Managed XDR
Group-IB MDP Report
File info
Filename: a759d236.xls
File Type: Composite Document File V2 Document, Little Endian, Os: Windows, Version 5.2, Code page: 936, Title: , Last Saved By: qq, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Dec 17 01:32:42 1996, Last Saved Time/Date: Thu Nov 26 03:35:15 2009, Security: 0
File Size: 25.5 KB
Env info
winxp/x86 en
Hashes
SHA1: 14720517ada632c062303c485639abb029ad0222
SHA256: 57c54eee78a1f06741ad2a58989a631d91464c6b19104664e842dbc227384c0a
MD5: e07889287a3d1759326d831abb434119
Signatures
Execution
T1203 office_exploit_crash: Microsoft Office process crashes (failed exploitation of a vulnerability is possible)
T1064 office_macros: The document contains macro
Defense Evasion
T1064 office_macros: The document contains macro
Credential Access
T1555.003 cookie_files: Accesses cookie files
T1552 cookie_files: Accesses cookie files
Other
yara_rules: Static rules
modifies_certs: Attempts to generate or modify system certificates
office_summary: The document contains suspicious metadata
creates_in_programdata: Creates files in the ProgramData directory
next report: 3e3ed26d-858d-43b5-ae54-cf3ffd8deef0
previous report: a279068f-1683-4967-9566-47155e41f785
Managed XDR