31.0.0 Emerald
IR
382682
CloudBasic
14:03:00
06/04/2021
Contract_132508562.xlsm
defaultwindowsofficecookbook.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
4acf095722b577ef282e9b2b736de65d
fbb4e8aee2d48443cd9ee930fc79891edc88edaa
8815a2be7dfd8565affb9271d229aab6289a97a96de5428c966fad85c6141e68
Excel Microsoft Office Open XML Format document with Macro (57504/1) 54.50%
true
false
false
false
72
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8774CB2F-B9EB-437C-9D99-9955AED5AE53
false
1D8711CF8552DDCAEDE729736FED2FF3
CD669D92519A8C4DB3F9FADEA04CA044F328B984
8A638D470887ECE1978721A244EAEF9363F10B9C14D1110C8B66EB73BCF27EC6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\1212CD17.gif
false
CB67CED3017DF7803FBA5D86FCEB4276
C7B8B4A44BDF7F7775F61FCF236A0834CB321733
C31F711B323EA0B1D04C7A72ECAC0BBBF4DC4ECC56F837FEFE754F53385D07B1
C:\Users\user\AppData\Local\Temp\D5A40000
false
EB13132E9B800E217E1488203705F97E
DD0B630084DA4602009B0D4DABB1467A256FBAA5
5201033FDF62A824442E97628D74442CCDC6D10A0AA572A6E99A6B60E3522B77
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Contract_132508562.LNK
false
9520A2F279C3F573B2EB445F5B04A9A6
D53F3F3B8A7466393F0DD1C250BFF419C404BC08
7D9536A739DBD26F68CF1A672DE1F5AA891F288D2BA56BB866B64637098C14E0
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
0A98BC9C1E1DE987BF27B99E5FB02D95
4404AB19E3AB509F7EB5D5E6876C66999F4DC251
623DFF10C18C8A457919E157AAF051DAA2070195DF22AAF01CE1189D83FD9CB1
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
2747EA491ECD274541188B946DBEAD52
2A2A3512122B2BD922198D13BAF6553133070B9B
1AE9A2620049FE85A0455585E86DF191D62B6BA603C97E3E98949575178C02EC
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
false
7962B839183642D3CDC2F9CEBDBF85CE
2BE8F6F309962ED367866F6E70668508BC814C2D
5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6
C:\Users\user\Desktop\76A40000
false
B70654EA3405E4B6B4F93036020029B1
B4277D445A51DEBB9A4968FA1E281887D6B4B45A
D5063C67874336ADDDC8A44B3B502A38B066AED4D44F2F1FE5EA98FD122F1804
C:\Users\user\Desktop\~$Contract_132508562.xlsm
true
836727206447D2C6B98C973E058460C9
D83351CF6DE78FEDE0142DE5434F9217C4F285D2
D9BECB14EECC877F0FA39B6B6F856365CADF730B64E7FA2163965D181CC5EB41
83.136.232.110
190.14.37.247
185.212.131.194
Document contains an embedded VBA macro which may execute processes
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found malicious Excel 4.0 Macro
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)