wsq_7201.xls
| Engine | Download Report | Detection | Info |
|---|---|---|---|
|
malicious
Score: 72
|
System: Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
|
|
|
|
malicious
Score: 64
|
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Potential for more IOCs and behavior
|
| Name | Detection |
|---|---|
| http://www.%s.comPA |  |
| http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous. | |
| Name | File Type | Hashes | Detection |
|---|---|---|---|
C:\Users\user\AppData\Local\Temp\87CE0000 |
data | # | |
C:\Users\user\AppData\Local\Temp\STSM.dat |
VISX image file | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Sun Oct 18 15:52:36 2020, atime=Sun Oct 18 15:52:36 2020, length=8192, window=hide | # | |
| Click to see the 3 hidden entries | |||
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat |
ASCII text, with CRLF line terminators | # | |
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\wsq_7201.LNK |
MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:10 2020, mtime=Sun Oct 18 15:52:36 2020, atime=Sun Oct 18 15:52:36 2020, length=44032, window=hide | # | |
C:\Users\user\Desktop\18CE0000 |
Applesoft BASIC program data, first line number 16 | # | |
