31.0.0 Emerald
IR
355601
CloudBasic
02:12:46
20/02/2021
SecuriteInfo.com.Exploit.Siggen3.10350.20211.29665
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
a7466c0502a35e0bb2e2d4dd939a57c2
3d17487de5287ddb252e768753487c17204358db
7223ea0365af06d9e25b51636aec301aa8ab84682427b6a0eacfbfb20befccda
Microsoft Excel sheet (30009/1) 78.94%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\10[1].jjkes
true
25056DF6D3546DE971EAFE5DA5F9AE44
179555B3D0391E45DF29E651B8ED0342D02FE88A
AA7931E3E85D3C5BD6FC2052C38BEE389BFBA9281A8616DA3275149A689EC5EB
C:\Users\user\AppData\Local\Temp\34CE0000
false
9C33B6088AC530FC55B5C91C5BF56B24
B2B3832E3F1C394090D77A78C619BD931D27BBD4
5DAB9606C84F490C38FC34D53BB6667A69700A2909DC9E4A8F27446D163B2186
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
480CFEC8F8DDD2143C63FCE36EAB4884
35462E5DB9987DDCD2455E235CF1AAB71E606D3E
167284DFF18BBF782FB08B875ED3B58D3CECD623EBCE3D09578182E0E7D064A8
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.Siggen3.10350.20211.LNK
false
71449C753C4394E2CE8EC56396C9D374
6500F65366143261861A8BD53014BC4097DE9D36
454AFE73F1A3CCFCED61883249958A02C76CEBAA5E88B02492536EA5CC9C7F0C
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
9628A5AE06F9F114CD0F0936574FC298
DC6E51926B6C3A0E430A6445829BAF71A40BA70E
FF2B7A112579AA7355A6FED4232A96EDFE20D476990345439F9018F82610C579
C:\Users\user\BASE.BABAA
true
25056DF6D3546DE971EAFE5DA5F9AE44
179555B3D0391E45DF29E651B8ED0342D02FE88A
AA7931E3E85D3C5BD6FC2052C38BEE389BFBA9281A8616DA3275149A689EC5EB
C:\Users\user\Desktop\67CE0000
false
83B5D499E61F3F8F3E1708ABF03B6CB7
9C292FA6A43FD590DDF439F4F428373DC35140AD
2BF840715B397082E7D4C54245150284AFCC51454505EE611443EA442CA16DBD
108.170.20.75
185.81.0.78
185.163.45.138
200.52.147.93
chipmania.it
false
185.81.0.78
www.chipmania.it
false
unknown
Allocates memory in foreign processes
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Antivirus detection for URL or domain
Document exploit detected (drops PE files)
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Trickbot