32.0.0 Black Diamond
IR
438525
CloudBasic
17:51:20
22/06/2021
tender-1235416393.xlsm
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
7b3bc7d505fcb3b4c0b30aeb3ee9d0a1
aea1e832eed27f02e48248cee5334bc1d20f1263
bfe0e882d0ca0fb04757d96181db67c3c5b67e636ac1e92b2d6f6b63e35f0097
Excel Microsoft Office Open XML Format document (40004/1) 83.33%
true
false
false
false
80
0
100
5
0
5
false
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
false
6045BACCF49E1EBA0E674945311A06E6
379C6234849EECEDE26FAD192C2EE59E0F0221CB
65830A65CB913BEE83258E4AC3E140FAF131E7EB084D39F7020C7ACC825B0A58
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
false
D4AE187B4574036C2D76B6DF8A8C1A30
B06F409FA14BAB33CBAF4A37811B8740B624D9E5
A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
false
33F70B57FE702E8EB6A74856FB1765BC
5CC043EAE2355747348DDE9D1B437D24905FCD24
7D7B2817B2B5C838E7ED5296F2601B7DB3D6EC4E641D3F1EE76AC8C1AFD86BCC
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
false
C0B83C50F5EB0932F89FF3749B61E576
33F47F463C6F56C16A94F5815D012ED6357A89E6
B8312CFCAF62C111962F6FC14D63170043415682D1B0D3F6458E3C2CEE9BAA5A
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\375F21A2.png
false
4E69B72B0CE87CC7EE30AA1A062147FE
09B0AA5414E08756E0AE53E1BE5C70DB4DEAF2E8
77A1F749389CBF771D5197FF0FF17113FCA1D91989ADCADF2852876A6CC14988
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5E32AA01.png
false
9C4F09E387EA7B36C8149EA7C5F8876E
FF83384288EB89964C3872367E43F25FAFF007CC
A51C1D65092272DAEB2541D64A10539F0D04BC2F51B281C7A3296500CFCA56DE
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9268080E.png
false
B1F262A694930ADB699FA94E3394887F
9C9B66D3A3F09AECA45DB94304CDD6FB3C5BD4C9
9C99EC61392B9022A38C1354124360147E8185065095BD2EC92B1416CF9F4B68
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A76CD200.png
false
02DB1068B56D3FD907241C2F3240F849
58EC338C879DDBDF02265CBEFA9A2FB08C569D20
D58FF94F5BB5D49236C138DC109CE83E82879D0D44BE387B0EA3773D908DD25F
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ABDBFCB7.png
false
ED31C7053D581EDC4C98D222CE02EDEF
6BA7A49CC6FF8FE00E9C5BC75F48AB7E679536DD
0FCF61397154DF01CFAECA362BD643D88AAD5FEDD07B52DC8A921CC0D7236534
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D413B.png
false
A516B6CB784827C6BDE58BC9D341C1BD
9D602E7248E06FF639E6437A0A16EA7A4F9E6C73
EF8F7EDB6BA0B5ACEC64543A0AF1B133539FFD439F8324634C3F970112997074
C:\Users\user\AppData\Local\Temp\51EE0000
false
6EB574AE48A728B8764CA607B9A21C79
7C420DAB4E47CE53150EE5E02032A100A913AD56
782E66BD5958E789B3908998816A26D68484E4FDAECA6946535115FA4DC3D0F1
C:\Users\user\AppData\Local\Temp\CabED1E.tmp
false
6045BACCF49E1EBA0E674945311A06E6
379C6234849EECEDE26FAD192C2EE59E0F0221CB
65830A65CB913BEE83258E4AC3E140FAF131E7EB084D39F7020C7ACC825B0A58
C:\Users\user\AppData\Local\Temp\TarED1F.tmp
false
9BE376D85B319264740EF583F548B72A
6C6416CBC51AAC89A21A529695A8FCD3AD5E6B85
07FDF8BC502E6BB4CF6AE214694F45C54A53228FC2002B2F17C9A2EF64EB76F6
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
756FF46FB3F6D80E9493DF1833A7A06B
DA8B81668833B9F034152FA256A62CFE1B5F7C85
9122523DBC291905E702D13859C1CBEB3A2D5EE29F85D6E54AF9490F818BF0D0
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
B4F6BB060CA7FE2606599338C05D24F5
C466F0DF355EA0D4C96932C35460BA305862DC5F
46263D33B06608B58D3824D8C3F25B6254B46AED55B0157B0EB013DB5D5E2C41
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\tender-1235416393.LNK
false
A6BF9FE9AF4D155994B9C87CEBA5024C
53B9AA7FF737A5309F9E03C790154FD40AFEBCCD
0D354447AFDC923C2BA1DCC49DA29F35BCAB705A4108296403D7B501CBFA1D21
C:\Users\user\Desktop\92EE0000
false
6EB574AE48A728B8764CA607B9A21C79
7C420DAB4E47CE53150EE5E02032A100A913AD56
782E66BD5958E789B3908998816A26D68484E4FDAECA6946535115FA4DC3D0F1
C:\Users\user\Desktop\~$tender-1235416393.xlsm
true
96114D75E30EBD26B572C1FC83D1D02E
A44EEBDA5EB09862AC46346227F06F8CFAF19407
0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
192.185.112.212
192.185.88.195
norsecompassgroup.com
false
192.185.112.212
corazonarquitectura.com
true
192.185.88.195
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Found abnormal large hidden Excel 4.0 Macro sheet
Sigma detected: Microsoft Office Product Spawning Windows Shell
Yara detected MalDoc1
Multi AV Scanner detection for domain / URL
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)