33.0.0 White Diamond
IR
482507
CloudBasic
20:44:48
13/09/2021
Invoice Scan Copy.xlsx
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
026c63b9e090a6bf86cc8b6a4549290a
39fa74d1c7de05c25466cb057ba984ec08c0848b
6e6e60afa39ac72cca4e828ef18e8650105635cea693048061483b7e44f60497
Generic OLE2 / Multistream Compound File (8008/1) 100.00%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\bin[1].exe
true
F378C63405C6FA0B24C2E4C142C42E9F
A8751014349135E8D4B13CB947444AD6C222588C
44EACB84C8AE24A115769DB8BB7FCA7D2AD14CF70A905BB57D54B175FFA4DA60
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1A302B6C.jpeg
false
971312D4A6C9BE9B496160215FE59C19
D8AA41C7D43DAAEA305F50ACF0B34901486438BE
4532AEED5A1EB543882653D009593822781976F5959204C87A277887B8DEB961
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2768058F.png
false
613C306C3CC7C3367595D71BEECD5DE4
CB5E280A2B1F4F1650040842BACC9D3DF916275E
A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\38D58F94.emf
false
31377C397CA398A548EF1AC6B21460A2
4C60622C16970484A9D4E5312FF4DE878F2CCAB8
3B5F9DC42F3265979EF286C6A2B6720A72EF5B440D63F2851E513E2253E801A7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3FB47DA1.png
false
63A6CB15B2B8ECD64F1158F5C8FBDCC8
8783B949B93383C2A5AF7369C6EEB9D5DD7A56F6
AEA49B54BA0E46F19E04BB883DA311518AF3711132E39D3AF143833920CDD232
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\43E1DB19.png
false
63A6CB15B2B8ECD64F1158F5C8FBDCC8
8783B949B93383C2A5AF7369C6EEB9D5DD7A56F6
AEA49B54BA0E46F19E04BB883DA311518AF3711132E39D3AF143833920CDD232
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\651DD978.jpeg
false
E8FC908D33C78AAAD1D06E865FC9F9B0
72CA86D260330FC32246D28349C07933E427065D
7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6AF1872E.png
false
E2267BEF7933F02C009EAEFC464EB83D
ACFEECE4B83B30C8B38BEB4E5954B075EAF756AE
BF5DF4A66D0C02D43BB4AC423D0B50831A83CDB8E8C23CF36EAC8D79383AA2A7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6CD94093.jpeg
false
F06432656347B7042C803FE58F4043E1
4BD52B10B24EADECA4B227969170C1D06626A639
409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\760C7575.png
false
208FD40D2F72D9AED77A86A44782E9E2
216B99E777ED782BDC3BFD1075DB90DFDDABD20F
CBFDB963E074C150190C93796163F3889165BF4471CA77C39E756CF3F6F703FF
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A06E1BDB.jpeg
false
F06432656347B7042C803FE58F4043E1
4BD52B10B24EADECA4B227969170C1D06626A639
409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BD13AC20.jpeg
false
E8FC908D33C78AAAD1D06E865FC9F9B0
72CA86D260330FC32246D28349C07933E427065D
7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C34B3C7D.png
false
208FD40D2F72D9AED77A86A44782E9E2
216B99E777ED782BDC3BFD1075DB90DFDDABD20F
CBFDB963E074C150190C93796163F3889165BF4471CA77C39E756CF3F6F703FF
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CD20E05A.jpeg
false
738BDB90A9D8929A5FB2D06775F3336F
6A92C54218BFBEF83371E825D6B68D4F896C0DCE
8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D5351646.png
false
E2267BEF7933F02C009EAEFC464EB83D
ACFEECE4B83B30C8B38BEB4E5954B075EAF756AE
BF5DF4A66D0C02D43BB4AC423D0B50831A83CDB8E8C23CF36EAC8D79383AA2A7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DD9E3157.png
false
613C306C3CC7C3367595D71BEECD5DE4
CB5E280A2B1F4F1650040842BACC9D3DF916275E
A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F90E5EC2.jpeg
false
738BDB90A9D8929A5FB2D06775F3336F
6A92C54218BFBEF83371E825D6B68D4F896C0DCE
8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FD764244.jpeg
false
971312D4A6C9BE9B496160215FE59C19
D8AA41C7D43DAAEA305F50ACF0B34901486438BE
4532AEED5A1EB543882653D009593822781976F5959204C87A277887B8DEB961
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FF814285.emf
false
A859EC0B881B9D0C36846383837EA228
154FF877E74001E719C8AC3FBF683A4199A72F5C
6CA88DC81EB9F2CD380BFCCC2131DFF1299F504AD2396CDCC8A31EAE86B3393D
C:\Users\user\Desktop\~$Invoice Scan Copy.xlsx
true
96114D75E30EBD26B572C1FC83D1D02E
A44EEBDA5EB09862AC46346227F06F8CFAF19407
0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
C:\Users\Public\vbc.exe
true
F378C63405C6FA0B24C2E4C142C42E9F
A8751014349135E8D4B13CB947444AD6C222588C
44EACB84C8AE24A115769DB8BB7FCA7D2AD14CF70A905BB57D54B175FFA4DA60
192.3.141.149
Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
Sigma detected: File Dropped By EQNEDT32EXE
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Multi AV Scanner detection for dropped file
Yara detected GuLoader