Windows
Analysis Report
PO554830092024.xls
Overview
General Information
Detection
Score: | 64 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Classification
- System is w7x64
- EXCEL.EXE (PID: 3220 cmdline:
"C:\Progra m Files\Mi crosoft Of fice\Offic e14\EXCEL. EXE" /auto mation -Em bedding MD5: D53B85E21886D2AF9815C377537BCAC3)
- cleanup
System Summary |
---|
Source: | Author: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0", Tim Shelton: |
Source: | Author: X__Junior (Nextron Systems): |
Source: | Author: frack113: |
Timestamp | SID | Severity | Classtype | Source IP | Source Port | Destination IP | Destination Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-30T10:09:28.934177+0200 | 2024449 | 1 | Attempted User Privilege Gain | 192.168.2.22 | 49162 | 72.5.43.53 | 80 | TCP |
2024-09-30T10:10:08.887834+0200 | 2024449 | 1 | Attempted User Privilege Gain | 192.168.2.22 | 49164 | 72.5.43.53 | 80 | TCP |
Click to jump to signature section
AV Detection |
---|
Source: | Virustotal: | Perma Link | ||
Source: | ReversingLabs: |
Source: | Joe Sandbox ML: |
Source: | File opened: | Jump to behavior |
Source: | HTTPS traffic detected: |
Source: | DNS query: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: | ||
Source: | TCP traffic: |
Networking |
---|
Source: | Suricata IDS: | ||
Source: | Suricata IDS: |
Source: | ASN Name: |
Source: | JA3 fingerprint: |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | File created: | Jump to behavior |
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: | ||
Source: | HTTP traffic detected: |
Source: | DNS traffic detected: |
Source: | String found in binary or memory: |
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | HTTPS traffic detected: |
System Summary |
---|
Source: | OLE: | ||
Source: | OLE: |
Source: | OLE indicator, VBA macros: |
Source: | Classification label: |
Source: | File created: | Jump to behavior |
Source: | File created: | Jump to behavior |
Source: | OLE indicator, Workbook stream: | ||
Source: | OLE indicator, Workbook stream: |
Source: | File read: | Jump to behavior |
Source: | Key opened: | Jump to behavior |
Source: | Virustotal: | ||
Source: | ReversingLabs: |
Source: | Window detected: |
Source: | Key opened: | Jump to behavior |
Source: | File opened: | Jump to behavior |
Source: | Initial sample: |
Source: | Initial sample: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Stream path 'Workbook' entropy: | ||
Source: | Stream path 'Workbook' entropy: |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | 1 Scripting | Valid Accounts | 3 Exploitation for Client Execution | 1 Scripting | Path Interception | 1 Masquerading | OS Credential Dumping | 1 File and Directory Discovery | Remote Services | Data from Local System | 1 Encrypted Channel | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | Boot or Logon Initialization Scripts | 1 Obfuscated Files or Information | LSASS Memory | 2 System Information Discovery | Remote Desktop Protocol | Data from Removable Media | 2 Non-Application Layer Protocol | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | Obfuscated Files or Information | Security Account Manager | Query Registry | SMB/Windows Admin Shares | Data from Network Shared Drive | 13 Application Layer Protocol | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | Binary Padding | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | 2 Ingress Tool Transfer | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
23% | Virustotal | Browse | ||
34% | ReversingLabs | Win32.Exploit.CVE-2017-0199 | ||
100% | Joe Sandbox ML |
Name | IP | Active | Malicious | Antivirus Detection | Reputation |
---|---|---|---|---|---|
og1.in | 172.67.216.244 | true | false | unknown |
Name | Malicious | Antivirus Detection | Reputation |
---|---|---|---|
false |
| unknown | |
true |
| unknown |
- No. of IPs < 25%
- 25% < No. of IPs < 50%
- 50% < No. of IPs < 75%
- 75% < No. of IPs
IP | Domain | Country | Flag | ASN | ASN Name | Malicious |
---|---|---|---|---|---|---|
72.5.43.53 | unknown | United States | 16769 | UNASSIGNED | true | |
172.67.216.244 | og1.in | United States | 13335 | CLOUDFLARENETUS | false |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1522510 |
Start date and time: | 2024-09-30 10:07:52 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 4m 5s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | defaultwindowsofficecookbook.jbs |
Analysis system description: | Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2) |
Number of analysed new started processes analysed: | 6 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | PO554830092024.xls |
Detection: | MAL |
Classification: | mal64.winXLS@1/8@1/2 |
EGA Information: | Failed |
HCA Information: |
|
Cookbook Comments: |
|
- Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
- Report size getting too big, too many NtQueryValueKey calls found.
