Payment.8560.xls
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
Score: 56
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
|
malicious
Score: 56
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
| Name | Detection |
|---|---|
| http://www.%s.comPA |  |
| http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Local\Temp\01DE0000 |
data | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Fri Oct 16 04:28:38 2020, atime=Fri Oct 16 04:28:38 2020, length=12288, window=hide | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Payment.8560.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:12 2020, mtime=Fri Oct 16 04:28:38 2020, atime=Fri Oct 16 04:28:38 2020, length=41984, window=hide | # | |
| Click to see the 2 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\Desktop\71DE0000 |
Applesoft BASIC program data, first line number 16 | # | |
