31.0.0 Emerald
IR
355602
CloudBasic
02:15:52
20/02/2021
SecuriteInfo.com.Exploit.Siggen3.10350.12632.7055
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
422030b616989ef7bf2f56a2f266068f
04ec47e9f08ed7e4861c6f252a381faee4283bf9
6f1c23f3d7e471cf0c4a91f59c94853128413b84065ef42ad2065337b973beab
Microsoft Excel sheet (30009/1) 78.94%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\8[1].jjkes
true
25056DF6D3546DE971EAFE5DA5F9AE44
179555B3D0391E45DF29E651B8ED0342D02FE88A
AA7931E3E85D3C5BD6FC2052C38BEE389BFBA9281A8616DA3275149A689EC5EB
C:\Users\user\AppData\Local\Temp\0BCE0000
false
3CFBC6707341EF2AF668B0B66554A0D8
2E47F97B737C1885E37322D4789B67BC79D0625F
BE269837B25164FC761785BE33AEB7A7ADAC5138AB3C081BA678F310A6674FEA
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
8095CD6291864E260C361BF1A10EA172
752607AC2889B2E58D3EB31D7947D618A2A37059
1F3839B20BF958449313BD88CD52DB6CA36AFD3400648086ACF7BB7288B5BCCF
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Exploit.Siggen3.10350.12632.LNK
false
219D84A5D4271A1B5652936B567E0447
F7BFF2FDA0916098A953AA4ECE644FAD43285EC7
2BA7892A29E9B37D1FB472361CC3276B8FFD38D38C54B974012B2D3301FD714C
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
0705594BE5F4187688CFE5334909ABDC
321F5868568FDED9259F861BA40960D027D6A794
BF282C362016DCFDBABDBE3DB34A3394434CE9EF8FFF9A7E0B3F6AAC1071BD6D
C:\Users\user\BASE.BABAA
true
25056DF6D3546DE971EAFE5DA5F9AE44
179555B3D0391E45DF29E651B8ED0342D02FE88A
AA7931E3E85D3C5BD6FC2052C38BEE389BFBA9281A8616DA3275149A689EC5EB
C:\Users\user\Desktop\3ECE0000
false
8C6E6E3B60E506C0CCA7F66BBB581A1A
04F6ABD1996A42A02763B9F32DA952A7FDEDE7A0
CF2F697E24C0B014B1513632471C307F9DCF141C34C44D5DF54297695457DD74
185.81.0.78
200.52.147.93
chipmania.it
false
185.81.0.78
www.chipmania.it
false
unknown
api.ip.sb
false
unknown
Allocates memory in foreign processes
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Antivirus detection for URL or domain
Document exploit detected (drops PE files)
Found malicious Excel 4.0 Macro
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Trickbot