31.0.0 Emerald
IR
380316
CloudBasic
21:44:37
01/04/2021
91476525608-04012021.xlsm
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
e8d0244666daf465e9914a7f56938412
3c5f71752b0cea18b06dfad9a96cdfeb053f45cc
196668480754f95f98c6e59d4776e4f8c756ad3be9fd48a27cfcb50be329567e
Excel Microsoft Office Open XML Format document with Macro (57504/1) 54.50%
true
false
false
false
80
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F5AD18CF.gif
false
CB67CED3017DF7803FBA5D86FCEB4276
C7B8B4A44BDF7F7775F61FCF236A0834CB321733
C31F711B323EA0B1D04C7A72ECAC0BBBF4DC4ECC56F837FEFE754F53385D07B1
C:\Users\user\AppData\Local\Temp\7FCE0000
false
F80A2F4E7C0640F149C98E31384122A5
25420178516720A4D19C545AF6A2578A499C336C
0A3FD81E8727B17592E9C2A95F5513D6AA1C75AAA83E5A4A4FEA3C047798E480
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\91476525608-04012021.LNK
false
21986204C8A142FBAA4D3BB50CAC4FBE
810F92044A00628D2286C4748FC9229C30708DE4
8AED2A53F3130D62A3DF6FD41C348AF4675B7C3AA8C740E838D87085F4AF38CD
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
662DAD751B67554F6EE8E750BC0DD74E
AE2A19D11FF5B452BB8212FBB1B1E47F63A6C8D3
7B0C79920F6F8A68576CCA63F22C33D89E09AA737C707D33A736082A03BD00D2
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
9A8B152F14E864A0442647375EAEF800
F75AE3EA100D77463B10071D490354CE3FAFF74F
73CA17369F3CDE5E4DA9BACAF17ABF3264FB8EF524E83EE66E236640EF078B72
C:\Users\user\Desktop\20DE0000
false
FFE542EBE4C59D29854B73FD12A8B33E
2B77236C44668531C569C68A4697895A438179F1
7D1AA02604B404F30DB192CBDD3280076BEC32611BCF73FC0F02D12A9AC0EE9E
C:\Users\user\Desktop\~$91476525608-04012021.xlsm
true
96114D75E30EBD26B572C1FC83D1D02E
A44EEBDA5EB09862AC46346227F06F8CFAF19407
0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
195.123.210.186
45.150.67.243
91.211.89.28
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)