Behavioral task
behavioral1
Sample
34313678.ppt
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
34313678.ppt
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
34313678.ppt
-
Size
143KB
-
MD5
a9a4bca034e3e1dffdabd05a67f956f3
-
SHA1
a73c924ae959ed97a261c34a58e2d8c6609bca33
-
SHA256
ff8e48e52ca1647f927116a72d0e9b9d719bb881cd9feeef42f7addfdb7e17bc
-
SHA512
24b9c66bb5e8d301bfc1117e2e4746649439f9d019bc3a2b6d3ff83d4aa6399cb53541d9d92f3471d1a6aa279f7e95072a41e44283ab8165a9280aa89131d6e1
Malware Config
Signatures
-
Processes:
resource yara_rule sample office_xlm_macros sample office_macros -
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule sample grizli777_cracked_office
Files
-
34313678.ppt.ppt .pps windows office2003
CAlca