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
172.67.216.244 | Get hash | malicious | Remcos, GuLoader | Browse |
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
og1.in | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Remcos, GuLoader | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
CLOUDFLARENETUS | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | VIP Keylogger | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | LummaC, Stealc, Vidar | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
UNASSIGNED | Get hash | malicious | Mirai | Browse |
| |
Get hash | malicious | PayPal Phisher | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | AgentTesla | Browse |
| ||
Get hash | malicious | Mirai | Browse |
| ||
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Amadey, Clipboard Hijacker, CryptOne, Cryptbot, PureLog Stealer, RedLine, Stealc | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
|
Match | Associated Sample Name / URL | SHA 256 | Detection | Threat Name | Link | Context |
---|---|---|---|---|---|---|
7dcce5b76c8b17472d024758970a406b | Get hash | malicious | Unknown | Browse |
| |
Get hash | malicious | Remcos, GuLoader | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Remcos | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Unknown | Browse |
| ||
Get hash | malicious | Snake Keylogger | Browse |
| ||
Get hash | malicious | PureLog Stealer | Browse |
|
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6B20EFA4.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5596528 |
Entropy (8bit): | 2.9627880151323387 |
Encrypted: | false |
SSDEEP: | 12288:Nft3bECFzKzjLBMc0GtIRabD8R1AZJBa5jB7gOaOGVIl00xh600msetQr00ujh60:N5ACi8BiJK+nIlDh6osetQrsjh60 |
MD5: | C8FF65340D86E7546ED74F2AEA89FF70 |
SHA1: | C3C02AC92015D94D4D68479DADB5CD110C6CF8C9 |
SHA-256: | 58B91D40032E4C9C693DDACBA27C24C875EBBF2F9F6C9FFA7A10991FC1049C4C |
SHA-512: | 385060117D6AE29EAC9CD9B6F69E50DF6FD86A84095AA2FA4DC14F2F3AAA27E2A6FC8E6F0E03F4D53E3A5A1038EF639B53BD44188E943A830005176F201D5008 |
Malicious: | false |
Reputation: | low |
Preview: |
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B6D68952.emf
Download File
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 5596528 |
Entropy (8bit): | 2.9627880151323387 |
Encrypted: | false |
SSDEEP: | 12288:Nft3bECFzKzjLBMc0GtIRabD8R1AZJBa5jB7gOaOGVIl00xh600msetQr00ujh60:N5ACi8BiJK+nIlDh6osetQrsjh60 |
MD5: | C8FF65340D86E7546ED74F2AEA89FF70 |
SHA1: | C3C02AC92015D94D4D68479DADB5CD110C6CF8C9 |
SHA-256: | 58B91D40032E4C9C693DDACBA27C24C875EBBF2F9F6C9FFA7A10991FC1049C4C |
SHA-512: | 385060117D6AE29EAC9CD9B6F69E50DF6FD86A84095AA2FA4DC14F2F3AAA27E2A6FC8E6F0E03F4D53E3A5A1038EF639B53BD44188E943A830005176F201D5008 |
Malicious: | false |
Reputation: | low |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 512 |
Entropy (8bit): | 0.0 |
Encrypted: | false |
SSDEEP: | 3:: |
MD5: | BF619EAC0CDF3F68D496EA9344137E8B |
SHA1: | 5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5 |
SHA-256: | 076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560 |
SHA-512: | DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE |
Malicious: | false |
Reputation: | high, very likely benign file |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 647168 |
Entropy (8bit): | 7.981964255729853 |
Encrypted: | false |
SSDEEP: | 12288:+GV9kwvMsL/Uq+IWYwKnvNDa+bEsDNJDKsGY1oz+tc2wH/GdS:+SvfLN+I19LbnJDKst1M2G |
MD5: | 510CD79EE37716B04D2CAB65EC173B9B |
SHA1: | 106A298ADF9772F33F45D6DC7FBD4A41EA7EADA5 |
SHA-256: | 5945D91801F7E4BCC7555DD192EFA59F251507C728F06196EC36D13FE01A5B45 |
SHA-512: | 334381210035EB653B145664C0D2EBCE117CDA7CDAD15D132F9710675DC92F3630F290106411DEDA63754C448079C4C5F77C0DE40455C8797C2AF4C9EC61B1BD |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 26 |
Entropy (8bit): | 3.95006375643621 |
Encrypted: | false |
SSDEEP: | 3:ggPYV:rPYV |
MD5: | 187F488E27DB4AF347237FE461A079AD |
SHA1: | 6693BA299EC1881249D59262276A0D2CB21F8E64 |
SHA-256: | 255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309 |
SHA-512: | 89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E |
Malicious: | false |
Preview: |
Process: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
File Type: | |
Category: | dropped |
Size (bytes): | 647168 |
Entropy (8bit): | 7.981964255729853 |
Encrypted: | false |
SSDEEP: | 12288:+GV9kwvMsL/Uq+IWYwKnvNDa+bEsDNJDKsGY1oz+tc2wH/GdS:+SvfLN+I19LbnJDKst1M2G |
MD5: | 510CD79EE37716B04D2CAB65EC173B9B |
SHA1: | 106A298ADF9772F33F45D6DC7FBD4A41EA7EADA5 |
SHA-256: | 5945D91801F7E4BCC7555DD192EFA59F251507C728F06196EC36D13FE01A5B45 |
SHA-512: | 334381210035EB653B145664C0D2EBCE117CDA7CDAD15D132F9710675DC92F3630F290106411DEDA63754C448079C4C5F77C0DE40455C8797C2AF4C9EC61B1BD |
Malicious: | true |
Preview: |
File type: | |
Entropy (8bit): | 7.966990355663988 |
TrID: |
|
File name: | PO554830092024.xls |
File size: | 655'872 bytes |
MD5: | 1edb633bd6cace0251cdce53c9ebb66a |
SHA1: | 086134a30e3fcf793078432a88bd07a3e2c4782d |
SHA256: | 46463f97518091c911a730c5d2d04d1dcfc8d5ed972760983af6a33375567aba |
SHA512: | bdcfd71e30d019f5d61f25cec7b0b02957fcd08ea69318d88a03b9afe0a063e3b346719bb556c2cdefe557afe24167489d42cb873842d3a8ecfaefff48a98d4d |
SSDEEP: | 12288:8r8Su735p0iSixHnW8rGDNBniBs9yXP8jUw89VvShvCWZ:m8SGKtixHW8sBnii9hUw+VvSFz |
TLSH: | B6D4238533D2DF87E20396B98DD482CB649CBF552F49EA0FB184336F44367A0A1A1E57 |
File Content Preview: | ........................>...................................9...................{.......}...............a.......c.............................................................................................................................................. |
Icon Hash: | 276ea3a6a6b7bfbf |
Document Type: | OLE |
Number of OLE Files: | 1 |
Has Summary Info: | |
Application Name: | Microsoft Excel |
Encrypted Document: | True |
Contains Word Document Stream: | False |
Contains Workbook/Book Stream: | True |
Contains PowerPoint Document Stream: | False |
Contains Visio Document Stream: | False |
Contains ObjectPool Stream: | False |
Flash Objects Count: | 0 |
Contains VBA Macros: | True |
Code Page: | 1252 |
Author: | |
Last Saved By: | |
Create Time: | 2006-09-16 00:00:00 |
Last Saved Time: | 2024-09-30 01:23:12 |
Creating Application: | |
Security: | 1 |
Document Code Page: | 1252 |
Thumbnail Scaling Desired: | False |
Contains Dirty Links: | False |
Shared Document: | False |
Changed Hyperlinks: | False |
Application Version: | 786432 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet1 |
VBA File Name: | Sheet1.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 77 b2 8d 98 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet2 |
VBA File Name: | Sheet2.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w V P . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 77 b2 56 50 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/Sheet3 |
VBA File Name: | Sheet3.cls |
Stream Size: | 977 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w < ~ . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 2 . 0 . - |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 77 b2 3c 7e 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/ThisWorkbook |
VBA File Name: | ThisWorkbook.cls |
Stream Size: | 985 |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . ( . . . . . S L . . . . S . . . . . S . . . . . < . . . . . . . . . . N . 0 . { . 0 . 0 . 0 . 2 . 0 . 8 . 1 . 9 . - . 0 |
Data Raw: | 01 16 01 00 00 f0 00 00 00 c4 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff cb 02 00 00 1f 03 00 00 00 00 00 00 01 00 00 00 77 b2 85 ef 00 00 ff ff 23 01 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
|
General | |
Stream Path: | \x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 114 |
Entropy: | 4.25248375192737 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . . . F & . . . M i c r o s o f t O f f i c e E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 26 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | \x5DocumentSummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 244 |
Entropy: | 2.889430592781307 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , 0 . . . . . . . . . . . . . . H . . . . . . . P . . . . . . . X . . . . . . . ` . . . . . . . h . . . . . . . p . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 c4 00 00 00 08 00 00 00 01 00 00 00 48 00 00 00 17 00 00 00 50 00 00 00 0b 00 00 00 58 00 00 00 10 00 00 00 60 00 00 00 13 00 00 00 68 00 00 00 16 00 00 00 70 00 00 00 0d 00 00 00 78 00 00 00 0c 00 00 00 a1 00 00 00 02 00 00 00 e4 04 00 00 |
General | |
Stream Path: | \x5SummaryInformation |
CLSID: | |
File Type: | data |
Stream Size: | 200 |
Entropy: | 3.2241247550157985 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . + ' 0 . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . | . # . @ . . . . @ P . . . . . . . . . . |
Data Raw: | fe ff 00 00 06 02 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 04 00 00 00 |
General | |
Stream Path: | MBD001A886E/\x1CompObj |
CLSID: | |
File Type: | data |
Stream Size: | 99 |
Entropy: | 3.631242196770981 |
Base64 Encoded: | False |
Data ASCII: | . . . . . . . . . . . . . . . . . . . . . . ! . . . M i c r o s o f t O f f i c e E x c e l W o r k s h e e t . . . . . E x c e l M L 1 2 . . . . . 9 q . . . . . . . . . . . . |
Data Raw: | 01 00 fe ff 03 0a 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 21 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 4f 66 66 69 63 65 20 45 78 63 65 6c 20 57 6f 72 6b 73 68 65 65 74 00 0a 00 00 00 45 78 63 65 6c 4d 4c 31 32 00 00 00 00 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001A886E/Package |
CLSID: | |
File Type: | Microsoft Excel 2007+ |
Stream Size: | 27478 |
Entropy: | 7.767256957232999 |
Base64 Encoded: | True |
Data ASCII: | P K . . . . . . . . . . ! . D . 2 . . . . . . . . . . [ C o n t e n t _ T y p e s ] . x m l . . ( . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
Data Raw: | 50 4b 03 04 14 00 06 00 08 00 00 00 21 00 44 19 a7 ee 32 01 00 00 c9 02 00 00 13 00 08 02 5b 43 6f 6e 74 65 6e 74 5f 54 79 70 65 73 5d 2e 78 6d 6c 20 a2 04 02 28 a0 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |
General | |
Stream Path: | MBD001A886F/\x1Ole |
CLSID: | |
File Type: | data |
Stream Size: | 332 |
Entropy: | 4.790752196517334 |
Base64 Encoded: | False |
Data ASCII: | . . . . O 1 M . . . . . . . . . . . . \\ . . . y . . . K . X . . . h . t . t . p . s . : . / . / . o . g . 1 . . . i . n . / . o . j . m . k . c . b . . . . . G . . U 6 i . Y 0 b O B H . l . . . y . . . . . . . . . . . . . . . . . . . . s . B . u . k . 6 . p . T . q . Y . K . M . q . k . 3 . 8 . P . r . r . 7 . Y . i . u . 1 . E . n . P . e . o . T . g . h . q . 5 . 2 . O . 0 . K . 0 . j . k . d . k . p . J . 6 . Q . 0 . q . y . 2 . j . 9 . O . 7 . s . s . 3 . m . U . Q . q . K . k . 8 . y . u . N . p . Q |
Data Raw: | 01 00 00 02 4f 94 ca 31 ec c3 f1 4d 00 00 00 00 00 00 00 00 00 00 00 00 5c 00 00 00 e0 c9 ea 79 f9 ba ce 11 8c 82 00 aa 00 4b a9 0b 58 00 00 00 68 00 74 00 74 00 70 00 73 00 3a 00 2f 00 2f 00 6f 00 67 00 31 00 2e 00 69 00 6e 00 2f 00 6f 00 6a 00 6d 00 6b 00 63 00 62 00 00 00 00 c5 8c 47 f5 0b 04 b1 d6 ff c8 55 a4 36 a7 69 d4 20 0c af 8f 59 30 a6 f2 d9 62 d8 4f 42 48 0c 6c 1a 16 90 |
General | |
Stream Path: | Workbook |
CLSID: | |
File Type: | Applesoft BASIC program data, first line number 16 |
Stream Size: | 609348 |
Entropy: | 7.99951239632846 |
Base64 Encoded: | True |
Data ASCII: | . . . . . . . . . . . . . . . . . / . 6 . . . . . . . > o . 4 ^ ' ^ Q c . A j q 0 . . , ` , d a . . . . . . . \\ j . . . \\ . p . @ V 3 . . s l P g 5 . ? , V @ v * . / 4 e Q ) C r Z L x < G [ . Y . u . : _ X S Z d P K . 7 T . L W ] . U ? . B . . . 8 a . . . - . . . . = . . . ' . . . C . . . G N . . . . . . . . . + . . . . . 5 + . . . . 1 . . . . . . . Z = . . . U v & j e A ( @ + @ . . . . . . . e + " . . . ( . . . . . . . @ . . . T 1 . . . d ! W . . . F E 4 6 . * E a x 1 . . . _ } . . . m i 4 + . . 1 j |
Data Raw: | 09 08 10 00 00 06 05 00 ab 1f cd 07 c1 00 01 00 06 04 00 00 2f 00 36 00 01 00 01 00 01 00 b1 f5 3e 6f 1e ee 34 5e 27 5e 91 8b f1 a3 51 63 cb f1 be d2 0d 97 c2 c5 de 41 8c 6a a3 80 71 30 c8 1e e6 00 2c 60 e3 2c a4 64 9f 9c fb b2 b8 61 e1 00 02 00 b0 04 c1 00 02 00 5c 6a e2 00 00 00 5c 00 70 00 ea 40 9f ff db 56 af 33 c6 95 08 ca 73 d8 6c 50 f7 67 80 35 b5 0c 3f be a0 2c 56 87 db 40 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECT |
CLSID: | |
File Type: | ASCII text, with CRLF line terminators |
Stream Size: | 517 |
Entropy: | 5.2476502823485065 |
Base64 Encoded: | True |
Data ASCII: | I D = " { 8 0 E 9 8 B F F - 4 1 6 D - 4 E 8 3 - 9 F 0 2 - 6 4 2 2 1 F 5 A 4 1 0 8 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 2 / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 3 / & H 0 0 0 0 0 0 0 0 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " 9 9 9 B 5 D 5 B 6 1 5 B 6 1 5 B 6 |
Data Raw: | 49 44 3d 22 7b 38 30 45 39 38 42 46 46 2d 34 31 36 44 2d 34 45 38 33 2d 39 46 30 32 2d 36 34 32 32 31 46 35 41 34 31 30 38 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 32 2f 26 48 30 30 30 |
General | |
Stream Path: | _VBA_PROJECT_CUR/PROJECTwm |
CLSID: | |
File Type: | data |
Stream Size: | 104 |
Entropy: | 3.0488640812019017 |
Base64 Encoded: | False |
Data ASCII: | T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . S h e e t 2 . S . h . e . e . t . 2 . . . S h e e t 3 . S . h . e . e . t . 3 . . . . . |
Data Raw: | 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 53 68 65 65 74 32 00 53 00 68 00 65 00 65 00 74 00 32 00 00 00 53 68 65 65 74 33 00 53 00 68 00 65 00 65 00 74 00 33 00 00 00 00 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/_VBA_PROJECT |
CLSID: | |
File Type: | data |
Stream Size: | 2644 |
Entropy: | 3.986038820913797 |
Base64 Encoded: | False |
Data ASCII: | a . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 0 . # . 9 . # . C . : . \\ . P . R . O . G . R . A . ~ . 2 . \\ . C . O . M . M . O . N . ~ . 1 . \\ . M . I . C . R . O . S . ~ . 1 . \\ . V . B . A . \\ . V . B . A . 6 . \\ . V . B . E . 6 . . . D . L . L . # . V . i . s . u . a . l . . B . a . s . i . c . . F . o . r . |
Data Raw: | cc 61 88 00 00 01 00 ff 09 40 00 00 09 04 00 00 e4 04 01 00 00 00 00 00 00 00 00 00 01 00 04 00 02 00 fa 00 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 30 00 23 00 |
General | |
Stream Path: | _VBA_PROJECT_CUR/VBA/dir |
CLSID: | |
File Type: | data |
Stream Size: | 553 |
Entropy: | 6.3671818293795575 |
Base64 Encoded: | True |
Data ASCII: | . % . . . . . . . . 0 * . . . . p . . H . . . . d . . . . . . . V B A P r o j e c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . 5 . i . . . . J < . . . . . r s t d o l e > . . . s . t . d . o . l . e . . . h . % . ^ . . * \\ G { 0 0 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s W O W 6 4 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . E O f f D i c E O . f . i . c E . . E . 2 D F 8 D 0 4 C . - 5 B F A - 1 0 1 B - B D E 5 E A A C 4 . 2 |
Data Raw: | 01 25 b2 80 01 00 04 00 00 00 01 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 35 f4 0a 69 08 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47 |
Timestamp | SID | Signature | Severity | Source IP | Source Port | Dest IP | Dest Port | Protocol |
---|---|---|---|---|---|---|---|---|
2024-09-30T10:09:28.934177+0200 | 2024449 | ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl | 1 | 192.168.2.22 | 49162 | 72.5.43.53 | 80 | TCP |
