S-31_t31-Reporte ISSSTE-GLOBAL-2021-08-13-0019.csv
This report is generated from a file or URL submitted to this webservice on August 19th 2021 22:23:37 (UTC)
Guest System: Windows 7 64 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.48.13 © Hybrid Analysis
Incident Response
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 2
-
Network Related
-
Found potential IP address in binary/memory
- details
-
Potential IP "134.122.50.220" found in string "" 34 ","134.122.50.220","3.32 GB","1 ""
Potential IP "51.159.139.230" found in string "" 36 ","51.159.139.230","2.82 GB","1 ""
Potential IP "213.108.110.74" found in string "" 45 ","213.108.110.74","2.07 GB","2 ""
Potential IP "69.36.182.18" found in string "" 48 ","69.36.182.18","1.95 GB","2 ""
Potential IP "37.218.246.181" found in string "" 61 ","37.218.246.181","1.36 GB","3 ""
Potential IP "213.108.105.29" found in string "" 62 ","213.108.105.29","1.28 GB","2 ""
Potential IP "51.15.46.81" found in string "" 63 ","51.15.46.81","1.27 GB","3 ""
Potential IP "149.154.175.57" found in string "" 66 ","149.154.175.57","1.24 GB","1
526 ""
Potential IP "167.88.113.201" found in string "" 74 ","167.88.113.201","1.13 GB","3 ""
Potential IP "162.220.51.111" found in string "" 76 ","162.220.51.111","1.07 GB","18 ""
Potential IP "37.46.114.67" found in string "" 85 ","37.46.114.67","949.90 MB","1 ""
Potential IP "192.241.210.123" found in string "" 88 ","192.241.210.123","883.74 MB","3 ""
Potential IP "173.230.154.208" found in string "" 90 ","173.230.154.208","874.93 MB","1 ""
Potential IP "128.199.231.58" found in string "" 91 ","128.199.231.58","867.14 MB","3 ""
Potential IP "198.199.93.22" found in string "" 92 ","198.199.93.22","837.23 MB","2 ""
Potential IP "165.227.88.29" found in string "" 97 ","165.227.88.29","813.17 MB","5 ""
Potential IP "185.10.56.98" found in string "" 103 ","185.10.56.98","734.64 MB","1 ""
Potential IP "37.120.147.190" found in string "" 104 ","37.120.147.190","732.19 MB","4 ""
Potential IP "77.68.8.112" found in string "" 108 ","77.68.8.112","686.17 MB","3 ""
Potential IP "104.17.122.114" found in string "" 109 ","104.17.122.114","674.77 MB","23 ""
Potential IP "104.19.214.83" found in string "" 112 ","104.19.214.83","663.45 MB","86 ""
Potential IP "172.98.73.39" found in string "" 113 ","172.98.73.39","663.29 MB","5 ""
Potential IP "192.241.255.160" found in string "" 114 ","192.241.255.160","661.32 MB","1 ""
Potential IP "161.35.135.178" found in string "" 116 ","161.35.135.178","640.99 MB","14 ""
Potential IP "37.120.157.74" found in string "" 123 ","37.120.157.74","588.57 MB","4 ""
Potential IP "107.161.22.82" found in string "" 124 ","107.161.22.82","585.30 MB","1 ""
Potential IP "13.107.42.11" found in string "" 127 ","13.107.42.11","549.58 MB","1
593 ""
Potential IP "196.245.9.154" found in string "" 129 ","196.245.9.154","544.41 MB","6 ""
Potential IP "104.17.228.2" found in string "" 134 ","104.17.228.2","525.04 MB","84 ""
Potential IP "74.82.60.156" found in string "" 135 ","74.82.60.156","521.26 MB","2 ""
Potential IP "74.82.60.35" found in string "" 141 ","74.82.60.35","482.71 MB","4 ""
Potential IP "196.245.9.138" found in string "" 143 ","196.245.9.138","449.51 MB","10 ""
Potential IP "142.250.82.16" found in string "" 145 ","142.250.82.16","445.43 MB","230 ""
Potential IP "62.151.178.229" found in string "" 148 ","62.151.178.229","422.01 MB","3 ""
Potential IP "13.107.6.171" found in string "" 149 ","13.107.6.171","418.03 MB","154 ""
Potential IP "192.160.45.11" found in string "" 1 ","192.160.45.11","22.11 GB","1
813 ""
Potential IP "192.168.53.174" found in string "" 2 ","192.168.53.174","9.79 GB","1
270 ""
Potential IP "192.168.28.77" found in string "" 3 ","192.168.28.77","9.60 GB","2
087 ""
Potential IP "192.168.5.46" found in string "" 4 ","192.168.5.46","8.11 GB","1
385 ""
Potential IP "192.160.126.226" found in string "" 5 ","192.160.126.226","7.83 GB","1
860 ""
Potential IP "192.168.13.189" found in string "" 6 ","192.168.13.189","5.64 GB","1
128 ""
Potential IP "192.160.172.44" found in string "" 7 ","192.160.172.44","4.36 GB","1
974 ""
Potential IP "192.168.52.69" found in string "" 8 ","192.168.52.69","4.07 GB","4
711 ""
Potential IP "192.162.56.214" found in string "" 9 ","192.162.56.214","4.03 GB","977 ""
Potential IP "192.160.143.199" found in string "" 10 ","192.160.143.199","3.97 GB","1
485 ""
Potential IP "192.168.13.245" found in string "" 11 ","192.168.13.245","3.33 GB","102 ""
Potential IP "192.160.129.78" found in string "" 12 ","192.160.129.78","3.25 GB","2
101 ""
Potential IP "192.168.108.203" found in string "" 13 ","192.168.108.203","2.89 GB","2
833 ""
Potential IP "192.168.15.7" found in string "" 14 ","192.168.15.7","2.87 GB","1
320 ""
Potential IP "192.168.12.23" found in string "" 15 ","192.168.12.23","2.83 GB","106 ""
Potential IP "192.161.231.202" found in string "" 16 ","192.161.231.202","2.82 GB","1
220 ""
Potential IP "192.160.164.89" found in string "" 17 ","192.160.164.89","2.79 GB","2
224 ""
Potential IP "192.167.104.81" found in string "" 18 ","192.167.104.81","2.74 GB","1
881 ""
Potential IP "192.162.20.111" found in string "" 19 ","192.162.20.111","2.69 GB","215 ""
Potential IP "192.162.17.31" found in string "" 20 ","192.162.17.31","2.64 GB","756 ""
Potential IP "192.160.122.68" found in string "" 21 ","192.160.122.68","2.59 GB","8
036 ""
Potential IP "192.161.155.234" found in string "" 22 ","192.161.155.234","2.46 GB","5
573 ""
Potential IP "192.168.5.60" found in string "" 23 ","192.168.5.60","2.39 GB","1
156 ""
Potential IP "192.166.149.125" found in string "" 24 ","192.166.149.125","2.35 GB","10
671 ""
Potential IP "192.167.105.57" found in string "" 25 ","192.167.105.57","2.32 GB","2
308 ""
Potential IP "192.168.29.210" found in string "" 26 ","192.168.29.210","2.28 GB","206 ""
Potential IP "192.160.128.142" found in string "" 27 ","192.160.128.142","2.21 GB","2
156 ""
Potential IP "192.168.182.126" found in string "" 28 ","192.168.182.126","2.19 GB","937 ""
Potential IP "192.161.111.5" found in string "" 29 ","192.161.111.5","2.16 GB","406 ""
Potential IP "192.168.5.245" found in string "" 30 ","192.168.5.245","2.14 GB","4
208 ""
Potential IP "192.160.45.11" found in string "" 1 ","192.160.45.11","""
Potential IP "13.107.136.9" found in string "" 1 ","13.107.136.9","20.42 GB","Microsoft.SharePoint""
Potential IP "40.108.138.81" found in string "" 2 ","40.108.138.81","1.60 GB","Microsoft.SharePoint""
Potential IP "104.26.15.11" found in string "" 3 ","104.26.15.11","7.38 MB","HTTPS.BROWSER""
Potential IP "201.148.67.43" found in string "" 4 ","201.148.67.43","6.88 MB","Microsoft.Portal""
Potential IP "34.104.35.123" found in string "" 5 ","34.104.35.123","5.38 MB","Google.Services""
Potential IP "13.107.4.50" found in string "" 6 ","13.107.4.50","5.10 MB","Microsoft.Portal""
Potential IP "201.148.67.57" found in string "" 7 ","201.148.67.57","4.90 MB","Microsoft.Portal""
Potential IP "201.148.67.27" found in string "" 8 ","201.148.67.27","4.34 MB","Microsoft.Portal""
Potential IP "142.250.81.101" found in string "" 9 ","142.250.81.101","4.22 MB","Gmail""
Potential IP "201.148.67.49" found in string "" 10 ","201.148.67.49","3.27 MB","Microsoft.Portal""
Potential IP "192.168.13.245" found in string "" 1 ","192.168.13.245","""
Potential IP "134.122.50.220" found in string "" 1 ","134.122.50.220","3.32 GB","SSL_TLSv1.2""
Potential IP "23.59.42.244" found in string "" 2 ","23.59.42.244","241.70 KB","TrendMicro.WFBS""
Potential IP "52.216.130.181" found in string "" 3 ","52.216.130.181","221.61 KB","Amazon.AWS_S3""
Potential IP "40.97.120.210" found in string "" 4 ","40.97.120.210","200.07 KB","Microsoft.Office.365.Portal""
Potential IP "52.216.186.245" found in string "" 5 ","52.216.186.245","192.24 KB","Amazon.AWS_S3""
Potential IP "192.168.12.23" found in string "" 1 ","192.168.12.23","""
Potential IP "51.159.139.230" found in string "" 1 ","51.159.139.230","2.82 GB","SSL_TLSv1.2""
Potential IP "23.59.57.124" found in string "" 2 ","23.59.57.124","2.75 MB","TrendMicro.WFBS""
Potential IP "52.96.121.146" found in string "" 3 ","52.96.121.146","303.06 KB","Microsoft.Office.365.Portal""
Potential IP "40.97.120.210" found in string "" 4 ","40.97.120.210","242.53 KB","Microsoft.Office.365.Portal""
Potential IP "40.97.120.130" found in string "" 5 ","40.97.120.130","191.12 KB","Microsoft.Office.365.Portal""
Potential IP "40.97.199.114" found in string "" 6 ","40.97.199.114","188.60 KB","Microsoft.Office.365.Portal""
Potential IP "52.96.57.34" found in string "" 7 ","52.96.57.34","187.66 KB","Microsoft.Office.365.Portal""
Potential IP "52.96.121.226" found in string "" 8 ","52.96.121.226","184.81 KB","Microsoft.Office.365.Portal""
Potential IP "54.236.92.29" found in string "" 9 ","54.236.92.29","167.38 KB","TrendMicro.WFBS""
Potential IP "192.168.66.143" found in string "" 1 ","192.168.66.143","""
Potential IP "52.96.121.146" found in string "" 1 ","52.96.121.146","807.78 KB","Microsoft.Office.365.Portal""
Potential IP "23.59.57.124" found in string "" 2 ","23.59.57.124","529.92 KB","TrendMicro.WFBS""
Potential IP "216.58.193.4" found in string "" 3 ","216.58.193.4","430.62 KB","Google.Services""
Potential IP "52.96.103.34" found in string "" 4 ","52.96.103.34","422.66 KB","Microsoft.Office.365.Portal""
Potential IP "40.97.120.162" found in string "" 5 ","40.97.120.162","339.79 KB","Microsoft.Office.365.Portal""
Potential IP "23.59.42.244" found in string "" 6 ","23.59.42.244","164.84 KB","TrendMicro.WFBS""
Potential IP "40.97.120.242" found in string "" 7 ","40.97.120.242","140.10 KB","Microsoft.Office.365.Portal""
Potential IP "40.97.212.2" found in string "" 8 ","40.97.212.2","14.97 KB","Microsoft.Office.365.Portal""
Potential IP "192.168.53.29" found in string "" 1 ","192.168.53.29","""
Potential IP "213.108.110.74" found in string "" 1 ","213.108.110.74","2.07 GB","SSL_TLSv1.2""
Potential IP "23.59.57.124" found in string "" 2 ","23.59.57.124","1
016.90 KB","TrendMicro.WFBS""
Potential IP "52.96.57.34" found in string "" 3 ","52.96.57.34","526.72 KB","Microsoft.Office.365.Portal""
Potential IP "52.217.95.144" found in string "" 4 ","52.217.95.144","324.65 KB","Amazon.AWS_S3""
Potential IP "52.96.121.146" found in string "" 5 ","52.96.121.146","315.92 KB","Microsoft.Office.365.Portal""
Potential IP "40.97.96.2" found in string "" 6 ","40.97.96.2","304.48 KB","Microsoft.Office.365.Portal""
Potential IP "52.96.103.34" found in string "" 7 ","52.96.103.34","270.48 KB","Microsoft.Office.365.Portal""
Potential IP "52.96.121.162" found in string "" 8 ","52.96.121.162","192.26 KB","Microsoft.Office.365.Portal""
Potential IP "52.21.247.250" found in string "" 9 ","52.21.247.250","178.18 KB","TrendMicro.WFBS""
Potential IP "52.96.8.130" found in string "" 10 ","52.96.8.130","102.96 KB","Microsoft.Office.365.Portal""
Potential IP "192.164.49.205" found in string "" 1 ","192.164.49.205","""
Potential IP "128.199.231.58" found in string "" 1 ","128.199.231.58","867.14 MB","HTTP.BROWSER""
Potential IP "128.199.231.58" found in string "" 1 ","128.199.231.58",,"909257282""
Potential IP "192.165.219.25" found in string "" 1 ","192.165.219.25","""
Potential IP "69.36.182.18" found in string "" 1 ","69.36.182.18","1.95 GB","SSL_TLSv1.3""
Potential IP "23.59.57.124" found in string "" 2 ","23.59.57.124","1.39 MB","TrendMicro.WFBS""
