36.0.0 Rainbow Opal
IR
734111
CloudBasic
06:37:25
31/10/2022
bnerad4129F.xlsm
defaultwindowsofficecookbook.jbs
Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
WINDOWS
1bb0098ce207236e5a4819560e41a954
5bb00ef5548bd03e1e45f9113497a22de0f95fc6
97450cdcaa220328f6daebf774b425277103dbfe08940b1d5da07f6e2d8dbc49
Excel Microsoft Office Open XML Format document with Macro (52504/1) 52.24%
true
false
false
false
72
0
100
5
0
5
false
C:\Users\user\AppData\Local\Temp\VBE\MSForms.exd
false
71707F50E67C9AFAC345A16941AF041C
A283A770ED389DE57E07B6EB7D26EFA77168CABE
E3355AB5B7A650721018F03474622DAD41B96C435C15C624D3BF810E93D3C660
C:\Users\user\AppData\Local\Temp\~DF31B384211B18428B.TMP
false
72F5C05B7EA8DD6059BF59F50B22DF33
D5AF52E129E15E3A34772806F6C5FBF132E7408E
1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
C:\Users\user\AppData\Local\Temp\~DFBAA5C34754937DDE.TMP
false
BF619EAC0CDF3F68D496EA9344137E8B
5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
C:\Users\user\Desktop\~$bnerad4129F.xlsm
true
7AB76C81182111AC93ACF915CA8331D5
68B94B5D4C83A6FB415C8026AF61F3F8745E2559
6A499C020C6F82C54CD991CA52F84558C518CBD310B10623D847D878983A40EF
https://ebs-prd.eos.lkqeurope.com:443/OA_HTML//BneUploaderService?bne:tickleSession=Truem:443/
false
unknown
http://www.oracle.com/bne
false
unknown
https://ebs-prd.eos.lkqeurope.com:443/OA_HTML//
false
unknown
https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneComponentServiceos.lk
false
unknown
https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneUploaderServiceeos.lk
false
unknown
https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/
false
unknown
https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneDownloadServiceeos.lk(
false
unknown
https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneDownloadServiceeos.lk(FM51SOK4ODFJXCML07W7O8HY1PLOC
false
unknown
https://ebs-prd.eos.lkqeurope.
false
unknown
https://ebs-prd.eos.lkqeurope.com:443/OA
false
unknown
https://ebs-prd.eos.lkqeurope.com:443/OA_HTML/BneApplicationService
false
unknown
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with many string operations indicating source code obfuscation
Document contains an embedded VBA macro with suspicious strings
Document contains VBA stomped code (only p-code) potentially bypassing AV detection
Document contains OLE streams with suspicious strings
Document contains an embedded VBA with functions possibly related to HTTP operations
Detected Italy targeted Ursnif dropper document