2024-09-30T10:10:08.887834+0200 | 2024449 | ET EXPLOIT SUSPICIOUS Possible CVE-2017-0199 IE7/NoCookie/Referer HTA dl | 1 | 192.168.2.22 | 49164 | 72.5.43.53 | 80 | TCP |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 30, 2024 10:09:06.003763914 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:06.003870010 CEST | 443 | 49161 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:06.004336119 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:06.009860992 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:06.009896994 CEST | 443 | 49161 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:06.482251883 CEST | 443 | 49161 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:06.482490063 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:06.490875006 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:06.490948915 CEST | 443 | 49161 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:06.491398096 CEST | 443 | 49161 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:06.491472006 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:06.562506914 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:06.603419065 CEST | 443 | 49161 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:07.527138948 CEST | 443 | 49161 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:07.527204037 CEST | 443 | 49161 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:07.527228117 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:07.527326107 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:07.528381109 CEST | 49161 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:07.528435946 CEST | 443 | 49161 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:07.546961069 CEST | 49162 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:09:07.551911116 CEST | 80 | 49162 | 72.5.43.53 | 192.168.2.22 |
Sep 30, 2024 10:09:07.551975965 CEST | 49162 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:09:07.554182053 CEST | 49162 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:09:07.559062004 CEST | 80 | 49162 | 72.5.43.53 | 192.168.2.22 |
Sep 30, 2024 10:09:28.934047937 CEST | 80 | 49162 | 72.5.43.53 | 192.168.2.22 |
Sep 30, 2024 10:09:28.934176922 CEST | 49162 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:09:28.938947916 CEST | 49162 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:09:28.943778038 CEST | 80 | 49162 | 72.5.43.53 | 192.168.2.22 |
Sep 30, 2024 10:09:46.221299887 CEST | 49163 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:46.221326113 CEST | 443 | 49163 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:46.221379995 CEST | 49163 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:46.221637964 CEST | 49163 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:46.221646070 CEST | 443 | 49163 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:46.689881086 CEST | 443 | 49163 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:46.690063000 CEST | 49163 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:46.692205906 CEST | 49163 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:46.692223072 CEST | 443 | 49163 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:46.699748039 CEST | 49163 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:46.699764013 CEST | 443 | 49163 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:47.489283085 CEST | 443 | 49163 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:47.489389896 CEST | 443 | 49163 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:47.489427090 CEST | 49163 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:47.489458084 CEST | 49163 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:47.492391109 CEST | 49163 | 443 | 192.168.2.22 | 172.67.216.244 |
Sep 30, 2024 10:09:47.492412090 CEST | 443 | 49163 | 172.67.216.244 | 192.168.2.22 |
Sep 30, 2024 10:09:47.493179083 CEST | 49164 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:09:47.498116970 CEST | 80 | 49164 | 72.5.43.53 | 192.168.2.22 |
