33.0.0 White Diamond
IR
501250
CloudBasic
17:45:36
12/10/2021
doc-379851424.xls
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
6941299c6a83bb6ae73f5a9ef8eefb4d
c1de6800c74673520fbc4c15d5ab67af1ef84de9
346ac88b13c71aeb67501f63940919f60ad502d6d350016aecaa2ef4ec3c1d75
Microsoft Excel sheet (30009/1) 78.94%
true
false
false
false
68
0
100
5
0
5
false
101.0.112.4
108.179.242.179
172.93.99.178
ohemaa.org
false
172.93.99.178
amerident.com.do
false
108.179.242.179
madieandme.com.au
false
101.0.112.4
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Regsvr32 Command Line Without DLL
Sigma detected: Microsoft Office Product Spawning Windows Shell
Document exploit detected (process start blacklist hit)
Document exploit detected (UrlDownloadToFile)
Yara detected hidden Macro 4.0 in Excel