32.0.0 Black Diamond
IR
440654
CloudBasic
18:42:19
25/06/2021
Permission-40776837-06252021.xlsm
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
2cd2fd004b5589a595239f202ac648ae
ac02da8a953fd89f325c64bf5df93e415350ec12
ad3071800cd6852215e7ffcc6c65e7104e3d6e10bccfffc8249d73be0512d6dd
Excel Microsoft Office Open XML Format document (40004/1) 83.33%
true
false
false
false
64
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\83F8E7CF.jpg
false
53918FB868F1540920FC189C6783FC7C
135CB103C5B5125C80285A83AE728B559313BADC
7F6AD5212338A6586251AEF92D2543AA8E70C815FE0BF7ADDCE2C0A83D20A0B3
C:\Users\user\AppData\Local\Temp\61CE0000
false
A426D91D65BBCD487AF2F9E280AF5CEE
69D0B820345DDFB4D58303F0EE5F82587B508033
CDDC896ADF6465D4DD80B866469BE3197816C6E1FC1174394DB546DB35306890
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
3008017780C977F34B7CC0E9613E89A6
E456406E7E0AE898CF5CAA11EEE3BE25ABEDFC73
38B2995A29A84AA669E2E268B0B288EAD988E676B526E7453FF088159DCE19AD
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Permission-40776837-06252021.LNK
false
7CE118B8EECE06D2E6600A46863DEAA0
A93B121CA1C54F39A87E51526453F7B3A7970D46
539C4EEC9B08D46AC445AF735AAC4E8B5899AFF78C35671A269439895B424530
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
DD807AE46DE66166FF8C2A5A2720329A
8F5E6BB049C86C267E546D071C0609561CAD3B8A
97715C735644785465C596B1613D156B28E027F87CCA5FDCE747E9BFF9B6D0DC
C:\Users\user\Desktop\02CE0000
false
A426D91D65BBCD487AF2F9E280AF5CEE
69D0B820345DDFB4D58303F0EE5F82587B508033
CDDC896ADF6465D4DD80B866469BE3197816C6E1FC1174394DB546DB35306890
C:\Users\user\Desktop\~$Permission-40776837-06252021.xlsm
true
96114D75E30EBD26B572C1FC83D1D02E
A44EEBDA5EB09862AC46346227F06F8CFAF19407
0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
190.14.37.3
185.183.99.120
185.240.103.219
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)