32.0.0 Black Diamond
IR
432052
CloudBasic
17:27:10
09/06/2021
viVrtGR9Wg.xlsb
defaultwindowsofficecookbook.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
008e2b469abf7058701ed9809ba1f949
d3c7adb371859497a0e3b61796a9469b1e9d1721
2d659e7701fdd879c933ca2f625d7183810342fd79a75d476dd68f4c3b8eeeb4
Excel Microsoft Office Binary workbook document (47504/1) 49.74%
true
false
false
false
76
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\2A67B087-45F1-4236-B3FB-851D3F1CEFAA
false
CC29C756872572B22BC20914A88BF0CB
2642D9774D713F46261AB14F67C02A38E8B44405
371B0DADE9A81901043CEC70392075E1390DD9B009D41B8F062FCD66179FEF53
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\25AE9BF8.png
false
02DB1068B56D3FD907241C2F3240F849
58EC338C879DDBDF02265CBEFA9A2FB08C569D20
D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\6AB7CC6.png
false
B1F262A694930ADB699FA94E3394887F
9C9B66D3A3F09AECA45DB94304CDD6FB3C5BD4C9
9C99EC61392B9022A38C1354124360147E8185065095BD2EC92B1416CF9F4B68
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\8F1AED13.png
false
A516B6CB784827C6BDE58BC9D341C1BD
9D602E7248E06FF639E6437A0A16EA7A4F9E6C73
EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\ACF69EDA.png
false
4E69B72B0CE87CC7EE30AA1A062147FE
09B0AA5414E08756E0AE53E1BE5C70DB4DEAF2E8
77A1F749389CBF771D5197FF0FF17113FCA1D91989ADCADF2852876A6CC14988
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B73ABB99.png
false
9C4F09E387EA7B36C8149EA7C5F8876E
FF83384288EB89964C3872367E43F25FAFF007CC
A51C1D65092272DAEB2541D64A10539F0D04BC2F51B281C7A3296500CFCA56DE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\D9C23A0F.png
false
ED31C7053D581EDC4C98D222CE02EDEF
6BA7A49CC6FF8FE00E9C5BC75F48AB7E679536DD
0FCF61397154DF01CFAECA362BD643D88AAD5FEDD07B52DC8A921CC0D7236534
C:\Users\user\AppData\Local\Temp\DDC40000
false
C13E6BF20183BA8C88E0FB56D73D21A0
B6A7B8EADDA331BAFCA4ECEC7C5D226C27A92551
AEE76617630889287A4C663FD4031692727A71470924AA6C715F8FFA11E01056
C:\Users\user\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC
false
7962B839183642D3CDC2F9CEBDBF85CE
2BE8F6F309962ED367866F6E70668508BC814C2D
5EB8655BA3D3E7252CA81C2B9076A791CD912872D9F0447F23F4C4AC4A6514F6
C:\Users\user\Desktop\~$viVrtGR9Wg.xlsb
true
7AB76C81182111AC93ACF915CA8331D5
68B94B5D4C83A6FB415C8026AF61F3F8745E2559
6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
192.185.48.167
192.185.113.120
dreamhimalayan.com
false
192.185.113.120
forfacks.com
true
192.185.48.167
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Sigma detected: Microsoft Office Product Spawning Windows Shell
Multi AV Scanner detection for domain / URL
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)