31.0.0 Red Diamond
IR
336351
CloudBasic
21:19:49
05/01/2021
Document_280325456.xlsm
defaultwindowsofficecookbook.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
c1bf94e62e9006b88957ff148ea99a4a
96b65855460b4ef922a53527fb07a31c87f0743c
4f753f04450557e02847d44c31b1f498b41a7eb7cb4cd60cd8c8d60a3e38f3a6
Excel Microsoft Office Open XML Format document (40004/1) 83.33%
true
false
false
false
72
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\DEC94CD7-E8D8-4CDD-A883-2650FFF43B92
false
E3D5B5DEBB831A4C1115E8FF7278A11C
3158D6B65BDD445525D35CB5B161D0B8CD0DF754
CCD5CDBC5CAF0E89190BBFB893ACE47661346FBEEF565A95831A9B8980B6F882
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\2A89A1A7.png
false
02DB1068B56D3FD907241C2F3240F849
58EC338C879DDBDF02265CBEFA9A2FB08C569D20
D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\30BA74BE.png
false
A516B6CB784827C6BDE58BC9D341C1BD
9D602E7248E06FF639E6437A0A16EA7A4F9E6C73
EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\42FCCD71.png
false
D8574C9CC4123EF67C8B600850BE52EE
5547AC473B3523BA2410E04B75E37B1944EE0CCC
ADD8156BAA01E6A9DE10132E57A2E4659B1A8027A8850B8937E57D56A4FC204B
C:\Users\user\AppData\Local\Temp\83D40000
false
7336C0BBADDB8948C748D6B4384F967B
8C3A350859E1B60FAECB3730C522E3007C88C17E
A4E1E420529BCC2CBE049DBAE3B0BF7F03F062891B91FAC22594AFB262571A5C
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
D76074433630D8CB2EA731AF433B9C90
EB00B1B0D5A2C8A091CAF3C1F9821D6AE4A29F84
0DEBAA9E71EB20AB8DEF571360399EFB8E36DA4069C9577EA5DF2219AADD6551
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Document_280325456.LNK
false
37E9AE56CCE9441F629445EE6C1E3B53
446DBFB7972A8AFD1ED4DD5D1DFFD52F48E50282
72D755C6A29D5BECBB85A927FCBE7416DC94CB5DA4059DBFB254A3484AC2598D
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
E7CBB7A6C94239A6230A55D1CCBCCCDE
7827FAA76A624DA91B86731EABD82B301E5DB65E
6138F50323CC704F93184A93584CDC09555BE6B32A388FFFF975BBC365B6FF57
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
false
7962B839183642D3CDC2F9CEBDBF85CE
2BE8F6F309962ED367866F6E70668508BC814C2D
5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6
C:\Users\user\Desktop\54D40000
false
7336C0BBADDB8948C748D6B4384F967B
8C3A350859E1B60FAECB3730C522E3007C88C17E
A4E1E420529BCC2CBE049DBAE3B0BF7F03F062891B91FAC22594AFB262571A5C
C:\Users\user\Desktop\~$Document_280325456.xlsm
true
836727206447D2C6B98C973E058460C9
D83351CF6DE78FEDE0142DE5434F9217C4F285D2
D9BECB14EECC877F0FA39B6B6F856365CADF730B64E7FA2163965D181CC5EB41
173.212.233.8
hiperdoscolchoes.com
false
173.212.233.8
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)