33.0.0 White Diamond
IR
482516
CloudBasic
20:57:27
13/09/2021
new order no. Hc511 for sept.xlsx
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
10522a9c4f1f52b4fe31456e03133b43
f78da793ab620c213e55e33ecdfe689f780eb910
342d93a58f17297d9de1ab5dbe0f23298f1cb7e2622d5816208ce5ef11579984
Generic OLE2 / Multistream Compound File (8008/1) 100.00%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\ben[1].exe
true
652E9A32D7FDC6783BC63C097D8ACF74
E3879E6A4F9A60CAE459690C28B4EB0B3B452957
9A61D81097E2AD10AA0065980D204EAFEFBF7CD089E774B878C69607E211A0DB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\17D20365.jpeg
false
738BDB90A9D8929A5FB2D06775F3336F
6A92C54218BFBEF83371E825D6B68D4F896C0DCE
8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2B7CAE80.png
false
63A6CB15B2B8ECD64F1158F5C8FBDCC8
8783B949B93383C2A5AF7369C6EEB9D5DD7A56F6
AEA49B54BA0E46F19E04BB883DA311518AF3711132E39D3AF143833920CDD232
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2C5515F9.png
false
E2267BEF7933F02C009EAEFC464EB83D
ACFEECE4B83B30C8B38BEB4E5954B075EAF756AE
BF5DF4A66D0C02D43BB4AC423D0B50831A83CDB8E8C23CF36EAC8D79383AA2A7
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\301E988E.png
false
613C306C3CC7C3367595D71BEECD5DE4
CB5E280A2B1F4F1650040842BACC9D3DF916275E
A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\37E16A22.jpeg
false
F06432656347B7042C803FE58F4043E1
4BD52B10B24EADECA4B227969170C1D06626A639
409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\40DEFBB.jpeg
false
E8FC908D33C78AAAD1D06E865FC9F9B0
72CA86D260330FC32246D28349C07933E427065D
7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4C6453A6.png
false
613C306C3CC7C3367595D71BEECD5DE4
CB5E280A2B1F4F1650040842BACC9D3DF916275E
A76D01A33A00E98ACD33BEE9FBE342479EBDA9438C922FE264DC0F1847134294
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5A2636F.jpeg
false
971312D4A6C9BE9B496160215FE59C19
D8AA41C7D43DAAEA305F50ACF0B34901486438BE
4532AEED5A1EB543882653D009593822781976F5959204C87A277887B8DEB961
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\67539073.jpeg
false
E8FC908D33C78AAAD1D06E865FC9F9B0
72CA86D260330FC32246D28349C07933E427065D
7BB11564F3C6C559B3AC8ADE3E5FCA1D51F5451AFF5C522D70C3BACEC0BBB5D0
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74DB69FF.emf
false
92CA5B4EC2C61E958C0BD5B74E5E18FD
8B5B7EB1EC282AFCF9E970E33909911D2499EE15
B852F9D4B6A896CE49017C4EB095508861A9223A8A9F28B6BBE4614DE3BD1476
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\88345337.jpeg
false
971312D4A6C9BE9B496160215FE59C19
D8AA41C7D43DAAEA305F50ACF0B34901486438BE
4532AEED5A1EB543882653D009593822781976F5959204C87A277887B8DEB961
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A60727D8.png
false
63A6CB15B2B8ECD64F1158F5C8FBDCC8
8783B949B93383C2A5AF7369C6EEB9D5DD7A56F6
AEA49B54BA0E46F19E04BB883DA311518AF3711132E39D3AF143833920CDD232
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B2B446A4.png
false
208FD40D2F72D9AED77A86A44782E9E2
216B99E777ED782BDC3BFD1075DB90DFDDABD20F
CBFDB963E074C150190C93796163F3889165BF4471CA77C39E756CF3F6F703FF
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B546FBF4.emf
false
D0D0B33D13AD63FE1E09F956A6A07781
72E1733CB4896917575F9F29BA48BBF9B354E1AB
CAAAEA90D88A8B96864076DD213B5C538C6DC9A7E71871ED20F0440CA8097C31
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BCB557BA.jpeg
false
F06432656347B7042C803FE58F4043E1
4BD52B10B24EADECA4B227969170C1D06626A639
409F06FC20F252C724072A88626CB29F299167EAE6655D81DF8E9084E62D6CF6
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\DD94195D.jpeg
false
738BDB90A9D8929A5FB2D06775F3336F
6A92C54218BFBEF83371E825D6B68D4F896C0DCE
8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E42F23CC.png
false
208FD40D2F72D9AED77A86A44782E9E2
216B99E777ED782BDC3BFD1075DB90DFDDABD20F
CBFDB963E074C150190C93796163F3889165BF4471CA77C39E756CF3F6F703FF
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\ED5BDC81.png
false
E2267BEF7933F02C009EAEFC464EB83D
ACFEECE4B83B30C8B38BEB4E5954B075EAF756AE
BF5DF4A66D0C02D43BB4AC423D0B50831A83CDB8E8C23CF36EAC8D79383AA2A7
C:\Users\user\Desktop\~$new order no. Hc511 for sept.xlsx
true
96114D75E30EBD26B572C1FC83D1D02E
A44EEBDA5EB09862AC46346227F06F8CFAF19407
0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
C:\Users\Public\vbc.exe
true
652E9A32D7FDC6783BC63C097D8ACF74
E3879E6A4F9A60CAE459690C28B4EB0B3B452957
9A61D81097E2AD10AA0065980D204EAFEFBF7CD089E774B878C69607E211A0DB
172.245.26.190
Found malware configuration
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
Machine Learning detection for dropped file
Sigma detected: File Dropped By EQNEDT32EXE
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Multi AV Scanner detection for dropped file
Yara detected GuLoader