Static task
static1
Behavioral task
behavioral1
Sample
sample.ppt
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
sample.ppt
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
sample.ppt
-
Size
224KB
-
MD5
887fae5b37ce87fa027dfcc8ceea77d4
-
SHA1
4483e5d6307f0e6e9f6193afba280d1d43d7b271
-
SHA256
0fddb5b02497d530f81a3904594febfe7e8d39240639a54360b596e531cd91aa
-
SHA512
910053abe92868e581dc0857db7fc1fefd9331cd3487404b5373a9513ad4b0bffd203d686baf26e01f14451f13254f77d4ca5ad1db3b04fb9e74f800a0388422
Score
8/10
Malware Config
Signatures
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule sample office_macro_on_action -
Processes:
resource yara_rule sample office_macros -
Document created with cracked Office version 1 IoCs
Office document contains Grizli777 string known to be caused by using a cracked version of the software.
Processes:
resource yara_rule sample grizli777_cracked_office
Files
-
sample.ppt.ppt .pps windows office2003