31.0.0 Red Diamond
IR
334232
CloudBasic
09:13:49
27/12/2020
Medica negra morre covid-19 apos racismo.docm
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
549943fa268b65fee546e7adda0f06ba
0ffc18af6916d88bf456f32a2e85b85e56b6c109
c221dc10d175c2f3fb8366ad3aada1cf06c74ad8483a4a67bf62a0702b41c6f5
Word Microsoft Office Open XML Format document with Macro (52004/1) 33.99%
true
false
false
false
96
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\89B60F2F.png
false
91399F6981993D43FE517DB9466CC5E6
01A31179D55BF574E603C9DDDF2481180DB950CA
D43C41B95F8C6F9082326926B4003F74762F61B00BC920E0FD7D6AD87BBF1874
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{02B545E2-A1F4-420B-9DE9-98A3C69AB689}.tmp
false
EE7CF76CE188894981012322DD72CB45
930543E7BD08464938E270474A55F433800A5B5F
074D8925253476702624A7A443CE86067D1BA69946A21E00C963A99EFB4A69BE
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{08186652-BACB-4000-A55F-0BCBA7498F21}.tmp
false
0415A3670C31CA40C9D01C0A9EC563EC
1C72CA1DFD99965CA3B72C9C7579F2DA40A616FF
BE33D0D5B888404F9259DBC68C3CFF52E1E9EEDDBD79F0D81ED4443BB00DE660
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B4F476E3-97C0-4A14-814E-1968BCE52029}.tmp
false
5D4D94EE7E06BBB0AF9584119797B23A
DBB111419C704F116EFA8E72471DD83E86E49677
4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Medica negra morre covid-19 apos racismo.LNK
false
80BBED49DAB4E4BDEED7979ED832889E
2556BDCD50257DD5C9ED9A5DDA5BF67AE554A99A
F91F0ABCEF6F470807AB3F588B708DB55C4C390695C554B5073F8C4FA032E4F0
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
B82BF9F2CFCBF49F1FDC8F923E334602
C9EEEB5FC2853C005F663F0FDB693E58BE89159B
D0B598558E099B82D0423392E9DD6F3357D21CCC47C90FB412FF2E4F9514BCCA
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
false
39EB3053A717C25AF84D576F6B2EBDD2
F6157079187E865C1BAADCC2014EF58440D449CA
CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4USF964IMS63TWWSNQGM.temp
false
3CC4D08FD9444F73EA94DA8C3FC7FDA5
5366C5A6176B915F10FC3CC0F06E98BA49FD8C93
CC76F55A7CEDF1FAF738578A39F70693325B224529A6569A783BAAAF6B4327FE
C:\Users\user\Desktop\~$dica negra morre covid-19 apos racismo.docm
false
39EB3053A717C25AF84D576F6B2EBDD2
F6157079187E865C1BAADCC2014EF58440D449CA
CD95C0EA3CEAEC724B510D6F8F43449B26DF97822F25BDA3316F5EAC3541E54A
104.192.141.1
bitbucket.org
false
104.192.141.1
Document contains an embedded VBA macro which may execute processes
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Document contains an embedded VBA with many string operations indicating source code obfuscation
Document exploit detected (process start blacklist hit)
Machine Learning detection for sample
Sigma detected: Microsoft Office Product Spawning Windows Shell
Suspicious powershell command line found
Tries to download and execute files (via powershell)
Multi AV Scanner detection for submitted file
Sigma detected: Powershell download and execute file