Summary

MIGjuJiy.xls

File MIGjuJiy.xls

Summary
Download Resubmit sample

Size 6.1KB
Type Unicode text, UTF-8 text, with very long lines (468), with CRLF line terminators
MD5 575542ce890a14dfebeb5bc31c292a16
SHA1 18ede64becf756306ac576b9171daf3784d280a7
SHA256 c8ecec07a75fb1f8f664d52958ffb9dc956b305d4a91f2692cf04cc7ee0740e2
SHA512
2937c717f9b23443063cb9f984f803228959289c632337fd363246e8bf1ac4cae8bc388e84ef11f675ab94b8177505c165441dc155ec1b4fae0831c42f25d61e
CRC32 217739C0
ssdeep None
Yara None matched

Score

This file appears fairly benign with a score of 0.4 out of 10.

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
FILE May 15, 2025, 1:54 a.m. May 15, 2025, 1:55 a.m. 69 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2025-05-08 18:39:55,000 [analyzer] DEBUG: Starting analyzer from: C:\tmp2zg5xi
2025-05-08 18:39:55,015 [analyzer] DEBUG: Pipe server name: \??\PIPE\ZVtLEarWFtRcufnEYxGYnAKoSfAX
2025-05-08 18:39:55,015 [analyzer] DEBUG: Log pipe server name: \??\PIPE\OWVpKZpabQVbhGzAIVIIYvxhemfk
2025-05-08 18:39:55,015 [analyzer] DEBUG: No analysis package specified, trying to detect it automagically.
2025-05-08 18:39:55,015 [analyzer] INFO: Automatically selected analysis package "xls"
2025-05-08 18:39:55,280 [analyzer] DEBUG: Started auxiliary module Curtain
2025-05-08 18:39:55,280 [analyzer] DEBUG: Started auxiliary module DbgView
2025-05-08 18:39:55,703 [analyzer] DEBUG: Started auxiliary module Disguise
2025-05-08 18:39:55,905 [analyzer] DEBUG: Loaded monitor into process with pid 512
2025-05-08 18:39:55,905 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2025-05-08 18:39:55,905 [analyzer] DEBUG: Started auxiliary module Human
2025-05-08 18:39:55,905 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2025-05-08 18:39:55,905 [analyzer] DEBUG: Started auxiliary module Reboot
2025-05-08 18:39:55,953 [analyzer] DEBUG: Started auxiliary module RecentFiles
2025-05-08 18:39:55,953 [analyzer] DEBUG: Started auxiliary module Screenshots
2025-05-08 18:39:55,953 [analyzer] DEBUG: Started auxiliary module Sysmon
2025-05-08 18:39:55,953 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2025-05-08 18:39:56,578 [lib.api.process] INFO: Successfully executed process from path 'C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE' with arguments [u'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\MIGjuJiy.xls'] and pid 1788
2025-05-08 18:39:57,390 [analyzer] DEBUG: Loaded monitor into process with pid 1788
2025-05-08 18:40:02,030 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2025-05-08 18:40:02,078 [analyzer] CRITICAL: Unable to find closeby page for hooking!
2025-05-08 18:40:25,578 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2025-05-08 18:40:25,983 [analyzer] INFO: Terminating remaining processes before shutdown.
2025-05-08 18:40:25,983 [lib.api.process] INFO: Successfully terminated process with pid 1788.
2025-05-08 18:40:25,983 [analyzer] INFO: Analysis completed.

