Category | Machine | Started | Completed |
---|---|---|---|
ARCHIVE | s1_win7_x6401 | June 7, 2024, 11:53 p.m. | June 7, 2024, 11:57 p.m. |
Archive Open-Audit-Classic-master/htdocs/openaudit/out/testipscan.xlsx @ Open-Audit-Classic-master.zip
Summary
Size | 3.9KB |
---|---|
Type | Microsoft Excel 2007+ |
MD5 | 62af5df60e921eb75e8a811735317410 |
SHA1 | 82d40c40e2f0341e5342c637710f893312674962 |
SHA256 | 8d0cd9f5b8b03aa5a3d4dd2900ea74bd498dbf633b4077c0f6e49e9e7aefb6f4 |
SHA512 |
e0e3f801872dca26b23743b0b20eb91917b0fddc565cf9d383cb528951f201e079c62240aa62680b97fdf42a515287c9ed476b7eb04f96fde3e529b17cde932b
|
CRC32 | CA434FE3 |
ssdeep | 48:0BgYjNQ5KIBgJD+CtPsWBnafSPgB5PrkpW9yQA7a0rbt++92hmP3Oke9jJts//Sk:03yBOOWBnmrUna0tiAP3OkeJq///v |
Yara |
|
-
EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE" C:\Users\test22\AppData\Local\Temp\Open-Audit-Classic-master/htdocs/openaudit/out/testipscan.xlsx
2704
Name | Response | Post-Analysis Lookup |
---|---|---|
No hosts contacted. |
IP Address | Status | Action |
---|---|---|
164.124.101.2 | Active | Moloch |
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
file | C:\Users\test22\AppData\Local\Temp\Open-Audit-Classic-master\htdocs\openaudit\out\~$testipscan.xlsx |
url | http://schemas.openxmlformats.org/officeDocument/2006/relationships/worksheet |
url | http://www.microsoft.com/pki/certs/CodeSignPCA2.crt0 |
url | http://ocsp.verisign.com0 |
url | http://schemas.openxmlformats.org/presentationml/2006/3/main |
url | http://schemas.openxmlformats.org/officeDocument/2006/relationships/sharedStrings |
url | http://crl.verisign.com/tss-ca.crl0 |
url | http://purl.org/dc/terms |
url | http://schemas.openxmlformats.org/package/2006/metadata/core-properties |
url | http://schemas.xmlsoap.org/wsdl/mime/ |
url | http://storage.msn.com/mydata/myspace/SpaceFolder/PhotoAlbums/My |
url | http://office.microsoft.com |
url | http://crl.verisign.com/ThawteTimestampingCA.crl0 |
url | http://schemas.xmlsoap.org/wsdl/http/ |
url | http://microsoft.com/wsdl/mime/textMatching/ |
url | http://purl.org/dc/elements/1.1/ |
url | http://schemas.xmlsoap.org/wsdl/soap/ |
url | http://microsoft.com/webservices/SharePointPortalServer/BDCClientWS/Resolve |
url | http://www.blogger.com/feeds/default/blogs |
url | http://schemas.xmlsoap.org/soap/envelope/ |
url | http://schemas.xmlsoap.org/wsdl/ |
url | http://schemas.openxmlformats.org/officeDocument/2006/relationships |
url | http://schemas.openxmlformats.org/drawingml/2006/3/diagram |
url | http://schemas.xmlsoap.org/soap/encoding/ |
url | http://purl.org/dc/elemenb |
url | http://schemas.openxmlformats.org/drawingml/2006/3/main |
url | http://schemas.openxmlformats.org/drawingml/2006/diagram |
url | http://schemas.openxmlformats.org/drawingml/2006/3/spreadsheetDrawing |
url | http://microsoft.com0 |
url | http://schemas.openxmlformats.org/package/2006/relationships |
url | http://purl.org/dc/elements/1% |
url | http://microsoft.com/webservices/SharePointPortalServer/BDCClientWS/ |
url | http://www.typepad.com/t/api |
url | https://storage.msn.com/storageservice/MetaWeblog.rpc |
url | http://schemas.openxmlformats.org/drawingml/2006/main |
url | http://purl.org/dc/dcmitype/ |
url | http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles |
url | http://purl.org/dc/terms/ |
url | http://schemas.openxmlformats.org/officeDocument/2006/extended-properties |
url | http://dublincore.org/schemas/xmls/qdc/2003/04/02/dc.xsd |
url | http://dublincore.org/schemas/xmls/qdc/2003/04/02/dcterms.xsd |
description | Communications over RAW Socket | rule | Network_TCP_Socket | ||||||
description | Communication using DGA | rule | Network_DGA | ||||||
description | Match Windows Http API call | rule | Str_Win32_Http_API | ||||||
description | Take ScreenShot | rule | ScreenShot | ||||||
description | Steal credential | rule | local_credential_Steal | ||||||
description | PWS Memory | rule | Generic_PWS_Memory_Zero | ||||||
description | Communications over HTTP | rule | Network_HTTP | ||||||
description | Communications use DNS | rule | Network_DNS | ||||||
description | (no description) | rule | DebuggerCheck__QueryInfo | ||||||
description | (no description) | rule | DebuggerHiding__Thread | ||||||
description | (no description) | rule | ThreadControl__Context | ||||||
description | (no description) | rule | Check_Dlls | ||||||
description | Checks if being debugged | rule | anti_dbg | ||||||
description | Anti-Sandbox checks for ThreatExpert | rule | antisb_threatExpert | ||||||
description | Affect hook table | rule | win_hook | ||||||
description | Match Windows Inet API call | rule | Str_Win32_Internet_API | ||||||
description | Communications over FTP | rule | Network_FTP | ||||||
description | Run a KeyLogger | rule | KeyLogger |