Excel File Drops Malicious Payload (2018-02-13) | VMRay Analyzer Report
Try VMRay Analyzer
| Creation Time | 2018-02-13 18:15 (UTC+1) |
| VM Analysis Duration Time | 00:03:41 |
| Execution Successful |
|
| Sample Filename | QAS_031218.xls |
| Command Line Parameters |
|
| Prescript |
|
| Number of Processes | 3 |
| Termination Reason | Timeout |
| Reputation Enabled |
|
| Download | Archive Function Logfile Generic Logfile PCAP STIX/CybOX XML Summary JSON |
|
VTI Score
100 / 100
|
|
| VTI Database Version | 2.6 |
| VTI Rule Match Count | 17 |
| VTI Rule Type | Documents |
|
The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration. |
| ID | PID | Monitor Reason | Integrity Level | Image Name | Command Line | Origin ID |
|---|---|---|---|---|---|---|
| #1 | 0x930 | Analysis Target | Medium | excel.exe | "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE" | - |
| #3 | 0xa3c | Child Process | Medium | heidi.exe | "C:\Users\kFT6uTQW\AppData\Local\Temp\heidi.exe" | #1 |
| #4 | 0xa70 | Child Process | Medium | heidi.exe | "C:\Users\kFT6uTQW\AppData\Local\Temp\heidi.exe" | #3 |
| ID | #21058 |
| MD5 Hash Value | e9095deab097f17e0989cf518b0133ce |
| SHA1 Hash Value | 4d3e7af89f9afb8c5d4b0f7c3f865bb4dbacf327 |
| SHA256 Hash Value | 2dc346015c02c8c9f97e75f72cf194c8a8830c7a932ba22c502fcd3841a14e56 |
| Filename | QAS_031218.xls |
| File Size | 199.00 KB (203776 bytes) |
| File Type | Excel Document |
| Has VBA Macros |
|
| Analyzer Version | 2.2.0 |
| Analyzer Build Date | 2018-02-08 15:49 |
| Microsoft Office Version | 12.0.4518.1014 |
| Microsoft Excel Version | Not installed |
| Internet Explorer Version | 8.0.7601.17514 |
| Chrome Version | 59.0.3071.104 |
| Firefox Version | 25.0 |
| Flash Version | 11.2.202.233 |
| Java Version | 7.0.550.13 |
| VM Name | win7_64_sp1-mso2007 |
| VM Architecture | x86 64-bit |
| VM OS | Windows 7 |
| VM Kernel Version | 6.1.7601.17514 (3844dbb9-2017-4967-be7a-a4a2c20430fa) |
