31.0.0 Red Diamond
IR
319129
CloudBasic
02:55:46
18/11/2020
SIN029088.xls
defaultwindowsofficecookbook.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
483a0f4cb6a70556b34aed04f24f7962
cbd6b0004aca06a46b4863bfbc13f444b3404483
ccab18c2ba789320bdb50d364ce3f70a625c60c68a93ad05bbca056f9f6f821a
Microsoft Excel sheet (30009/1) 78.94%
true
false
false
false
80
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
false
CE11CDA5EB3E7C62CB6DA34341302D93
FD13FA29B26C39C3BF4C0398E180589A93EB5BF0
7C987D134E81F3D7BD095D9CCEEFA1503C079347FD3546C76326CF779850BE97
C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
false
1E95F63CABDC23B7C1DD2DD7F3B5C8E9
48A04915CAAB1BA33D14EFA46FAEFCB7FFB6E5ED
5D83E1FDC54FF922B01225CD19F15CB048305D4AE6E6BA2A9FEBA1D54AAE6936
C:\Users\user\AppData\Local\Temp\F4A10000
false
F49F6A18EECB85473A532859844E7F07
C357BAB9C967347D05E2E18DEFEF8509896AF0D3
BE122157CDD1E6520A117546F0FE502454D15E44AE5B60A0E999240C988121AD
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2akchdup.3gl.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2n1n20xl.n02.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4khsavhq.hlq.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_aq5p0uwt.qi0.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_j0jio5ua.cxb.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rwuq0g54.tbl.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_w2c2vjrm.bvc.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wwjtcat4.1zn.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ytah55c4.ugm.psm1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z0rptuzf.wgh.ps1
false
C4CA4238A0B923820DCC509A6F75849B
356A192B7913B04C54574D18C28D46E6395428AB
6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
28B10C6E244BD0AF3F0063F917556FB1
DE0DC686F2DCDEE17C7E9426337E9C74094D74E8
8D052F0DBE66F8456FC37AB2BB6D39B30CF03522685787D571C1FF092B576A9E
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SIN029088.xls.LNK
true
B5F241B96BDE381C497109FED3FE4B99
0E9ADB0D406153B497BA8CD4CC0FAE9E34637B99
802907F45947C47AC0C4B67A79BE65E6F4F0FA369CDB7E72E7E4012BD79F0B69
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
563FD3352B60431A1BD337BB9BB7CD2F
9F9DAF862930148695FC35016394908054FB6269
58BA83FF777990C409468F153B678CC69252F3798CE3DCF27B472E6FD782A8C8
C:\Users\user\Desktop\95A10000
false
1B87A31A2BF604D932E75E952D2826C6
0D7DAC61502F6F7594728BDD6FDF85E1AC62D78D
D3C005983BD1F85C63E09FE6F215D8D1A6637E2DFE45B04889428A7F7CDB2CDB
C:\Users\user\Documents\20201118\PowerShell_transcript.302494.3yVd2HwL.20201118025651.txt
false
852104B539084EF1E3DDF93174181EC3
4BF72B31FA3F9759FA84FCC15813395ED902D948
2947826221147697906DE98F2303FE6B488F50B23CB8AE31AA77015FBD0CEDAF
C:\Users\user\Documents\20201118\PowerShell_transcript.302494.A7RtmgRr.20201118025652.txt
false
75CC7A2D78AAFEBA31E56FE8936EB69F
C6C4FE38ABBE331D81B745B6DC69237BA875602F
1D4DD3C7EAFDC8613A47A91F62532CA6F9707FEC22DE19C046005A8781C8EAD6
C:\Users\user\Documents\20201118\PowerShell_transcript.302494.O2kFUmpi.20201118025653.txt
false
0BA450F0ECC741B34BE32434991CFAD2
0A5686322206F585E316915D8B9F965DFC971EDE
0D83AB322321431105AAC79FDA38AB8AEF918F0CCD70DD2F61395A108B24B881
C:\Users\user\Documents\20201118\PowerShell_transcript.302494.YCCuFHw+.20201118025651.txt
false
E3A6FB50DC898FFD7885F9B485E073BC
617B4B89C87EE55E7A974AC4DF1681B1CB9FDFB7
F4AC5E15B55499EB54E51F080E018EB5506D75A75DDB9778EF7AD76C3D267F2C
C:\Users\user\Documents\20201118\PowerShell_transcript.302494.y+93if3U.20201118025652.txt
false
3712DE78482853E74F6ADE8EBAA13916
7EC98DBE2F925FE9FB85FAF035FA99DF2BE4108F
AC9007F7FE67755D287B8B0B03CA314038D3B1F4AD991829CD7B524EFF730B35
C:\Users\user\Documents\pd.bat
false
4D9C00D079A92415926144B2C8691B13
56C897DEC2400C319B0F807578B197C3325D66B1
46795C4CCB8D61A2C9211EE9180F81885AC02E02980095CAECCF853CFD25873A
104.20.139.65
tinyurl.com
false
104.20.139.65
Connects to a URL shortener service
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found obfuscated Excel 4.0 Macro
Obfuscated command line found
Sigma detected: Microsoft Office Product Spawning Windows Shell
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)