Source: zJ2b57acTF.xlsx |
Metadefender: Detection: 22% |
Perma Link |
Source: zJ2b57acTF.xlsx |
ReversingLabs: Detection: 41% |
Source: Yara match |
File source: .rels, type: SAMPLE |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
Source: .rels, type: SAMPLE |
Matched rule: SUSP_PS1_Msdt_Execution_May22 date = 2022-05-31, author = Nasreddine Bencherchali, Christian Burkard, description = Detects suspicious calls of msdt.exe as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-06-20 |
Source: .rels, type: SAMPLE |
Matched rule: EXPL_Follina_CVE_2022_30190_Msdt_MSProtocolURI_May22 date = 2022-05-30, author = Tobias Michalski, Christian Burkard, description = Detects the malicious usage of the ms-msdt URI as seen in CVE-2022-30190 / Follina exploitation, score = , reference = https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e, modified = 2022-05-31, hash = 4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: zJ2b57acTF.xlsx |
Metadefender: Detection: 22% |
Source: zJ2b57acTF.xlsx |
ReversingLabs: Detection: 41% |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File created: C:\Users\user\AppData\Local\Temp\CVR623B.tmp |
Jump to behavior |
Source: classification engine |
Classification label: mal56.expl.winXLSX@1/1@0/0 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File created: C:\Users\user\Desktop\~$zJ2b57acTF.xlsx |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |