| Source: sample20220124-01.xls |
Avira: detected |
| Source: sample20220124-01.xls |
Virustotal: Detection: 10% |
Perma Link |
| Source: sample20220124-01.xls |
ReversingLabs: Detection: 11% |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
| Source: Initial sample |
OLE, VBA macro line: Ursnif specific tokens |
| Source: sample20220124-01.xls |
OLE, VBA macro line: Workbooks.Application.DisplayAlerts = False: Application.Quit |
|
| Source: sample20220124-01.xls |
OLE, VBA macro line: ActiveSheet.Visible = 0 |
|
| Source: sample20220124-01.xls |
OLE indicator, VBA macros: true |
| Source: 41FF.tmp.0.dr |
OLE stream indicators for Word, Excel, PowerPoint, and Visio: all false |
| Source: sample20220124-01.xls |
Virustotal: Detection: 10% |
| Source: sample20220124-01.xls |
ReversingLabs: Detection: 11% |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File created: C:\Users\user\AppData\Local\Temp\CVRDBAE.tmp |
Jump to behavior |
| Source: sample20220124-01.xls |
OLE indicator, Workbook stream: true |
| Source: classification engine |
Classification label: mal68.bank.expl.winXLS@1/4@0/0 |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File read: C:\Users\desktop.ini |
Jump to behavior |
| Source: Window Recorder |
Window detected: More than 3 window changes detected |
| Source: sample20220124-01.xls |
Initial sample: OLE summary comments = DATA ORA |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
| Source: 41FF.tmp.0.dr |
Initial sample: OLE indicators vbamacros = False |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
| Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet