730791498e622e20755f6b0100dd78dc66fd2e99f85aecf1d55626960c1260de | Triage

Submit
Reports

Overview

overview

Static

static

8

ORD.ppt

windows7_x64

ORD.ppt

windows10_x64

Sharing

General

Target

ORD.ppt
Size

81KB
Sample

210722-yw5vymblkn
MD5

fb68f8be8c75736c63464b924ff7c33b
SHA1

6546c3af939be5e2a2bce5c03a8d89ec562665f6
SHA256

730791498e622e20755f6b0100dd78dc66fd2e99f85aecf1d55626960c1260de
SHA512

ef05425c38e63c78099ec4f43c80e9368d53890c75c19470d9dd715fcd169e3af7eec63a5fc078a2fba886974e962ed95fec3a26d3f5b71b079508cf2cc270de

Score

10^/10

macro

Static task

static1

Behavioral task

behavioral1

Sample

ORD.ppt

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORD.ppt

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ORD.ppt
- Size
  
  81KB
- MD5
  
  fb68f8be8c75736c63464b924ff7c33b
- SHA1
  
  6546c3af939be5e2a2bce5c03a8d89ec562665f6
- SHA256
  
  730791498e622e20755f6b0100dd78dc66fd2e99f85aecf1d55626960c1260de
- SHA512
  
  ef05425c38e63c78099ec4f43c80e9368d53890c75c19470d9dd715fcd169e3af7eec63a5fc078a2fba886974e962ed95fec3a26d3f5b71b079508cf2cc270de
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy