhaPlanilha, Structure := True, Windows := True | Protect |
97 | Application.EnableCancelKey = xlInterrupt | EnableCancelKey xlInterrupt |
98 | ActiveWorkbook.Close Savechanges := False | Close |
99 | Application.WindowState = xlMaximized | WindowState xlMaximized |
100 | Exit Sub | |
101 | PulaSenha: | |
103 | MsgBox ("A senha do cliente n\xe3o confere.") | MsgBox |
104 | ActiveWorkbook.Protect Password := SenhaPlanilha, Structure := True, Windows := True | Protect |
105 | Application.EnableCancelKey = xlInterrupt | EnableCancelKey xlInterrupt |
106 | ActiveWorkbook.Close Savechanges := False | Close |
107 | Application.WindowState = xlMaximized | WindowState xlMaximized |
108 | Exit Sub | |
110 | End Sub |
Module: Plan1 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "Plan1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
9 | Attribute VB_Control = "CommandButton1, 1, 0, MSForms, CommandButton" |
Non-Executed Functions |
---|
APIs | Meta Information |
---|---|
Cells | |
Activate | |
Delete | |
Protect |
Strings | Decrypted Strings |
---|---|
"Apoio" | |
"Lista Pendentes" | |
"Clientes" | |
"Final" | |
"Final" |
Line | Instruction | Meta Information |
---|---|---|
13 | Private Sub CommandButton1_Click() | |
15 | SenhaOutput = Sheets("Apoio").Cells(1, 1).Value | Cells |
17 | Sheets("Lista Pendentes").Visible = False | |
18 | Sheets("Clientes").Visible = False | |
19 | Sheets("Final").Activate | Activate |
20 | Sheets("Final").Cells.Delete | Delete |
22 | ActiveWorkbook.Protect Password := SenhaOutput, Structure := True, Windows := True | Protect |
24 | End Sub |
Module: Plan2 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "Plan2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Plan3 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "Plan3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Plan4 |
---|
Declaration |
---|
Line | Content |
---|---|
1 | Attribute VB_Name = "Plan4" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
9 | Attribute VB_Control = "CommandButton1, 1, 0, MSForms, CommandButton" |
Non-Executed Functions |
---|
APIs | Meta Information |
---|---|
Cells | |
Protect | |
InputBox | |
Unprotect | |
Activate |
Strings | Decrypted Strings |
---|---|
"Apoio" | |
"Digite a senha para esta opera\xe7\xe3o." | |
"Lista Pendentes" | |
"Clientes" | |
"Lista Pendentes" |
Line | Instruction | Meta Information |
---|---|---|
13 | Private Sub CommandButton1_Click() | |
15 | SenhaInput = Sheets("Apoio").Cells(1, 1).Value | Cells |
17 | ActiveWorkbook.Protect Password := SenhaInput, Structure := True, Windows := True | Protect |
19 | SenhaDela = InputBox("Digite a senha para esta opera\xe7\xe3o.") | InputBox |
21 | If SenhaInput <> SenhaDela Then | |
22 | Goto Fim | |
23 | Else | |
24 | ActiveWorkbook.Unprotect Password := SenhaInput | Unprotect |
25 | Sheets("Lista Pendentes").Visible = True | |
26 | Sheets("Clientes").Visible = True | |
28 | Sheets("Lista Pendentes").Activate | Activate |
29 | Endif | |
30 | Fim: | |
32 | End Sub |