31.0.0 Emerald
IR
383014
CloudBasic
05:53:16
07/04/2021
SecuriteInfo.com.Trojan.Agent.FFFK.8079.3665
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
a7c64329efaea29a2dc97ced238490f7
5d4b9b386354444cf74fd858e3409f0294c45330
8ee305eec94aaef24116983ceef933359fb860ab50787b7963c3f46fe751630c
Microsoft Excel sheet (30009/1) 78.94%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\ySiCz[1].fbx
true
7DF0611CD75FA4C02B29070728C37247
1095F8922D93458EFBC97612D8A5DEA8DB8325A5
AC17E1F54B9F800D874E1D012E541FC037BD1A31EE3E8F631A454F2D1DE6ADA1
C:\Users\user\AppData\Local\Temp\FDCE0000
false
ACD684D03FB00D3EDE4EF36D090E2892
98C38FA7130CE3ADF7656D7C9E1410051C7DF775
007AD2692E7E4E40D9D9AACF2F68D1B7956DF881C8D0AF2B41569950BF2CA4ED
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-966771315-3019405637-367336477-1006\f554348b930ff81505ce47f7c6b7d232_ea860e7a-a87f-4a88-92ef-38f744458171
false
A9C113D8B90FCF3F0B90699048A6D136
D3764B8EA6F98EE7B6768F32F9AC504B8F5397B5
239AD9A1493D03A978E94CE064598C68D4F82056886C0D403477B63317260AC9
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
44C685D9F27C5D4389C82A76E63BE69C
29408FEA1972853446414948D64054ECBCBA3D0E
BA1D65408DD9BA2B20995E2A49F823D7F4F968CA65B8D477F0531A9744881509
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\SecuriteInfo.com.Trojan.Agent.FFFK.8079.LNK
false
7A6712A397C39A608B402FB08F51D055
708B6D4ACCF27C74C2E2A541B14B95FC32FCF065
1CF0635DFA3533DBB3CA1CE8B5A5C80FDA4E0C2038049B36F1554FA851B12BD9
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
77A0BBADB3E68BC0A632C215D9A38372
D2F8B90CBAFB167744DF998488137E83FADB51F4
999982418F347FD2A25818225C5B61106CA2B8C16F3558C45251E4C228E75C9D
C:\Users\user\Desktop\BECE0000
false
435860799AF28567EABD1AEC443E69B0
D6950FED25AB8CEC5E1DAA1AF55F82CF1A6EBD58
54CBCFCA263513798A7D7C63CCFDAD67CDB987B966E6CFB22F26212AEDFFC814
C:\Users\user\sdbybsd.fds
true
7DF0611CD75FA4C02B29070728C37247
1095F8922D93458EFBC97612D8A5DEA8DB8325A5
AC17E1F54B9F800D874E1D012E541FC037BD1A31EE3E8F631A454F2D1DE6ADA1
192.232.249.186
revolet-sa.com
false
192.232.249.186
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Found Excel 4.0 Macro with suspicious formulas
Office process drops PE file
Antivirus detection for URL or domain
Document exploit detected (drops PE files)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)