31.0.0 Emerald
IR
382825
CloudBasic
18:00:12
06/04/2021
documents-1660683173.xlsm
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
cf8cbce9bb25d9081b2da19c6f1c1c70
e014ec63d11a673fd6a655cb20055a723eba2fe5
9a59e089d7b593c0b0651ad43945f19c10c67719b7e01814f4007f253db6e286
Excel Microsoft Office Open XML Format document (40004/1) 83.33%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\index[1].htm
true
670BD3713D1FC5F4B0766C4ABADA5CCC
FF7F7D9AB1494A4BA3EEB4F942E68D69A96F4771
AF81590CA263392F0124D318604A06785F88696FA623DD16A6C57F6E22A1BD65
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3A7B2AED.png
false
780FD0ABF9055E2D8FA1BAB6D4B9163E
CFCD5C73C9C517161DEC8D4B01ABFCA4B272AEBE
6A3CDBFDB8911742673C2882E912369BC525A7BD41C9B6EFC5C9A84DAFF6C3B2
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6448C247.png
false
A516B6CB784827C6BDE58BC9D341C1BD
9D602E7248E06FF639E6437A0A16EA7A4F9E6C73
EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A0058FDE.png
false
D8574C9CC4123EF67C8B600850BE52EE
5547AC473B3523BA2410E04B75E37B1944EE0CCC
ADD8156BAA01E6A9DE10132E57A2E4659B1A8027A8850B8937E57D56A4FC204B
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E09279C.png
false
02DB1068B56D3FD907241C2F3240F849
58EC338C879DDBDF02265CBEFA9A2FB08C569D20
D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F
C:\Users\user\AppData\Local\Temp\36CE0000
false
3479245B9F33A9E1F03900890125DEE3
68E5533F4FBB045D7D6A84D63DB09ECB7B670CCE
21715C2FC085ADB028AB1E5A73B0F815B69DB64F7FFABB41242B1C6C3A43C03C
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
7F920880AA695C9DF2B102FB03974AEF
63965E298D95CCBC4EF5866EA811AAFDB3E7EB22
E8B89A78169A51E950A368A0BFDC22BFD7E3080CAC8FC79A49ABC22BC5CB17A6
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\documents-1660683173.LNK
false
AC01E803A9FED5CEA946118AD8320EDD
90AF5745FC9946CD42CC1220C057AA9048E49582
C1581D468241CD0ECEA9A02E5CD3E97C40613BAE7A5AF2DC3634B96F4AE7DC91
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
8380702CB2A3A628F83F6844DDF7E8D9
A7BDA2F60F42F4D202BFEA470BE141F6C2260F8A
B6F458D5D03DD31FE1299F4B4FEAB548379FB19B473B8CE0613ADE00E73EB421
C:\Users\user\Desktop\07CE0000
false
3479245B9F33A9E1F03900890125DEE3
68E5533F4FBB045D7D6A84D63DB09ECB7B670CCE
21715C2FC085ADB028AB1E5A73B0F815B69DB64F7FFABB41242B1C6C3A43C03C
C:\Users\user\Desktop\~$documents-1660683173.xlsm
true
96114D75E30EBD26B572C1FC83D1D02E
A44EEBDA5EB09862AC46346227F06F8CFAF19407
0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
C:\Users\user\oeiwkd4.dll
true
670BD3713D1FC5F4B0766C4ABADA5CCC
FF7F7D9AB1494A4BA3EEB4F942E68D69A96F4771
AF81590CA263392F0124D318604A06785F88696FA623DD16A6C57F6E22A1BD65
103.211.216.55
192.185.56.250
8.211.4.209
111.118.215.222
kautilyaclasses.com
false
192.185.56.250
bodylanguage.santulan.co.in
true
111.118.215.222
corwin-tommie06f.ru.com
false
8.211.4.209
katelynn9506a.ru.com
false
8.211.4.209
kullumanalitours.com
false
103.211.216.55
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Machine Learning detection for dropped file
Office process drops PE file
Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)