Cuckoo Log

2025-05-15 01:54:13,261 [cuckoo.core.scheduler] INFO: Task #6464958: acquired machine win7x6410 (label=win7x6410)
2025-05-15 01:54:13,262 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.210 for task #6464958
2025-05-15 01:54:13,505 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3821164 (interface=vboxnet0, host=192.168.168.210)
2025-05-15 01:54:13,577 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x6410
2025-05-15 01:54:14,321 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x6410 to vmcloak
2025-05-15 01:54:29,460 [cuckoo.core.guest] INFO: Starting analysis #6464958 on guest (id=win7x6410, ip=192.168.168.210)
2025-05-15 01:54:30,468 [cuckoo.core.guest] DEBUG: win7x6410: not ready yet
2025-05-15 01:54:35,508 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x6410, ip=192.168.168.210)
2025-05-15 01:54:35,608 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x6410, ip=192.168.168.210, monitor=latest, size=6660546)
2025-05-15 01:54:36,938 [cuckoo.core.resultserver] DEBUG: Task #6464958: live log analysis.log initialized.
2025-05-15 01:54:37,798 [cuckoo.core.resultserver] DEBUG: Task #6464958 is sending a BSON stream
2025-05-15 01:54:39,065 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'shots/0001.jpg'
2025-05-15 01:54:39,088 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 133460
2025-05-15 01:54:39,318 [cuckoo.core.resultserver] DEBUG: Task #6464958 is sending a BSON stream
2025-05-15 01:54:42,263 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'shots/0002.jpg'
2025-05-15 01:54:42,545 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 123010
2025-05-15 01:54:43,383 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'shots/0003.jpg'
2025-05-15 01:54:43,394 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 123551
2025-05-15 01:54:44,509 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'shots/0004.jpg'
2025-05-15 01:54:44,539 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 123486
2025-05-15 01:54:45,668 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'shots/0005.jpg'
2025-05-15 01:54:45,688 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 135499
2025-05-15 01:54:46,793 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'shots/0006.jpg'
2025-05-15 01:54:46,808 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 201753
2025-05-15 01:54:48,941 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'shots/0007.jpg'
2025-05-15 01:54:48,955 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 121970
2025-05-15 01:54:51,628 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6464958 still processing
2025-05-15 01:55:06,723 [cuckoo.core.guest] DEBUG: win7x6410: analysis #6464958 still processing
2025-05-15 01:55:07,834 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'curtain/1746722425.84.curtain.log'
2025-05-15 01:55:07,839 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 36
2025-05-15 01:55:07,941 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'sysmon/1746722425.98.sysmon.xml'
2025-05-15 01:55:07,948 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 499016
2025-05-15 01:55:08,581 [cuckoo.core.resultserver] DEBUG: Task #6464958: File upload for 'shots/0008.jpg'
2025-05-15 01:55:08,601 [cuckoo.core.resultserver] DEBUG: Task #6464958 uploaded file length: 139530
2025-05-15 01:55:08,615 [cuckoo.core.resultserver] DEBUG: Task #6464958 had connection reset for <Context for LOG>
2025-05-15 01:55:09,736 [cuckoo.core.guest] INFO: win7x6410: analysis completed successfully
2025-05-15 01:55:09,747 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2025-05-15 01:55:10,162 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2025-05-15 01:55:10,926 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x6410 to path /srv/cuckoo/cwd/storage/analyses/6464958/memory.dmp
2025-05-15 01:55:10,927 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x6410
2025-05-15 01:55:22,498 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.210 for task #6464958
2025-05-15 01:55:22,761 [cuckoo.core.scheduler] DEBUG: Released database task #6464958
2025-05-15 01:55:22,780 [cuckoo.core.scheduler] INFO: Task #6464958: analysis procedure completed

Signatures

One or more processes crashed (1 event)
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d @ 0x7fefd379e5d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff4773c3
NdrClientCall2+0x6b3 NdrClearOutParameters-0xf3d rpcrt4+0xe1493 @ 0x7feff541493
NdrClientCall2+0x1d NdrClearOutParameters-0x15d3 rpcrt4+0xe0dfd @ 0x7feff540dfd
SLGetEncryptedPIDEx+0xac57 SLCallServer-0x63d osppc+0x1a0af @ 0x744ca0af
SLpVLActivateProduct+0xe9 SLpGetMSPidInformation-0xcb osppc+0xc7cd @ 0x744bc7cd
SLActivateProduct+0x3df SLGetServerStatus-0xca1 osppcext+0x3a48f @ 0x73e4a48f
??0OdfStgParams@@QEAA@XZ+0xe6804 mso+0x1013a38 @ 0x7feeed03a38
MsoCompareStringA+0x145a5a MsoGetTextExtentExPointW-0x1ed15a mso+0x59c84e @ 0x7feee28c84e
MsoFreeCvsList+0x18ee2 MsoFreeFlinfo-0x3fc8a mso+0x1d4e1e @ 0x7feedec4e1e
MsoFreeCvsList+0x19202 MsoFreeFlinfo-0x3f96a mso+0x1d513e @ 0x7feedec513e
MsoFreeCvsList+0x18d23 MsoFreeFlinfo-0x3fe49 mso+0x1d4c5f @ 0x7feedec4c5f
MsoFreeCvsList+0x18c9c MsoFreeFlinfo-0x3fed0 mso+0x1d4bd8 @ 0x7feedec4bd8
MsoFGetButtonSize+0x7e280 MsoPwlfFromFlinfo-0x10af0 mso+0x12511c @ 0x7feede1511c
MsoFGetButtonSize+0x7df94 MsoPwlfFromFlinfo-0x10ddc mso+0x124e30 @ 0x7feede14e30
MsoFGetButtonSize+0x7de30 MsoPwlfFromFlinfo-0x10f40 mso+0x124ccc @ 0x7feede14ccc
MsoFGetButtonSize+0x7d934 MsoPwlfFromFlinfo-0x1143c mso+0x1247d0 @ 0x7feede147d0
MsoUninitOffice+0x99d MsoFHideTaiwan-0xf57 mso+0x21c11 @ 0x7feedd11c11
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7740652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c541 @ 0x7753c541

