32.0.0 Black Diamond
IR
440340
CloudBasic
08:23:46
25/06/2021
Decline-172917164-06242021.xlsm
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
f022a2159442cd4e16d7fe3dee1d634b
cd4a698d83059462498e48b8dec47662bd2a0ec4
4bd593279e649fae847a2b702655c571d7ca9e1949a422fa8d289250aeaa3305
Excel Microsoft Office Open XML Format document (40004/1) 83.33%
true
false
false
false
72
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AD7B9C26.tif
false
BB737290D394078D8A16D5509C5BC970
C8A63B0AB1EB7745A0027E0A17A6CB4C6F79487E
E11121ECA3FAD55F66EA240EADD4F5B4C978828C94C34736F7673540529B17A5
C:\Users\user\AppData\Local\Temp\95DE0000
false
1DDE60AF4802D997D564DCC19FCF8924
01040AF635B254E2387CBDA2379A02C1ADD7B27B
59B39E1F85E3318A929558831AB2D65DAAA38292B613F65BDB8DBFD28ACE14A3
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Decline-172917164-06242021.LNK
false
2D3FA1E5457926B56AE6600BA3D476FA
2F3FA829061E0BD5BF8F24F2EF63DDABB39E478D
FE15AAA8305867D305D2944ED0BB890D09964D52FE972D0B169E3281204520F6
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
2580406BFAE06A1C59616E3B17B9C490
7330C14D2F37BB8B2DBB21665DBE1F38C5342D06
4CA54148064EFC7BF7E77972F5F24F437F80F671C8DC0C6C1668737F5B6F5D61
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
C583482E01AB0E15D757BF76E7C5D737
FAD60796DF25EA9F73455FEF5ACB980371425D1C
39089D648F6A966B83E19AC3FEC4BF268C7574340248FE1700B47B497210812F
C:\Users\user\Desktop\66DE0000
false
4D63C3DCB6D2C3F5839B7FE96E34939D
8DAF3CA9BE70E9FE8BE12F12124F10E1AD077DDA
744118B0D611EED117C6907221549EAE6D477206EDD837F30EE55FABC2D8E328
C:\Users\user\Desktop\~$Decline-172917164-06242021.xlsm
true
96114D75E30EBD26B572C1FC83D1D02E
A44EEBDA5EB09862AC46346227F06F8CFAF19407
0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
185.234.247.7
5.253.62.174
185.117.73.74
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)