33.0.0 White Diamond
IR
499734
CloudBasic
22:30:15
08/10/2021
1701667874-10042021.xls
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
1dc3a1c0972a9e32d88e85d1cf8f2c65
808311a07522956f55bf842749083e199b0f04c6
9828f899790d150360e0a3f78f3eb3b758417644bc16896aeb411e2af9e8ea4b
Microsoft Excel sheet (30009/1) 47.99%
true
false
false
false
68
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
false
CB869BE78123435D1424E8D46E109C0B
5F7F80EB1C733006623828551737BBB312563659
3CBA343B556B4D7DD4331CB01FC4DD64992C53998D0A0FE392A9B53DEE015297
C:\Users\user\AppData\Local\Temp\VBE\RefEdit.exd
false
76E42ECC749A94DE9640F3AB385B214E
ED8C80ACAA1AA06590770D3854B2BDF248AD6F15
469812A4111C69521D0F8CF6103F9087F5EBE4D8976948C8E330622944A30D4E
5.196.247.11
190.14.37.165
188.119.113.3
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Microsoft Office Product Spawning Windows Shell
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Yara detected hidden Macro 4.0 in Excel
Sigma detected: Regsvr32 Command Line Without DLL