31.0.0 Red Diamond
IR
338362
CloudBasic
07:38:42
12/01/2021
Inv0209966048-20210111075675.xls
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
91baa6aad9201c0ccf3553a5b49eb967
9c182826d5dc041970f31a8d584580f870c3996c
01af3b5c1e2ed68272f542233aece70269a9e977815347a4b9c86bb2d97c086e
Microsoft Excel sheet (30009/1) 47.99%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
false
E4A68AC854AC5242460AFD72481B2A44
DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
E4F1E21910443409E81E5B55DC8DE774
EC0885660BD216D0CDD5E6762B2F595376995BD0
CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
false
AEC41C62F344451AF6BE3D04A4AD3094
A890D05906731612A72AB63F90B0B9F0D16BA047
3F0E01BBF2031B41F0601EFD45730346E529CB6CEE6F92959EEC94F277EC34A0
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
26C0ED9FA0004EB0BFEB3AEE6533A372
D849F27AFE0DF2D0E72731A32EA80BC4B47EAF86
8F3FD30E7B20189BCAD9C1BC7D1DF5B9840DD1EF4F65010631A0D31A73208B9D
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\w80l82r[1].zip
true
597B02A17B8C012E25FA0A668004163B
424A6F131D5C765EFDB28E5CAAE5FE2834A82BB0
E3F7EB34C3A1FD306C7788096CB666F3362BA5AA78710074B61DD03F829B8AFD
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2FECA1BF.emf
false
40550DC2F9D56285FA529159B8F2C6A5
DD81D41D283D2881BEC77E00D773C7E8C0744DA3
DA935E8D60E93E41BCD7C3FBB1750EF3AC471C3AF78AFC8945DFBF31EB54A1E1
C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_EXCEL.EXE_6f227b18f49da44a2d1889aa10939f535bdc_0bd2ab0e\Report.wer
false
09ED45F1BA180F7C4BDDCCFA2421196B
CB7694D9A8C328754E2429EDA921C470501C1A4A
A3DBC50E1A6C991DD5DB447B5F0FD0E1190ED0D7BC2F293EB48D40482AF232DE
C:\Users\user\AppData\Local\Temp\050F0000
false
DA02AD566D93F2D945AC338963991BC5
4063109EE9F53A1861E52F7AFA3F1C5D6C73097A
ECF16677D55711C79661EFF5BAC0BF3E15FEB1AF8253F949745F1B05B6F6F6E2
C:\Users\user\AppData\Local\Temp\1008733.cvr
false
C23C2CB0AC8870BA2D7A92D96A5C3420
93FE60278681E0D0C176645B609A24BC62B1FCE9
2088A32187446B5C244EC82A7055CAD344C1F2E7ED2FD6E73BB3E40B1CC1A67A
C:\Users\user\AppData\Local\Temp\Cab35C0.tmp
false
E4F1E21910443409E81E5B55DC8DE774
EC0885660BD216D0CDD5E6762B2F595376995BD0
CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd
false
79ACF2719DAC45A44EDF4D3DCA6AB037
1F88A4B82DAF8ED65839BA35BAC0E149CBDC371F
026D105273980DB35AF04B25470B59480B09F204229B76FBD12541E7CD588388
C:\Users\user\AppData\Local\Temp\Tar35C1.tmp
false
D0682A3C344DFC62FB18D5A539F81F61
09D3E9B899785DA377DF2518C6175D70CCF9DA33
4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
C:\Users\user\AppData\Local\Temp\WER4960.tmp.WERInternalMetadata.xml
false
FA8FD1AB99C64263B25A5078306E7258
3F60633349BCDA67D767B24FE6546F3C964928A5
712A58072649026F50E8B0D1B5A85CDFFD1007D06B75FA4EC371BE62B7D39AFE
C:\Users\user\AppData\Local\Temp\lwjmdgav.dll
true
597B02A17B8C012E25FA0A668004163B
424A6F131D5C765EFDB28E5CAAE5FE2834A82BB0
E3F7EB34C3A1FD306C7788096CB666F3362BA5AA78710074B61DD03F829B8AFD
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
7D2E1392D21BFDB63A02967DAF8F3EA1
B6372166FBA7F4D23C48D0B525871B2CFAE591EA
68A16DBEB58774F7E0B5BEF3EA7B9A2BB54AF9EB844D83A83E7EE971822FF450
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Inv0209966048-20210111075675.LNK
false
8AA71395F36DD05D7F678BDDFE5E0F85
5F1CF53E665E4A8E68E7E989BCDFE7242172E5CD
9C8EF792AF8253F0D968B1F7524E7BF7096AB230916E36FA256E9D540969C6F5
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
5CE2708381A90ED1D526BE053A53D751
A954E918482248CC0536EBE0CFA342BA6FB1AD2B
1A300C84B22416BF6CB9056F99C0B14D664513A9EF079AAF8FC3000D70063485
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\ZEL5A6R0.txt
false
5BDB156BC8D2594BFF328E256D968F80
8ACFD6C11D2E7CFF78EFC39B84AE79141C57B568
DAE9AA8B5A1AF68AAFF70D8E1045447B2AA05154C57F6BF27581996CA9FB3DD0
5.100.228.233
80.86.91.27
46.105.131.65
104.27.153.52
77.220.64.37
education.scrollx.in
false
104.27.153.52
cdn.digicertcdn.com
false
104.18.11.39
Document contains an embedded VBA macro which may execute processes
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Regsvr32 Anomaly
Detected Dridex e-Banking trojan
Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Multi AV Scanner detection for submitted file
Sigma detected: BlueMashroom DLL Load
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)