31.0.0 Emerald
IR
356299
CloudBasic
21:42:12
22/02/2021
Document1094680387_02012021.xls
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
9423ee9775707d51960e0eac95b3f6cc
debc0defc997fde77a2f0cee9b3b1fcbed54ea91
7034e21128da9ce58c2d5249d3fd73dd766cf90437fa52f79faa50098f359634
Microsoft Excel sheet (30009/1) 78.94%
true
false
false
false
76
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\32-422-76[1].htm
false
2885250688BD4C1C1BB0ABE37E258DDC
A0C1355880E29CA2B53A875CB3C296FA6E7EA829
BE620E05FC49EFF7529785A5D8B96E40B9F1668BBC80B7C33EC46453DEBB3AE4
C:\Users\user\AppData\Local\Temp\B5CE0000
false
F3B6E4C5C9FA1158B6FAC9252C28F970
0EF9E1DCD12EE01EB92F610564D8AEB7F1F67A98
569F33677C782BF3A4C8421D4F3C6A76BEEBB41DD2FD3D845C37193758254461
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
E382379E6F8EC21891A4C09FC78B2C33
81B9B99F3BF9B4519E6ED6013413BF3327D48BF3
657B78085B6180BD0BADC5FF6667219E2DF14FC6FC2FA0A0A4F1F550AF56C650
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Document1094680387_02012021.LNK
false
401E0C09D6A3D5BFFF6B567EC7699127
2D7471A620659CF28658DD30702654F86E33A703
BB865549E2FD35FE53C099CBFF8746859936D9F6706558D4860DAA8B0D134E19
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
5DBCC3E3BA539EAC9E456E71F44E7F4C
26A9F73B250A22119F585C58096C6DC174B354BD
05CEF3F9B120D1E67A3F7A67F8578A2EE56E1060EAC5FFDF8F572BB4834127B7
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\LI22RCU4.txt
false
D84B2823208AF224D4942EC7FD77CBBF
8D9C717B32324F197502E20EFBB1C3763DADF579
DECCE67F750C39C9B6D2E721D97DA196327CF7DFA3EFF790508D756D969F7739
C:\Users\user\Desktop\76CE0000
false
7C0537F4EBF1358F614989AABC178980
0376B456E68893C84F61273EF06BC7D12FE22ED8
0DB14CEF15D668DC42C8AD731EB42B0CDCB21E33D3D3C1AFA9010805EB725F9A
C:\Users\user\MORI.BAST
false
2885250688BD4C1C1BB0ABE37E258DDC
A0C1355880E29CA2B53A875CB3C296FA6E7EA829
BE620E05FC49EFF7529785A5D8B96E40B9F1668BBC80B7C33EC46453DEBB3AE4
172.67.149.197
healthymachinery.com
true
172.67.149.197
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Yara detected hidden Macro 4.0 in Excel
Multi AV Scanner detection for domain / URL
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)