31.0.0 Emerald
IR
380316
CloudBasic
21:31:04
01/04/2021
91476525608-04012021.xlsm
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
e8d0244666daf465e9914a7f56938412
3c5f71752b0cea18b06dfad9a96cdfeb053f45cc
196668480754f95f98c6e59d4776e4f8c756ad3be9fd48a27cfcb50be329567e
Excel Microsoft Office Open XML Format document with Macro (57504/1) 54.50%
true
false
false
false
84
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FB206F33.gif
false
CB67CED3017DF7803FBA5D86FCEB4276
C7B8B4A44BDF7F7775F61FCF236A0834CB321733
C31F711B323EA0B1D04C7A72ECAC0BBBF4DC4ECC56F837FEFE754F53385D07B1
C:\Users\user\AppData\Local\Temp\98DE0000
false
B7134FBE9AAA0BEC47C04A89CE32402B
932282128C342414F776B356D73473B242F42153
D7147D9FACC4C33EF81993180FB0EC3CD4180ABD9BD5F724DFCDFBCBD12E6ED1
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\91476525608-04012021.LNK
false
854699E5720A5035C5D29B93D8498130
02BA57B6504162C7FD82430B52B38053E69AD598
6F5CC3795442B941B758ED55D0F8DF55EC9F7928D13C89A9FDEE3BD573C5D6B5
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
A88EC9B06635BDFAD6B1230C022126C7
D9C18BCBD3CAA4DDBEA4A1FAE638949CDFC13A39
DC87C300B6271F0CEF1C0685B24D078200337B7C2030AB55A611706DD51B5814
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
9A8B152F14E864A0442647375EAEF800
F75AE3EA100D77463B10071D490354CE3FAFF74F
73CA17369F3CDE5E4DA9BACAF17ABF3264FB8EF524E83EE66E236640EF078B72
C:\Users\user\Desktop\59DE0000
false
A4810B96CF792356F7222D353E442C37
6DDEA43AC807F019BF5F670315CBE694E26A3477
4D282DDCEBDB05E5DB27DD4BD8E89DE6323974AA8D7DCFA8B6E46C3ECCA77BCE
C:\Users\user\Desktop\~$91476525608-04012021.xlsm
true
96114D75E30EBD26B572C1FC83D1D02E
A44EEBDA5EB09862AC46346227F06F8CFAF19407
0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
195.123.210.186
45.150.67.243
91.211.89.28
Document contains an embedded VBA macro which may execute processes
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)