![]() EXEįile created: C:\Users\u ser\AppDat a\Local\Te mp\tmp970B. Source: C:\Program Files (x8 6)\Microso ft Office\ root\Offic e16\EXCEL. String found in binary or memory: w.globalsi gn.com/rep ository/06 String found in binary or memory: w.globalsi gn.com/rep ository/0 String found in binary or memory: toolset.or g/releases / String found in binary or memory: toolset.or g/news/ String found in binary or memory: toolset.or g/W wixtoolset. String found in binary or memory: ure.global /c acert/gsti mestamping sha2g2.crt 0 String found in binary or memory: ure.global /c acert/gsex tendcodesi gnsha2g2.c rt0: String found in binary or memory: emas.fonta wesome.io/ icons/ String found in binary or memory: p2.globals ign.com/gs timestampi ngsha2g20 String found in binary or memory: p2.globals ign.com/gs evcodesign sha2g20) ![]() String found in binary or memory: tawesome.i o ntawesome. globalsig n.com/gs/g stimestamp ingsha2g2. globalsig n.com/gs/g sevcodesig nsha2g2.cr l0 String found in binary or memory: syndicatio n.org/2006 /appsynapp licationap uputil.cpp upgradeexc lusivetrue enclosured igestalgor String found in binary or memory: youtube eq uals (Youtube) String found in binary or memory: yahoo equa ls (Ya hoo) String found in binary or memory: twitter eq uals (Twitter) String found in binary or memory: linkedin e quals om (Linked in) String found in binary or memory: facebook e quals om (Facebo ok) String found in binary or memory: Youtube eq uals (Youtube) String found in binary or memory: YouTube eq uals (Youtube) ![]() String found in binary or memory: YouTube Sq uare equal s (Y outube) String found in binary or memory: YouTube Pl ay equals (You tube) String found in binary or memory: Yahoo equa ls (Ya hoo) String found in binary or memory: Yahoo Logo equals ww w. m (Yahoo) String found in binary or memory: Twitter eq uals (Twitter) String found in binary or memory: Twitter Sq uare equal s (T witter) String found in binary or memory: Linkedin e quals om (Linked in) String found in binary or memory: LinkedIn e quals om (Linked in) String found in binary or memory: LinkedIn S quare equa ls (Linkedin) String found in binary or memory: Facebook e quals om (Facebo ok) String found in binary or memory: Facebook S quare equa ls (Facebook) ![]() String found in binary or memory: Facebook O fficial eq uals m (Faceboo k) Behaviorgraph top1 signatures2 2 Behavior Graph ID: 103919 URL: Startdate: Architecture: WINDOWS Score: 52 92 Office process drops PE file 2->92 10 iexplore.exe 9 67 2->10 started 13 xlstat.exe 2->13 started 15 xlstat.exe 2->15 started 17 msiexec.exe 2->17 started process3 dnsIp4 78 8.8.8.8 GOOGLE-GoogleIncUS United States 10->78 80 151.101.2.133 FASTLY-FastlyUS United States 10->80 19 xlstat.exe 3 10->19 started 22 iexplore.exe 26 10->22 started 25 xlstat.exe 13->25 started 27 xlstat.exe 15->27 started process5 dnsIp6 48 C:\Users\user\AppData\Local\.\xlstat.exe, PE32 19->48 dropped 29 xlstat.exe 49 110 19->29 started 76 143.204.15.52 BRUWS-AS3128-UniversityofWisconsinSystemUS United States 22->76 50 C:\Users\user\AppData\Local\.\xlstat.exe, PE32 22->50 dropped 52 C:\Users\user\.\, PE32 22->52 dropped 34 xlstat.exe 25->34 started 36 xlstat.exe 27->36 started file7 process8 dnsIp9 88 52.178.179.169 MICROSOFT-CORP-MSN-AS-BLOCK-MicrosoftCorporationUS United States 29->88 90 143.204.15.122 BRUWS-AS3128-UniversityofWisconsinSystemUS United States 29->90 58 C:\Users\user\AppData\Local\.\xlstat.exe, PE32 29->58 dropped 60 C:\Users\user\AppData\Local\.\mbapreq.dll, PE32 29->60 dropped 62 C:\Users\user\AppData\Local\.\mbahost.dll, PE32 29->62 dropped 70 12 other files (none is malicious) 29->70 dropped 94 Creates autostart registry keys with suspicious names 29->94 96 Opens network shares 29->96 38 XLSTATSTART.exe 29->38 started 72 13 other files (none is malicious) 34->72 dropped 64 C:\Users\user\AppData\Local\.\mbapreq.dll, PE32 36->64 dropped 66 C:\Users\user\AppData\Local\.\mbahost.dll, PE32 36->66 dropped 68 C:\Users\user\.\, PE32 36->68 dropped 74 10 other files (none is malicious) 36->74 dropped file10 signatures11 process12 process13 40 cmd.exe 38->40 started 42 conhost.exe 38->42 started process14 44 EXCEL.EXE 40->44 started dnsIp15 82 13.107.3.128 MICROSOFT-CORP-MSN-AS-BLOCK-MicrosoftCorporationUS United States 44->82 84 40.121.213.159 MICROSOFT-CORP-MSN-AS-BLOCK-MicrosoftCorporationUS United States 44->84 86 52.114.76.35 MICROSOFT-CORP-MSN-AS-BLOCK-MicrosoftCorporationUS United States 44->86 54 C:\Users\user\AppData\Local\.\tmp970B.tmp, PE32 44->54 dropped 56 C:\Users\user\AppData\Local\.\tmp95B2.tmp, PE32 44->56 dropped file16įound strings which match to known social media urls
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |