32.0.0 Black Diamond
IR
399362
CloudBasic
17:52:54
28/04/2021
Datei-04.28.2021.doc
defaultwindowsofficecookbook.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
6747583727ce069aa8ae9d398d35e5bc
97667bf552bf5557666b5266003b0411bc1669bc
127d2018e008677e5a0af20d8981806e07e3b57285787800554708803aaca6bd
Word Microsoft Office Open XML Format document with Macro (52004/1) 33.99%
true
false
false
false
76
0
100
5
0
5
false
C:\ProgramData\argumentSelectTmp.jpg
false
FEDDB78986726A4A2161D362A5D52F25
BAAA81B272211FA22DF14E3DCA322CE63FFA50B4
2793291CF9D1C679B16DA071414FDE1E27A07508B616572332953DE5BB77083E
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\A87B51A9-A3C7-4F56-B132-575A1B8D2861
false
311806B4B6FD76169530A0D8AA27F87A
7E03FA01F7C5FB2237868BBBA80BF5DB58D5428E
04011A3382253AC5B3BB0584F414B114C33CAFCF7F7C9065BF2C3BBCDFFE24F8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\547D46CD.jpeg
false
A1BAC07A20C5DF390D6D96B0FB713F5D
427F044786B5C412EF3B424CDA2DEA817AA9CCA6
0638205EBB792E3447169B46FBFB6BC48A1433B8335794ED4CEB6706F5290EF3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRC0000.tmp
false
750EA3694D64FBF745FF350EEDF81300
333AD1C748B5AF88F2296347D9161072F3B0FFDD
ADDFC062C6618726504DCD124B5A4EAEFC38FB2E72A7CC9076354C0A5A719A94
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{9CE060EB-57B2-4D10-B350-6C5157BDAA6D}.tmp
false
43EADFFEFD5914B486C8193474EA3408
048972F9F902493E595F848E45052DF938621907
46F3BCD8D35DE83BDD29CA5C831E78C421869E3D4D0F8DDD60CD2A9E8E60ED77
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CBEA3AE0-72F5-4309-8667-0310211F1AE9}.tmp
false
5D4D94EE7E06BBB0AF9584119797B23A
DBB111419C704F116EFA8E72471DD83E86E49677
4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRS{CD582963-AB60-4B3D-8985-14AC1ED35740}.tmp
false
5D4D94EE7E06BBB0AF9584119797B23A
DBB111419C704F116EFA8E72471DD83E86E49677
4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\laka4[1].htm
false
FEDDB78986726A4A2161D362A5D52F25
BAAA81B272211FA22DF14E3DCA322CE63FFA50B4
2793291CF9D1C679B16DA071414FDE1E27A07508B616572332953DE5BB77083E
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
false
2EF82388B599F560F5A36C3E7B2C0D9E
717942BFB7DD27FD8ABC76E81B01716BE4FF5090
759C5E3596DF80EA4C95D00BD7D93EE18D676CF24E8BE74CFF95417B06958E68
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Datei-04.28.2021.LNK
false
EDEAA19361D5BBE087F35EC82095408D
4CDE6D44946E1D6954394C9931EA340EAE0B6218
3A50C5BBE2F6648DF765AF1D93BA959AFC8F2C9EC40B13F96525DD28ABE86E8E
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
0BDE91546ED3D50D1B9A1B4A37CF9572
16FC4A4A6EA006B381E57857AB4B29D966A847EB
4066E345B4B51909606757F4B5875000A5C838A8F8DE107415E6D67470FB032E
C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
false
4C507C3324F22A4C2BFFBDD520DD5674
E44DB415A96B00B95B2BF061C7DEB3B8C88E0967
99A8179412ADA135B685AB226D0AF920DBF689422EE95A375EC687BF7561D775
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
false
7962B839183642D3CDC2F9CEBDBF85CE
2BE8F6F309962ED367866F6E70668508BC814C2D
5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6
C:\Users\user\Desktop\~$tei-04.28.2021.doc
false
4C507C3324F22A4C2BFFBDD520DD5674
E44DB415A96B00B95B2BF061C7DEB3B8C88E0967
99A8179412ADA135B685AB226D0AF920DBF689422EE95A375EC687BF7561D775
45.142.215.160
better-transport-2008.com
false
45.142.215.160
Document contains an embedded VBA with base64 encoded strings
Document exploit detected (process start blacklist hit)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Register DLL with spoofed extension