Static task
static1
Behavioral task
behavioral1
Sample
sample_.ppt
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
sample_.ppt
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
sample_.ppt
-
Size
225KB
-
MD5
9cf2b594c4e731c42a98cd29eff24691
-
SHA1
3bb1e6523e6eee97e694cc0b3c557ecd6f954077
-
SHA256
d0f2cb812f55b2091f4df2b6a5e69e420c7ccc3ad7378e85d7c3e24066d78a50
-
SHA512
6e1175baf005f6c9d1d35edde84b641f63ef80b58d6bf5d75c35abe8664f5935474133c02a3b04dc760e8269d04739418e31fe332f79c8f5305ea0c9137937be
Score
8/10
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule sample office_macro_on_action -
Processes:
resource yara_rule sample office_macros -
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule sample grizli777_cracked_office
Files
-
sample_.ppt.ppt .pps windows office2003