32.0.0 Black Diamond
IR
432145
CloudBasic
19:32:14
09/06/2021
research-2012220787.xlsb
defaultwindowsofficecookbook.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
25d7775b163763cbd7f31dcfb5508df6
f2194e73570b1868fda6237185aaf1035db042f7
72fa58d32cca86eb881fb398e30796d5315cc4e535166ecde99ad51f4890b573
Excel Microsoft Office Binary workbook document (47504/1) 49.74%
true
false
false
false
68
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\6C4F76BF-EEC6-427D-84F3-28D47D584D63
false
D122A9D9ECD09E5A55B9D0E2221EEEA6
AA6DDFC82088A944EA583EF89B76B89D25DA9B08
216E3391D34B0577ABA3158D3C8540D131AC404D39839629B6090E4B11AE5171
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\587FE3E2.png
false
ED31C7053D581EDC4C98D222CE02EDEF
6BA7A49CC6FF8FE00E9C5BC75F48AB7E679536DD
0FCF61397154DF01CFAECA362BD643D88AAD5FEDD07B52DC8A921CC0D7236534
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\589F4CBF.png
false
02DB1068B56D3FD907241C2F3240F849
58EC338C879DDBDF02265CBEFA9A2FB08C569D20
D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7751FFB4.png
false
9C4F09E387EA7B36C8149EA7C5F8876E
FF83384288EB89964C3872367E43F25FAFF007CC
A51C1D65092272DAEB2541D64A10539F0D04BC2F51B281C7A3296500CFCA56DE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\925DB6C9.png
false
4E69B72B0CE87CC7EE30AA1A062147FE
09B0AA5414E08756E0AE53E1BE5C70DB4DEAF2E8
77A1F749389CBF771D5197FF0FF17113FCA1D91989ADCADF2852876A6CC14988
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\9F375E36.png
false
A516B6CB784827C6BDE58BC9D341C1BD
9D602E7248E06FF639E6437A0A16EA7A4F9E6C73
EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\B39FB425.png
false
B1F262A694930ADB699FA94E3394887F
9C9B66D3A3F09AECA45DB94304CDD6FB3C5BD4C9
9C99EC61392B9022A38C1354124360147E8185065095BD2EC92B1416CF9F4B68
C:\Users\user\AppData\Local\Temp\2B810000
false
2531CA5DCF148DF525B1C30A5952CA15
3D99FAA6341B6342FD07EA97A81327C24D9F9810
58A86B4158C11A409804BB51048ACF1B2F7478DC8031448C241566CFC3C98769
C:\Users\user\Desktop\~$research-2012220787.xlsb
true
7AB76C81182111AC93ACF915CA8331D5
68B94B5D4C83A6FB415C8026AF61F3F8745E2559
6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
192.254.225.103
216.172.184.23
maciascriminallaw.com
false
192.254.225.103
jeparainternational.com
false
216.172.184.23
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Sigma detected: Microsoft Office Product Spawning Windows Shell
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)