32.0.0 Black Diamond
IR
432926
CloudBasic
23:33:10
10/06/2021
document-47-2637.xls
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
92dcc47a1a044fc3a2328ec6eef3918b
6f9266a6c0b702cbaa0a3583df5c8cd1357eae35
ac4b99079b1ceb11db593097e421de9d9092765feedc23a3ab8ef912b292c988
Microsoft Excel sheet (30009/1) 78.94%
true
false
false
false
76
0
100
5
0
5
false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
6045BACCF49E1EBA0E674945311A06E6
379C6234849EECEDE26FAD192C2EE59E0F0221CB
65830A65CB913BEE83258E4AC3E140FAF131E7EB084D39F7020C7ACC825B0A58
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
false
D4AE187B4574036C2D76B6DF8A8C1A30
B06F409FA14BAB33CBAF4A37811B8740B624D9E5
A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
2E7776A8352D7B7340867AA27A128846
FD6DA9992DCEE317941DE8A460F26EBB4FEB94BD
C708CF029849616022F4F6F176AB59DF8DE3A5AB0E31DBA7B081338001474C41
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
false
221EE22598CAC868C8B16EE6D78B76D1
EEF00367633C5F7FAF69428C39C9107DEB332533
D0B5F4D8A653A322B01BDF32CB6573DBEFFD78527CEB7BFDA518855D69CB4F79
C:\Users\user\AppData\Local\Temp\57CE0000
false
E7F218C4D29FEBD5A30BB644B9DE75EC
B32B0BFA6E62EFC6CF9265142A0CC837E73FAE06
578A9F819A33168A169E9B01383EA68D40B526B1BEB9C16E9C711D75436B73DB
C:\Users\user\AppData\Local\Temp\CabCFBF.tmp
false
6045BACCF49E1EBA0E674945311A06E6
379C6234849EECEDE26FAD192C2EE59E0F0221CB
65830A65CB913BEE83258E4AC3E140FAF131E7EB084D39F7020C7ACC825B0A58
C:\Users\user\AppData\Local\Temp\TarCFC0.tmp
false
9BE376D85B319264740EF583F548B72A
6C6416CBC51AAC89A21A529695A8FCD3AD5E6B85
07FDF8BC502E6BB4CF6AE214694F45C54A53228FC2002B2F17C9A2EF64EB76F6
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
DDDE4AEA52639A376DDEA0363A830989
42C60E4DB7ACC6484B7F49E04B85E1F50B0939C8
1C26913AC092AFA7B73B276E5BA1C121F6BDC6C67FE1FB4E7DDA837CA5BBDA63
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\document-47-2637.LNK
false
F5F66094ECB1402555729E1107D3C096
38CCFCC00261AFF0B8F487E60F8DB2215979FF9A
A93527F892D71FDD7A251FEC2150DB068424F7EC190FC4416EC463E90BCE164E
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
CC574425794FB97F59C2DC249939493A
8CA2DFD4C2535E0FFEB160319D2CD079758B7F8D
1D977854F9C0DDF7462B6991CA2B6026C4FFCAF52F158A2C7B81B8FBEE5E35F0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Cookies\WX9VC4P4.txt
false
BD6147C9030F0D655787BE45213DB496
BEEDCBABD678F5969FA7BB2012CB25BB8FCB4CF5
5CAAF34D2E2E45E1677E131C8C64D202EF39B7D9B235C6E4165DB2EC87E7B4DB
C:\Users\user\Desktop\18CE0000
false
0A6CFFEA7C8A3F28DB32D6B10FB143FF
D1565F223B143944C30884D301B52AD4E32EE47B
FD7BDC282938F884B95DDAC7AC1EA44E18DB8664D063962A534FD61B03CC00BC
C:\Users\user\Desktop\D73F0000
false
6D8E6965F252B13FF8D880053C83D123
47B7D1032C44D1D914B378F37492E17B0D7A2E59
67D293F9AC0E32D54F1632FCCC7221DDB84E27D0278A5F403E81BB2A09CAEC0B
C:\aZ8ThU0Y\ERdZMUem\nnAzot.exe
true
7F7F391491C315A4A72EFCAC0D34FA93
20A18C7EA14F4E1D3044091B46D6E862B6F38708
022577F47FB074B7D942C8F01DAAC778B110A373DE03B3B5043E887995B09D52
198.244.146.96
webhub365.com
false
198.244.146.96
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Sigma detected: Microsoft Office Product Spawning Windows Shell
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)