Sep 30, 2024 10:09:47.498203039 CEST | 49164 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:09:47.500715017 CEST | 49164 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:09:47.505593061 CEST | 80 | 49164 | 72.5.43.53 | 192.168.2.22 |
Sep 30, 2024 10:10:08.887670994 CEST | 80 | 49164 | 72.5.43.53 | 192.168.2.22 |
Sep 30, 2024 10:10:08.887834072 CEST | 49164 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:10:08.887919903 CEST | 49164 | 80 | 192.168.2.22 | 72.5.43.53 |
Sep 30, 2024 10:10:08.892698050 CEST | 80 | 49164 | 72.5.43.53 | 192.168.2.22 |
Timestamp | Source Port | Dest Port | Source IP | Dest IP |
---|---|---|---|---|
Sep 30, 2024 10:09:05.977686882 CEST | 54562 | 53 | 192.168.2.22 | 8.8.8.8 |
Sep 30, 2024 10:09:05.998090982 CEST | 53 | 54562 | 8.8.8.8 | 192.168.2.22 |
Timestamp | Source IP | Dest IP | Trans ID | OP Code | Name | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|
Sep 30, 2024 10:09:05.977686882 CEST | 192.168.2.22 | 8.8.8.8 | 0x818d | Standard query (0) | A (IP address) | IN (0x0001) | false |
Timestamp | Source IP | Dest IP | Trans ID | Reply Code | Name | CName | Address | Type | Class | DNS over HTTPS |
---|---|---|---|---|---|---|---|---|---|---|
Sep 30, 2024 10:09:05.998090982 CEST | 8.8.8.8 | 192.168.2.22 | 0x818d | No error (0) | 172.67.216.244 | A (IP address) | IN (0x0001) | false | ||
Sep 30, 2024 10:09:05.998090982 CEST | 8.8.8.8 | 192.168.2.22 | 0x818d | No error (0) | 104.21.78.54 | A (IP address) | IN (0x0001) | false |
|
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49162 | 72.5.43.53 | 80 | 3220 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 30, 2024 10:09:07.554182053 CEST | 350 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49164 | 72.5.43.53 | 80 | 3220 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
Sep 30, 2024 10:09:47.500715017 CEST | 350 | OUT |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
0 | 192.168.2.22 | 49161 | 172.67.216.244 | 443 | 3220 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-30 08:09:06 UTC | 319 | OUT | |
2024-09-30 08:09:07 UTC | 811 | IN | |
2024-09-30 08:09:07 UTC | 73 | IN |
Session ID | Source IP | Source Port | Destination IP | Destination Port | PID | Process |
---|---|---|---|---|---|---|
1 | 192.168.2.22 | 49163 | 172.67.216.244 | 443 | 3220 | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Timestamp | Bytes transferred | Direction | Data |
---|---|---|---|
2024-09-30 08:09:46 UTC | 319 | OUT | |
2024-09-30 08:09:47 UTC | 805 | IN | |
2024-09-30 08:09:47 UTC | 73 | IN |
Click to jump to process
Click to jump to process
back
Click to dive into process behavior distribution
Target ID: | 0 |
Start time: | 04:08:43 |
Start date: | 30/09/2024 |
Path: | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x13fe10000 |
File size: | 28'253'536 bytes |
MD5 hash: | D53B85E21886D2AF9815C377537BCAC3 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | false |
Call Graph
Graph
- Entrypoint
- Decryption Function
- Executed
- Not Executed
- Show Help
Module: Sheet1
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet1" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet2
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet2" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: Sheet3
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "Sheet3" |
2 | Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |
Module: ThisWorkbook
Declaration
Line | Content |
---|---|
1 | Attribute VB_Name = "ThisWorkbook" |
2 | Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}" |
3 | Attribute VB_GlobalNameSpace = False |
4 | Attribute VB_Creatable = False |
5 | Attribute VB_PredeclaredId = True |
6 | Attribute VB_Exposed = True |
7 | Attribute VB_TemplateDerived = False |
8 | Attribute VB_Customizable = True |