Potential IP "72.21.91.29" found in string "" 3 ","72.21.91.29","1.25 MB","Root.Certificate.URL""
Potential IP "23.59.42.244" found in string "" 4 ","23.59.42.244","236.80 KB","TrendMicro.WFBS""
Potential IP "192.168.12.211" found in string "" 1 ","192.168.12.211","""
Potential IP "37.46.114.67" found in string "" 1 ","37.46.114.67","949.90 MB","SSL_TLSv1.2""
Potential IP "72.21.91.29" found in string "" 2 ","72.21.91.29","45.98 MB","Root.Certificate.URL""
Potential IP "23.59.57.124" found in string "" 3 ","23.59.57.124","1.04 MB","TrendMicro.WFBS""
Potential IP "192.168.28.77" found in string "" 1 ","192.168.28.77","""
Potential IP "216.58.195.238" found in string "" 1 ","216.58.195.238","9.58 GB","Google.Services""
Potential IP "69.147.65.252" found in string "" 2 ","69.147.65.252","3.24 MB","Yahoo.Services""
Potential IP "142.250.81.109" found in string "" 3 ","142.250.81.109","2.25 MB","Google.Services""
Potential IP "172.217.15.3" found in string "" 4 ","172.217.15.3","2.05 MB","Google.Services""
Potential IP "142.250.68.206" found in string "" 5 ","142.250.68.206","1.82 MB","Google.Drive""
Potential IP "152.195.12.131" found in string "" 6 ","152.195.12.131","1.67 MB","Yahoo.Services""
Potential IP "142.250.81.14" found in string "" 7 ","142.250.81.14","1.33 MB","Google.Services""
Potential IP "74.6.143.26" found in string "" 8 ","74.6.143.26","1.26 MB","Yahoo.Services""
Potential IP "69.147.65.251" found in string "" 9 ","69.147.65.251","925.54 KB","Yahoo.Services""
Potential IP "23.205.36.135" found in string "" 10 ","23.205.36.135","869.57 KB","Adobe.Web""
Potential IP "192.160.126.226" found in string "" 1 ","192.160.126.226","""
Potential IP "52.96.122.98" found in string "" 1 ","52.96.122.98","3.40 GB","Microsoft.Office.365.Portal""
Potential IP "52.96.122.242" found in string "" 2 ","52.96.122.242","1.98 GB","Microsoft.Office.365.Portal""
Potential IP "52.96.57.34" found in string "" 3 ","52.96.57.34","1.74 GB","Microsoft.Office.365.Portal""
Potential IP "40.97.121.2" found in string "" 4 ","40.97.121.2","435.53 MB","Microsoft.Office.365.Portal""
Potential IP "52.96.103.2" found in string "" 5 ","52.96.103.2","196.95 MB","Microsoft.Office.365.Portal""
Potential IP "23.45.200.63" found in string "" 6 ","23.45.200.63","16.57 MB","Microsoft.Office.365.Portal""
Potential IP "201.148.67.56" found in string "" 7 ","201.148.67.56","11.01 MB","Microsoft.Office.Online""
Potential IP "40.97.120.210" found in string "" 8 ","40.97.120.210","9.56 MB","Microsoft.Office.365.Portal""
Potential IP "52.96.57.18" found in string "" 9 ","52.96.57.18","9.28 MB","Microsoft.Office.365.Portal""
Potential IP "23.59.57.124" found in string "" 10 ","23.59.57.124","6.19 MB","TrendMicro.WFBS""
Potential IP "192.160.172.44" found in string "" 1 ","192.160.172.44","""
Potential IP "142.250.81.14" found in string "" 1 ","142.250.81.14","4.03 GB","Google.Services""
Potential IP "172.217.15.1" found in string "" 2 ","172.217.15.1","273.41 MB","Google.Accounts""
Potential IP "216.58.193.14" found in string "" 3 ","216.58.193.14","18.40 MB","HTTPS.BROWSER""
Potential IP "216.58.195.225" found in string "" 4 ","216.58.195.225","9.94 MB","Google.Accounts""
Potential IP "23.59.57.124" found in string "" 5 ","23.59.57.124","4.61 MB","TrendMicro.WFBS""
Potential IP "142.250.81.46" found in string "" 6 ","142.250.81.46","3.18 MB","Google.Play""
Potential IP "69.147.65.251" found in string "" 7 ","69.147.65.251","3.07 MB","Yahoo.Mail""
Potential IP "142.250.81.4" found in string "" 8 ","142.250.81.4","3.07 MB","Google.Services""
Potential IP "216.58.195.234" found in string "" 9 ","216.58.195.234","1.41 MB","Google.Services""
Potential IP "69.147.65.252" found in string "" 10 ","69.147.65.252","1.16 MB","Yahoo.Mail""
Potential IP "192.163.161.30" found in string "" 1 ","192.163.161.30","""
Potential IP "23.205.36.108" found in string "" 1 ","23.205.36.108","111.91 MB","Microsoft.Portal""
Potential IP "34.104.35.123" found in string "" 2 ","34.104.35.123","81.15 MB","Google.Services""
Potential IP "23.205.37.99" found in string "" 3 ","23.205.37.99","28.84 MB","Microsoft.Office.365.Portal""
Potential IP "142.250.81.74" found in string "" 4 ","142.250.81.74","6.55 MB","Google.Services""
Potential IP "172.217.15.1" found in string "" 5 ","172.217.15.1","6.46 MB","Google.Accounts""
Potential IP "13.225.51.82" found in string "" 6 ","13.225.51.82","2.37 MB","HTTPS.BROWSER""
Potential IP "52.182.141.63" found in string "" 7 ","52.182.141.63","2.15 MB","Microsoft.Portal""
Potential IP "20.50.201.195" found in string "" 8 ","20.50.201.195","1.45 MB","Microsoft.Portal""
Potential IP "151.101.129.63" found in string "" 9 ","151.101.129.63","1.18 MB","HTTPS.BROWSER""
Potential IP "142.250.68.208" found in string "" 10 ","142.250.68.208","1.09 MB","Google.Services""
Potential IP "192.168.53.174" found in string "" 1 ","192.168.53.174","""
Potential IP "13.107.136.9" found in string "" 1 ","13.107.136.9","4.10 GB","Microsoft.SharePoint""
Potential IP "40.108.138.81" found in string "" 2 ","40.108.138.81","3.35 GB","Microsoft.SharePoint""
Potential IP "13.107.138.9" found in string "" 3 ","13.107.138.9","1.89 GB","Microsoft.SharePoint""
Potential IP "51.105.71.136" found in string "" 4 ","51.105.71.136","36.14 MB","Microsoft.Portal""
Potential IP "20.42.65.85" found in string "" 5 ","20.42.65.85","25.49 MB","Microsoft.Portal""
Potential IP "104.208.16.90" found in string "" 6 ","104.208.16.90","23.86 MB","Microsoft.Portal""
Potential IP "20.42.73.24" found in string "" 7 ","20.42.73.24","23.51 MB","Microsoft.Portal""
Potential IP "20.189.173.13" found in string "" 8 ","20.189.173.13","19.85 MB","Microsoft.Portal""
Potential IP "52.168.117.170" found in string "" 9 ","52.168.117.170","19.13 MB","Microsoft.Portal""
Potential IP "20.189.173.2" found in string "" 10 ","20.189.173.2","18.66 MB","Microsoft.Portal""
Potential IP "192.160.143.199" found in string "" 1 ","192.160.143.199","""
Potential IP "52.96.121.98" found in string "" 1 ","52.96.121.98","1.68 GB","Microsoft.Office.365.Portal""
Potential IP "52.96.55.242" found in string "" 2 ","52.96.55.242","1
016.31 MB","Microsoft.Office.365.Portal""
Potential IP "52.96.121.162" found in string "" 3 ","52.96.121.162","482.89 MB","Microsoft.Office.365.Portal""
Potential IP "52.96.10.242" found in string "" 4 ","52.96.10.242","339.45 MB","Microsoft.Office.365.Portal""
Potential IP "52.96.57.18" found in string "" 5 ","52.96.57.18","319.53 MB","Microsoft.Office.365.Portal""
Potential IP "52.96.103.2" found in string "" 6 ","52.96.103.2","77.29 MB","Microsoft.Office.365.Portal""
Potential IP "142.250.81.14" found in string "" 7 ","142.250.81.14","10.70 MB","Google.Play""
Potential IP "142.250.68.206" found in string "" 8 ","142.250.68.206","9.96 MB","Google.Drive""
Potential IP "172.67.70.93" found in string "" 9 ","172.67.70.93","8.98 MB","HTTPS.BROWSER""
Potential IP "23.205.36.58" found in string "" 10 ","23.205.36.58","7.35 MB","Microsoft.Office.Online""
Potential IP "192.162.65.251" found in string "" 1 ","192.162.65.251","""
Potential IP "213.108.105.29" found in string "" 1 ","213.108.105.29","1.28 GB","SSL_TLSv1.2""
Potential IP "34.104.35.123" found in string "" 2 ","34.104.35.123","79.61 MB","Google.Services""
Potential IP "142.250.81.36" found in string "" 3 ","142.250.81.36","2.08 MB","Google.Services""
Potential IP "216.58.193.3" found in string "" 4 ","216.58.193.3","1
013.83 KB","Google.Services""
Potential IP "142.250.81.3" found in string "" 5 ","142.250.81.3","743.80 KB","Google.Services""
Potential IP "172.217.15.3" found in string "" 6 ","172.217.15.3","551.69 KB","Google.Services""
Potential IP "216.58.195.238" found in string "" 7 ","216.58.195.238","406.35 KB","Google.Services""
Potential IP "23.64.170.15" found in string "" 8 ","23.64.170.15","195.95 KB","Microsoft.Office.Online""
Potential IP "216.58.217.3" found in string "" 9 ","216.58.217.3","154.55 KB","Google.Services""
Potential IP "23.205.37.227" found in string "" 10 ","23.205.37.227","149.67 KB","Microsoft.Office.Online"" - source
- File/Memory
- relevance
- 3/10
-
Found potential IP address in binary/memory
-
Spyware/Information Retrieval
-
Found an instant messenger related domain
- details
-
"" 31 ","skype.com","4.45 GB","165
691 "" (Indicator: "skype.com"; File: "3ab2d6e73fff2bbabad2d2405aedec035249deff78a530b0a3b6787d7a2c565c.csv.bin")
"" 32 ","telegram.org","4.22 GB","1
271 "" (Indicator: "telegram.org"; File: "3ab2d6e73fff2bbabad2d2405aedec035249deff78a530b0a3b6787d7a2c565c.csv.bin")
"" 59 ","whatsapp.com","1.50 GB","316 "" (Indicator: "whatsapp.com"; File: "3ab2d6e73fff2bbabad2d2405aedec035249deff78a530b0a3b6787d7a2c565c.csv.bin") - source
- File/Memory
- relevance
- 10/10
-
Found an instant messenger related domain
-
Informative 17
-
Environment Awareness
-
Queries the installation properties of user installed products
- details
- "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\PRODUCTS\00004119210000000100000000F01FEC\INSTALLPROPERTIES"; Key: "WINDOWSINSTALLER")
- source
- Registry Access
- relevance
- 10/10
-
Reads the active computer name
- details
- "EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME"; Key: "COMPUTERNAME")
- source
- Registry Access
- relevance
- 5/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads the cryptographic machine GUID
- details
- "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\CRYPTOGRAPHY"; Key: "MACHINEGUID")
- source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads the registry for installed applications
- details
- "EXCEL.EXE" (Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\EXCEL.EXE"; Key: "DONTUSEDESKTOPCHANGEROUTER")
- source
- Registry Access
- relevance
- 10/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries the installation properties of user installed products
-
General
-
Creates mutants
- details
-
"Global\552FFA80-3393-423d-8671-7BA046BB5906"
"KYIMEShareCachedData.MutexObject.U1b8pdT"
"Local\x64_10MU_ACBPIDS_S-1-5-5-0-69661"
"KYTransactionServer.MutexObject.U1b8pdT"
"Local\ZonesLockedCacheCounterMutex"
"Local\x64_10MU_ACB10_S-1-5-5-0-69661"
"Local\ZonesCacheCounterMutex"
"\Sessions\1\BaseNamedObjects\Global\552FFA80-3393-423d-8671-7BA046BB5906" - source
- Created Mutant
- relevance
- 3/10
-
Loads rich edit control libraries
- details
- "EXCEL.EXE" loaded module "%COMMONPROGRAMFILES%\Microsoft Shared\OFFICE14\RICHED20.DLL" at F5DD0000
- source
- Loaded Module
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Scanning for window names
- details
-
"EXCEL.EXE" searching for class "REListbox20W"
"EXCEL.EXE" searching for class "MsoCommandBarPopup"
"EXCEL.EXE" searching for class "OfficeTooltip" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1010 (Show technique in the MITRE ATT&CK™ matrix)
-
Creates mutants
-
Installation/Persistence
-
Chained signature (with api-8702...). Detects file write then load as module
- details
- Chained signature (with api-8702...). Detects file write then load as module
- source
- Loaded Module
- relevance
- 8/10
-
Dropped files
- details
-
"S-31_t31-ReporteISSSTE-GLOBAL-2021-08-13-0019.LNK" has type "MS Windows shortcut Item id list present Points to a file or directory Has Relative path Archive ctime=Thu Aug 19 20:25:29 2021 mtime=Thu Aug 19 20:25:29 2021 atime=Thu Aug 19 20:26:00 2021 length=23328 window=hide"
"index.dat" has type "data" - source
- Binary File
- relevance
- 3/10
-
Opens the MountPointManager (often used to detect additional infection locations)
- details
- "EXCEL.EXE" opened "\Device\MountPointManager"
- source
- API Call
- relevance
- 5/10
-
Touches files in the Windows directory
- details
-
"EXCEL.EXE" touched file "C:\Windows\Fonts\StaticCache.dat"
"EXCEL.EXE" touched file "C:\Windows\Globalization\Sorting\SortDefault.nls"
"EXCEL.EXE" touched file "C:\Windows\System32\en-US\user32.dll.mui"
"EXCEL.EXE" touched file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\clr.dll"
"EXCEL.EXE" touched file "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll"
"EXCEL.EXE" touched file "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll"
"EXCEL.EXE" touched file "C:\Windows\System32\en-US\msctf.dll.mui"
"EXCEL.EXE" touched file "C:\Windows\System32\rsaenh.dll"
"EXCEL.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
"EXCEL.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\cversions.1.db"
"EXCEL.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001d.db"
"EXCEL.EXE" touched file "C:\Users\%USERNAME%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso426B.tmp"
"EXCEL.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches"
"EXCEL.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\cversions.1.db"
"EXCEL.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Caches\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x000000000000001d.db"
"EXCEL.EXE" touched file "%LOCALAPPDATA%\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso426B.tmp" - source
- API Call
- relevance
- 7/10
-
Chained signature (with api-8702...). Detects file write then load as module
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "www.google.com,,440960"
Pattern match: "www.gstatic.com,,2148885"
Pattern match: "www.google.com,,4046874"
Pattern match: "www.google.com,,3626967"
Pattern match: "www.google.com,,4169660"
Pattern match: "www.gstatic.com,,1171016"
Pattern match: "www.google.com,,5048016"
Pattern match: "www.google.com,,2183411"
Pattern match: "www.google.com.mx,,1038164"
Pattern match: "www.gstatic.com,,564932"
Pattern match: "www.googletagmanager.com,,121364" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Spyware/Information Retrieval
-
Found a reference to a known community page
- details
-
"" 47 ","paypal.com","2.01 GB","743 "" (Indicator: "paypal")
"" 10 ","youtube.googleapis.com",,"1474822"" (Indicator: "youtube") - source
- File/Memory
- relevance
- 7/10
-
Found a reference to a known community page
-
System Security
-
Hooks API calls
- details
-
"SysAllocStringByteLen@OLEAUT32.DLL" in "EXCEL.EXE"
"SysFreeString@OLEAUT32.DLL" in "EXCEL.EXE"
"VariantChangeType@OLEAUT32.DLL" in "EXCEL.EXE"
"VariantClear@OLEAUT32.DLL" in "EXCEL.EXE"
"OleLoadFromStream@OLE32.DLL" in "EXCEL.EXE" - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Queries sensitive IE security settings
- details
- "EXCEL.EXE" (Path: "HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SECURITY"; Key: "DISABLESECURITYSETTINGSCHECK")
- source
- Registry Access
- relevance
- 8/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Hooks API calls
-
Unusual Characteristics
-
Installs hooks/patches the running process
- details
-
"EXCEL.EXE" wrote bytes "9ba05c0c3895d701" to virtual address "0xF3F4FA00" (part of module "GFX.DLL")
"EXCEL.EXE" wrote bytes "88ac430c3895d701" to virtual address "0xF184D610" (part of module "MSO.DLL")
"EXCEL.EXE" wrote bytes "e9abc09bffcc" to virtual address "0xFDF44060" ("SysAllocStringByteLen@OLEAUT32.DLL")
"EXCEL.EXE" wrote bytes "e933ef9bffcccc" to virtual address "0xFDF41210" ("SysFreeString@OLEAUT32.DLL")
"EXCEL.EXE" wrote bytes "e94b9f9bffcccccccccc" to virtual address "0xFDF46230" ("VariantChangeType@OLEAUT32.DLL")
"EXCEL.EXE" wrote bytes "e933f09bff" to virtual address "0xFDF41180" ("VariantClear@OLEAUT32.DLL")
"EXCEL.EXE" wrote bytes "df965f0c3895d701" to virtual address "0x3F0665C0" (part of module "EXCEL.EXE")
"EXCEL.EXE" wrote bytes "e913b0c7ff" to virtual address "0xFDC850C0" ("OleLoadFromStream@OLE32.DLL")
"EXCEL.EXE" wrote bytes "847f48003895d701" to virtual address "0xF86A6590" (part of module "MSOSTYLE.DLL")
"EXCEL.EXE" wrote bytes "d2f179043895d701" to virtual address "0xF5F3DE48" (part of module "RICHED20.DLL")
"EXCEL.EXE" wrote bytes "48b8bc5243f0fe070000ffe0" to virtual address "0x76FC9020" ("SetUnhandledExceptionFilter@KERNEL32.DLL")
"EXCEL.EXE" wrote bytes "1c835c0c3895d701" to virtual address "0xF2AF2350" (part of module "OART.DLL") - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Reads information about supported languages
- details
-
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "EN-US")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "EN-US")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "CA")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "ZH-CN")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "ZH-CN")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "CS-CZ")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "CS-CZ")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "DA-DK")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "EL-GR")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "ES")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "FI-FI")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "FR")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "FR-FR")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "FR-FR")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "HE")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "HE-IL")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "HE")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "IS")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\CUSTOMLOCALE"; Key: "IS-IS")
"EXCEL.EXE" (Path: "HKLM\SYSTEM\CONTROLSET001\CONTROL\NLS\EXTENDEDLOCALE"; Key: "IS-IS") - source
- Registry Access
- relevance
- 3/10
- ATT&CK ID
- T1012 (Show technique in the MITRE ATT&CK™ matrix)
-
Installs hooks/patches the running process
File Details
S-31_t31-Reporte ISSSTE-GLOBAL-2021-08-13-0019.csv
- Filename
- S-31_t31-Reporte ISSSTE-GLOBAL-2021-08-13-0019.csv
- Size
- 23KiB (23328 bytes)
- Type
- csv text
- Description
- ASCII text
- Architecture
- WINDOWS
- SHA256
- 3ab2d6e73fff2bbabad2d2405aedec035249deff78a530b0a3b6787d7a2c565c
- MD5
- 9fe318011c1d0d56018fa107645e9d87
- SHA1
- 66e2f3974ac39d152aa549ce966e61f45ee3bdeb
- ssdeep
- 384:9Ft9g0mZI45h0LS1TPLIba1MoaaPjstxAElAtfN7qMWXEoBnfCQ:F9nmS4UmhPUba1NaaPjZoM8fCQ
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 1 process in total.
- EXCEL.EXE /dde (PID: 2396)
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
-
Informative 2
-
-
S-31_t31-ReporteISSSTE-GLOBAL-2021-08-13-0019.LNK
- Size
- 638B (638 bytes)
- Type
- lnk
- Description
- MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Thu Aug 19 20:25:29 2021, mtime=Thu Aug 19 20:25:29 2021, atime=Thu Aug 19 20:26:00 2021, length=23328, window=hide
- Runtime Process
- EXCEL.EXE (PID: 2396)
- MD5
- 07b0d9d4cf1b8083fa601a8161ee74e5
- SHA1
- ea4d124a06df3210d3b9381acbcf53b4e778743d
- SHA256
- 19c93e88b86c68b4e739fdcddb04fa39a8fda53e0fd7ae73c0a868fc6e481568
-
index.dat
- Size
- 179B (179 bytes)
- Type
- data
- Runtime Process
- EXCEL.EXE (PID: 2396)
- MD5
- 33388d22deee5478209f982f0b379611
- SHA1
- 1828e996831aabbe317d9a6f2553ef59388ae06f
- SHA256
- e0f967f3e1beff72b6f87766477b01a46c59af4c8fc1e66c3cfba60583fe2c27
-