Loading... Additional Content is being loaded

Windows Analysis Report
April_2024.xlsx

Overview

General Information

Sample name:	April_2024.xlsx
Analysis ID:	1447845
MD5:	540d4503a8980abd04ae7d4a1893ad13
SHA1:	c2c3e388008debe8a5168a14a5a03195e01e3767
SHA256:	4d718458b777b4d4f03218570a02289fc75b794000166023554db12091e81a69

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Queries information about the installed CPU (vendor, model number etc)

Classification

Signatures

Source: excel.exe

Memory has grown: Private usage: 6MB later: 94MB

Source: classification engine

Classification label: clean0.winXLSX@1/0@0/3

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$April_2024.xlsx

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{861A0BA9-0AB9-4F74-8976-2FD20B785159} - OProcSessId.dat

Source: April_2024.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet6.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet7.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet8.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet9.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet10.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet11.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet12.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet13.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet14.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet6.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet7.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet8.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet9.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet11.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet12.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet13.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet14.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable1.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable2.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable3.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable4.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable5.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable1.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable4.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable6.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable7.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable5.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable6.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable7.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet10.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = docProps/thumbnail.wmf
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition1.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords1.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition4.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords4.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition5.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords5.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition6.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition7.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/tables/table1.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = docProps/custom.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings5.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition1.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition2.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition3.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition4.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition5.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings6.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings4.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings7.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/item2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/item3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: April_2024.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
52.109.28.46	unknown	United States		8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Name	Type	MD5	SHA1	SHA256

Source: excel.exe

Memory has grown: Private usage: 6MB later: 94MB

Source: classification engine

Classification label: clean0.winXLSX@1/0@0/3

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\Desktop\~$April_2024.xlsx

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\{861A0BA9-0AB9-4F74-8976-2FD20B785159} - OProcSessId.dat

Source: April_2024.xlsx

OLE indicator, Workbook stream: true

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

File read: C:\Users\desktop.ini

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet4.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet5.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet6.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet7.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet8.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet9.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet10.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet11.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet12.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet13.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/sheet14.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet4.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet6.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet7.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet8.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet9.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet11.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet12.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet13.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet14.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable1.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable2.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable3.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable4.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable5.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable1.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable4.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable6.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/_rels/pivotTable7.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable5.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable6.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotTables/pivotTable7.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet10.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = docProps/thumbnail.wmf
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition1.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords1.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition4.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords4.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition5.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheRecords5.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition6.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/pivotCacheDefinition7.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/itemProps3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/tables/table1.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings3.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = docProps/custom.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings5.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition1.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition2.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition3.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition4.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/pivotCache/_rels/pivotCacheDefinition5.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings6.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings4.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = xl/printerSettings/printerSettings7.bin
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/item2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/itemProps2.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/item3.xml
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/_rels/item2.xml.rels
Source: April_2024.xlsx	Initial sample: OLE zip file path = customXml/_rels/item3.xml.rels

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common

Source: April_2024.xlsx

Initial sample: OLE indicators vbamacros = False

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Process information queried: ProcessInformation

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0

Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid