34.0.0 Boulder Opal
IR
623901
CloudBasic
22:15:36
10/05/2022
OR17233976_00019489_20170619154218.xlsx
defaultwindowsofficecookbook.jbs
Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
WINDOWS
06f4851cbdc105cc140818b42f000b0e
40ac7c31fd3e2f3524bd82200491741f02f9a1ef
3844f8a2b3657d0141d505373f74beb01b6c2150c6931670bc241d600dca89eb
Generic OLE2 / Multistream Compound File (8008/1) 100.00%
true
false
false
false
100
0
100
5
0
5
false
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\.svchost[1].exe
true
78003B1DD8F6229A23A13087082E259C
8A9998FEAE97C83883C682457E06E01A5F49C28A
784D3F82BACA5B823EE950DF8A640E1D5A1C1EE75B78A3C26ABDA15A99A204F3
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3288E575.png
false
9513E5EF8DDC8B0D9C23C4DFD4AEECA2
E7FC283A9529AA61F612EC568F836295F943C8EC
88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\53BF4B19.wmf
false
A549AA7F97898B261149683461DAA5B3
23FC6A9681D1EC42968FA9B7FDC3A39704D9A5A8
0D8148A90146940BDEA33C016EF7472F2A2A98DC81B93642B3C0BE96F556CCDB
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\76413093.png
false
66EF10508ED9AE9871D59F267FBE15AA
E40FDB09F7FDA69BD95249A76D06371A851F44A6
461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\90EF2157.emf
false
E780029FC510263ADBCDCB722EE175DB
DBB31FE31A18F06E033C87CAAAEAB6B5447FDECB
B3D61080037707B77D1F08BEA2B282E985D0D186B8E6B743B3141E590AC2875D
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B4D6F58F.jpeg
false
C96C0C48B8618E6C3900BA7A247F8CBA
F26FAC99A47B00164D9B57FB24904F9E29777229
8F82582426E79EC967B238F609F485DAB0AB8C7C4CB14BF9B40050D33C42E782
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B9050978.png
false
9513E5EF8DDC8B0D9C23C4DFD4AEECA2
E7FC283A9529AA61F612EC568F836295F943C8EC
88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B9F9AC7D.wmf
false
F5131B0D4BE02F6DBFB64313921574AF
A8116CEC8B593BB4B30E7190A7897264BFFBDBBF
5AF63109E000FA6F97D157AE1AA499C053762479BAD6FEFC3433C3554669AB11
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C49C905A.jpeg
false
C96C0C48B8618E6C3900BA7A247F8CBA
F26FAC99A47B00164D9B57FB24904F9E29777229
8F82582426E79EC967B238F609F485DAB0AB8C7C4CB14BF9B40050D33C42E782
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CE13C646.wmf
false
F5131B0D4BE02F6DBFB64313921574AF
A8116CEC8B593BB4B30E7190A7897264BFFBDBBF
5AF63109E000FA6F97D157AE1AA499C053762479BAD6FEFC3433C3554669AB11
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CFB87244.png
false
66EF10508ED9AE9871D59F267FBE15AA
E40FDB09F7FDA69BD95249A76D06371A851F44A6
461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E4EC5B6C.wmf
false
A549AA7F97898B261149683461DAA5B3
23FC6A9681D1EC42968FA9B7FDC3A39704D9A5A8
0D8148A90146940BDEA33C016EF7472F2A2A98DC81B93642B3C0BE96F556CCDB
C:\Users\user\AppData\Local\Temp\AEGISIIINVHelper.dll
false
00B917A158BB5BF0D6BFF7D6B3C81B12
24A9B80C8EC794ADA4C8BAF717CFAB98459AC1DE
947BE059906893C09F222CB2868631638A219FB905A47E16A311BA5ADEB4B300
C:\Users\user\AppData\Local\Temp\AsSQLHelper.dll
false
0B849C073801DCE25301ECA0146D534B
5BB9251CA83FE96C8F52B35637E674A629ED1468
3F77E9EF8843DE3DA37037F21BCF6D7E990085D2BDC5B3F05E71AB5EBE5288BB
C:\Users\user\AppData\Local\Temp\CoverDes.exe.manifest
false
9B48061E7B9FC35CD2624F2B9102549E
9DA640A8AF809549031916AB143026FAAF3B1E74
84839C6E85F9B73AA6B0F331A9EAADF7409B7B36E30BA0B04E31680069103E43
C:\Users\user\AppData\Local\Temp\Uforholdsvises7.wad
false
B021F3197225409A4EC77E8ED259532E
B9B2356B156F047E578910BB77995013E633B28E
749CCBEA3A290F99C225992CFFBEFECC11E47B1A50208F8D2D1EFDBF45F9C4F2
C:\Users\user\AppData\Local\Temp\emblem-default-symbolic.symbolic.png
false
A83F8C904AFA9E3F6A50D263747CF6DF
7B9D99B950518FCAF5AC59350823D2B20E82956F
F57C0B31EC836E26EB609F259CFA68DDA95F09685784423B61075DAE4BBA5BF6
C:\Users\user\AppData\Local\Temp\face-crying.png
false
473EE416AF2C1AE05AA7D5D004C9B3D2
EEC352E25F562C0386D5C92384A70B3005D40D6F
2C48F1719BBC825592FB0929E31DCFE66578665D28099087EA98EF261688DC18
C:\Users\user\AppData\Local\Temp\nszEA61.tmp\System.dll
false
CFF85C549D536F651D4FB8387F1976F2
D41CE3A5FF609DF9CF5C7E207D3B59BF8A48530E
8DC562CDA7217A3A52DB898243DE3E2ED68B80E62DDCB8619545ED0B4E7F65A8
C:\Users\user\AppData\Local\Temp\wxbase30u_xml_gcc_custom.dll
false
6D01A897D44DD4D25D7E1264407210FD
332C3ADE84D0C1E5BE298C037F9FE222620343B2
DD8289A21902F458B861C08A2F54D23F1E214B37BB89E73D4108303B490F7644
C:\Users\user\AppData\Local\Temp\~DF356FB6003FFB313F.TMP
false
BF619EAC0CDF3F68D496EA9344137E8B
5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Local\Temp\~DF6D478D5B0CAAFC00.TMP
false
BF619EAC0CDF3F68D496EA9344137E8B
5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\AppData\Local\Temp\~DFE089B71C9CC2CAF5.TMP
false
06F4851CBDC105CC140818B42F000B0E
40AC7C31FD3E2F3524BD82200491741F02F9A1EF
3844F8A2B3657D0141D505373F74BEB01B6C2150C6931670BC241D600DCA89EB
C:\Users\user\AppData\Local\Temp\~DFEBF9B8A93FED7DB2.TMP
false
BF619EAC0CDF3F68D496EA9344137E8B
5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\Desktop\~$OR17233976_00019489_20170619154218.xlsx
true
797869BB881CFBCDAC2064F92B26E46F
61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
C:\Users\Public\vbc.exe
true
78003B1DD8F6229A23A13087082E259C
8A9998FEAE97C83883C682457E06E01A5F49C28A
784D3F82BACA5B823EE950DF8A640E1D5A1C1EE75B78A3C26ABDA15A99A204F3
103.149.13.182
http://ocsp2.globals)
false
unknown
http://103.149.13.182/365space/.svchost.exej
true
unknown
http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
false
unknown
http://103.149.13.182/365space/.svchost.exe
true
103.149.13.182
http://103.149.13.182/365space/.svchost.exemmC:
true
unknown
http://nsis.sf.net/NSIS_ErrorError
false
unknown
http://ocsp.sectigo.com0
false
unknown
http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
false
unknown
http://crl.globalsig
false
unknown
https://www.globalsign.9
false
unknown
https://sectigo.com/CPS0C
false
unknown
Found malware configuration
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Shellcode detected
Office equation editor drops PE file
Tries to detect virtualization through RDTSC time measurements
Sigma detected: File Dropped By EQNEDT32EXE
C2 URLs / IPs found in malware configuration
Office equation editor establishes network connection
Antivirus detection for URL or domain
Drops PE files to the user root directory
Yara detected GuLoader