Edit tour

Windows Analysis Report
excel_to_csv.exe

Overview

General Information

Sample Name:	excel_to_csv.exe
Analysis ID:	876172
MD5:	8c9d9e2a95630340d8905a5e35e069df
SHA1:	ad464099b144c3f4c375ea7edabf64fa0394d440
SHA256:	f7ce072c158dd52db89746d4552b80ea4fd890f90e6fde3176ef05d836799889
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	60%

Signatures

Queries the volume information (name, serial number etc) of a device

Drops PE files

PE file contains sections with non-standard names

Found dropped PE file which has not been started or loaded

Creates a process in suspended mode (likely to inject code)

Abnormal high CPU Usage

Classification

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox

Sample searches for specific file, try point organization specific fake files to the analysis machine

Process Tree

System is w10x64_ra

excel_to_csv.exe (PID: 3716 cmdline: C:\Users\user\Desktop\excel_to_csv.exe MD5: 8C9D9E2A95630340D8905A5E35E069DF)

conhost.exe (PID: 6720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: C5E9B1D1103EDCEA2E408E9497A5A88F)

excel_to_csv.exe (PID: 3516 cmdline: C:\Users\user\Desktop\excel_to_csv.exe MD5: 8C9D9E2A95630340D8905A5E35E069DF)

cleanup

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\IPython\testing\plugin\README.txt
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\jedi\third_party\django-stubs\LICENSE.txt
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\lxml\isoschematron\resources\xsl\iso-schematron-xslt1\readme.txt
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\mpl-data\fonts\pdfcorefonts\readme.txt
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\mpl-data\sample_data\README.txt

Source: excel_to_csv.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\excel_to_csv.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI37162\IPython\testing\plugin\
Source: C:\Users\user\Desktop\excel_to_csv.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI37162\IPython\testing\plugin\test_exampleip.txt
Source: C:\Users\user\Desktop\excel_to_csv.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI37162\IPython\testing\plugin\test_combo.txt
Source: C:\Users\user\Desktop\excel_to_csv.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI37162\IPython\testing\
Source: C:\Users\user\Desktop\excel_to_csv.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI37162\IPython\testing\plugin\README.txt
Source: C:\Users\user\Desktop\excel_to_csv.exe	File opened: C:\Users\user\AppData\Local\Temp\_MEI37162\IPython\testing\plugin\test_example.txt

Source: C:\Users\user\Desktop\excel_to_csv.exe

Process Stats: CPU usage > 98%

Source: C:\Users\user\Desktop\excel_to_csv.exe

File read: C:\Users\user\Desktop\excel_to_csv.exe

Source: excel_to_csv.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\excel_to_csv.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown	Process created: C:\Users\user\Desktop\excel_to_csv.exe C:\Users\user\Desktop\excel_to_csv.exe
Source: C:\Users\user\Desktop\excel_to_csv.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\excel_to_csv.exe	Process created: C:\Users\user\Desktop\excel_to_csv.exe C:\Users\user\Desktop\excel_to_csv.exe
Source: C:\Users\user\Desktop\excel_to_csv.exe	Process created: C:\Users\user\Desktop\excel_to_csv.exe C:\Users\user\Desktop\excel_to_csv.exe

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:120:WilError_02
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6720:304:WilStaging_02

Source: C:\Users\user\Desktop\excel_to_csv.exe

File created: C:\Users\user\AppData\Local\Temp\_MEI37162

Source: classification engine

Classification label: clean3.winEXE@4/2051@0/0

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: excel_to_csv.exe

Static file information: File size 83099953 > 1048576

Source: excel_to_csv.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: excel_to_csv.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: excel_to_csv.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: excel_to_csv.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: excel_to_csv.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: excel_to_csv.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: excel_to_csv.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: excel_to_csv.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: excel_to_csv.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: excel_to_csv.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: excel_to_csv.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: excel_to_csv.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: excel_to_csv.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: excel_to_csv.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: excel_to_csv.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\scipy\spatial\ckdtree.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_queue.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\ft2font.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libffi-7.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\liblbfgsb.HQ462J2S775YLZ6OYJPNA7SNCTWTY6AB.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\scipy\spatial\qhull.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\win32com\shell\shell.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\lxml\_elementpath.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\scipy\special\_ellip_harm_2.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libslsqp_op.RGGN6ZOFD2K47X7YRNDYCM7JFP4AGLER.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\cryptography\hazmat\bindings\_openssl.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libbispeu.7AH3PCQ2E2NGLC3AQD7FFAH73KGJTZCJ.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\zmq\backend\cython\constants.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_lzma.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_overlapped.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libdqag.T72IVSWBZWMEWPRL5GUSWXG7YX5SIDL7.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\coverage\tracer.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libopenblas.JPIJNSWNNAN3CE6LLI5FWSPHUT2VXMTH.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\numpy\random\bit_generator.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\numpy\linalg\_umath_linalg.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_asyncio.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\_path.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\zmq\backend\cython\_version.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\zmq\backend\cython\_poll.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\lxml\builder.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_socket.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\numpy\random\_sfc64.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_uuid.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\lxml\html\diff.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\markupsafe\_speedups.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\tk86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\numpy\random\mtrand.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\select.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\zmq\backend\cython\socket.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\zmq\backend\cython\_device.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libssl-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\backends\_backend_agg.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libvode-f2p.Z7T4MYZRC7MVAUK7R5P6DZADGJ7D4QHD.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_cffi_backend.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libblkdta00.Z3GYF4GUBRAGBA7HTIDJSL6GHRNSZC4A.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libwrap_dum.QD25TO26BDFHQJ5N4TUPA4PKC25WONPQ.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\zmq\backend\cython\utils.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libbanded5x.UC7I2QORE7WXBZMGM667KLMAZ5BHRGMF.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\scipy\special\cython_special.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\win32api.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\lxml\etree.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\tcl86t.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\_tri.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libdfitpack.VPRJUWUEP6U577QBCGTTCCFXB3222T4I.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\scipy\special\specfun.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\sqlite3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_hashlib.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libcrypto-1_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\numpy\random\_bounded_integers.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\vcruntime140_1.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\pandas\_libs\groupby.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\zmq\backend\cython\message.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\scipy\special\_ufuncs.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\scipy\stats\mvn.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libd_odr.T6HJADSG7NXVV53PGDPMBVBPNAY5DCRV.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\_qhull.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_multiprocessing.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libansari.R6EA3HQP5KZ6TAXU4Y4ZVTRPT7UVA53Z.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\PIL\_webp.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\numpy\fft\_pocketfft_internal.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\win32pdh.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\unicodedata.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\numpy\random\_common.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\win32security.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\scipy\spatial\_voronoi.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\zmq\backend\cython\_proxy_steerable.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_tkinter.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\_image.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libmvndst.RDHNECQ4LTGAG44TTDYZZ5ZBHXLFUU6E.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_decimal.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\VCRUNTIME140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\_contour.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\PIL\_imagingtk.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\matplotlib\_ttconv.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_bz2.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\mfc140u.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\numpy\random\_pcg64.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\lib_blas_su.ZGZGBHY3USY2DZYMC6A7FXFYWQOXEGEU.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libgetbreak.WITV2EKEUBR7JIJUE2V7RRCPJZ5HFUMD.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\concrt140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\_sqlite3.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\lxml\sax.cp39-win_amd64.pyd	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\lib_arpack-.OK6465BFOHXDMFH3NXOHUTABLFW6ORTH.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe	File created: C:\Users\user\AppData\Local\Temp\_MEI37162\libwrap_dum.QAR7EKHNJKPFYLLEUOEPIWK73NUFV4MM.gfortran-win_amd64.dll	Jump to dropped file
Source: C:\Users\user\Desktop\excel_to_csv.exe

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report
excel_to_csv.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

System Summary

Data Obfuscation

Persistence and Installation Behavior

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report excel_to_csv.exe

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

Process Tree

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

Spreading

System Summary

Data Obfuscation

Persistence and Installation Behavior

Windows Analysis Report
excel_to_csv.exe