Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll |
Jump to behavior |
Source: unknown |
HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49754 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49753 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49752 version: TLS 1.2 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 192.168.2.4:49752 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49752 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 192.168.2.4:49753 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49753 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: global traffic |
TCP traffic: 192.168.2.4:49754 -> 13.107.246.60:443 |
Source: global traffic |
TCP traffic: 13.107.246.60:443 -> 192.168.2.4:49754 |
Source: excel.exe |
Memory has grown: Private usage: 2MB later: 73MB |
Source: Joe Sandbox View |
IP Address: 13.107.246.60 13.107.246.60 |
Source: Joe Sandbox View |
JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1 |
Source: global traffic |
HTTP traffic detected: GET /rules/rule170012v12s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net |
Source: global traffic |
HTTP traffic detected: GET /rules/rule63067v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net |
Source: global traffic |
HTTP traffic detected: GET /rules/rule170022v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; Microsoft Excel 16.0.16827; Pro)Host: otelrules.azureedge.net |
Source: 57C8EDB95DF3F0AD4EE2DC2B8CFD4157.0.dr |
String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49754 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49753 |
Source: unknown |
Network traffic detected: HTTP traffic on port 443 -> 49752 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49752 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49754 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 49753 -> 443 |
Source: unknown |
HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49754 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49753 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:49752 version: TLS 1.2 |
Source: classification engine |
Classification label: clean4.winXLSX@3/3@0/1 |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xml |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File created: C:\Users\user\Desktop\~$Supplier Audit F7.4.1e Rev.xlsx |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File created: C:\Users\user\AppData\Local\Temp\{7AE56342-BB04-429D-8C6F-57FB19ECFFF5} - OProcSessId.dat |
Jump to behavior |
Source: Supplier Audit F7.4.1e Rev.xlsx |
OLE indicator, Workbook stream: true |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File read: C:\Users\desktop.ini |
Jump to behavior |
Source: unknown |
Process created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 |
|
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288 |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: Supplier Audit F7.4.1e Rev.xlsx |
Initial sample: OLE zip file path = xl/calcChain.xml |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Common |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
File opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dll |
Jump to behavior |
Source: Supplier Audit F7.4.1e Rev.xlsx |
Initial sample: OLE indicators vbamacros = False |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Process information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Window / User API: threadDelayed 965 |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Last function: Thread delayed |
Source: C:\Windows\splwow64.exe |
Last function: Thread delayed |
Source: C:\Windows\splwow64.exe |
Thread delayed: delay time: 120000 |
Jump to behavior |
Source: C:\Windows\splwow64.exe |
Thread delayed: delay time: 120000 |
Jump to behavior |
Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE |
Process information queried: ProcessInformation |
Jump to behavior |