32.0.0 Black Diamond
IR
440654
CloudBasic
18:49:41
25/06/2021
Permission-40776837-06252021.xlsm
defaultwindowsofficecookbook.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
2cd2fd004b5589a595239f202ac648ae
ac02da8a953fd89f325c64bf5df93e415350ec12
ad3071800cd6852215e7ffcc6c65e7104e3d6e10bccfffc8249d73be0512d6dd
Excel Microsoft Office Open XML Format document (40004/1) 83.33%
true
false
false
false
64
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\98DB5CB7-5E0F-4C7C-9ECA-A8B613A341F8
false
0F6EAACABE50A5A4848AD36539FAE0FD
37FCD9388B46C75A49114BE5A7F363BC5E9E303D
F9E28234FDB4082DD0AF71957D4262F70EE1F59290E8224516EC4F8EC0B030C8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\7B377E74.jpg
false
53918FB868F1540920FC189C6783FC7C
135CB103C5B5125C80285A83AE728B559313BADC
7F6AD5212338A6586251AEF92D2543AA8E70C815FE0BF7ADDCE2C0A83D20A0B3
C:\Users\user\AppData\Local\Temp\16810000
false
D925A29A54F9F029EB0EE51F80548286
0A397032E717FE62775DED92D8EA84E6A8799E9F
27BA6F8732F38FE8EB463F9B97F838E5E816250A352BAD986B5C9423BB928D4E
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
false
5A542CF153A4F208DD1A27786ADD2D0F
9C808F3AC08BC4B8BA9903329B4F97FB54A59638
42610F84BABA355F57E5EF6137D9B0303771FC1DC972270C82D227A304C769ED
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Permission-40776837-06252021.xlsm.LNK
true
F90C29B7CE79EAA5633E4CF70A8FF168
FFB1525783BD74AB1AFE2306A5A25901913E28A0
C2C659D42294473A144149EFB2E3534AB2A54718EA9DA9DFA71D244366D31E72
C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
false
2877FE79BD75DE1064CDA22221B5D82A
4E36822B3AF2ED15AEE01E001AB418E44972992A
9E3FF45D5278D40B927316486E0662F038DF0B0DDA7CC45AB1D70D53687DC25A
C:\Users\user\Desktop\A6810000
false
5F54D35FF8B3B7C0279821C4357F5D13
B7C82C233607FA59CE32139A1544BAC1521571A8
96BC46BC3F626227704066F04E772730D4F160FCAC102F0D3919241F10CC35DB
C:\Users\user\Desktop\~$Permission-40776837-06252021.xlsm
true
836727206447D2C6B98C973E058460C9
D83351CF6DE78FEDE0142DE5434F9217C4F285D2
D9BECB14EECC877F0FA39B6B6F856365CADF730B64E7FA2163965D181CC5EB41
190.14.37.3
185.183.99.120
185.240.103.219
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Found Excel 4.0 Macro with suspicious formulas
Sigma detected: Microsoft Office Product Spawning Windows Shell
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)