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 90 90 90 90 90 90 90 90
exception.symbol: RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x8007007b
exception.offset: 40541
exception.address: 0x7fefd379e5d
registers.r14: 0
registers.r15: 0
registers.rcx: 77523536
registers.rsi: 0
registers.r10: 50840224
registers.rbx: 0
registers.rsp: 77528752
registers.r11: 3
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1945285554
registers.r13: 0
1 0 0
An application raised an exception which may be indicative of an exploit crash (2 events)
Application Crash Process EXCEL.EXE with pid 1788 crashed
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d @ 0x7fefd379e5d
RpcRaiseException+0x53 RpcExceptionFilter-0x2bd rpcrt4+0x173c3 @ 0x7feff4773c3
NdrClientCall2+0x6b3 NdrClearOutParameters-0xf3d rpcrt4+0xe1493 @ 0x7feff541493
NdrClientCall2+0x1d NdrClearOutParameters-0x15d3 rpcrt4+0xe0dfd @ 0x7feff540dfd
SLGetEncryptedPIDEx+0xac57 SLCallServer-0x63d osppc+0x1a0af @ 0x744ca0af
SLpVLActivateProduct+0xe9 SLpGetMSPidInformation-0xcb osppc+0xc7cd @ 0x744bc7cd
SLActivateProduct+0x3df SLGetServerStatus-0xca1 osppcext+0x3a48f @ 0x73e4a48f
??0OdfStgParams@@QEAA@XZ+0xe6804 mso+0x1013a38 @ 0x7feeed03a38
MsoCompareStringA+0x145a5a MsoGetTextExtentExPointW-0x1ed15a mso+0x59c84e @ 0x7feee28c84e
MsoFreeCvsList+0x18ee2 MsoFreeFlinfo-0x3fc8a mso+0x1d4e1e @ 0x7feedec4e1e
MsoFreeCvsList+0x19202 MsoFreeFlinfo-0x3f96a mso+0x1d513e @ 0x7feedec513e
MsoFreeCvsList+0x18d23 MsoFreeFlinfo-0x3fe49 mso+0x1d4c5f @ 0x7feedec4c5f
MsoFreeCvsList+0x18c9c MsoFreeFlinfo-0x3fed0 mso+0x1d4bd8 @ 0x7feedec4bd8
MsoFGetButtonSize+0x7e280 MsoPwlfFromFlinfo-0x10af0 mso+0x12511c @ 0x7feede1511c
MsoFGetButtonSize+0x7df94 MsoPwlfFromFlinfo-0x10ddc mso+0x124e30 @ 0x7feede14e30
MsoFGetButtonSize+0x7de30 MsoPwlfFromFlinfo-0x10f40 mso+0x124ccc @ 0x7feede14ccc
MsoFGetButtonSize+0x7d934 MsoPwlfFromFlinfo-0x1143c mso+0x1247d0 @ 0x7feede147d0
MsoUninitOffice+0x99d MsoFHideTaiwan-0xf57 mso+0x21c11 @ 0x7feedd11c11
BaseThreadInitThunk+0xd CreateThread-0x53 kernel32+0x1652d @ 0x7740652d
RtlUserThreadStart+0x21 strchr-0x3df ntdll+0x2c541 @ 0x7753c541

exception.instruction_r: 48 81 c4 c8 00 00 00 c3 90 90 90 90 90 90 90 90
exception.symbol: RaiseException+0x3d NlsValidateLocale-0x13 kernelbase+0x9e5d
exception.instruction: add rsp, 0xc8
exception.module: KERNELBASE.dll
exception.exception_code: 0x8007007b
exception.offset: 40541
exception.address: 0x7fefd379e5d
registers.r14: 0
registers.r15: 0
registers.rcx: 77523536
registers.rsi: 0
registers.r10: 50840224
registers.rbx: 0
registers.rsp: 77528752
registers.r11: 3
registers.r8: 0
registers.r9: 0
registers.rdx: 1
registers.r12: 0
registers.rbp: 0
registers.rdi: 0
registers.rax: 1945285554
registers.r13: 0
1 0 0
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.