bf0a7997cf340b4c22a7206b22b682b29e73c0c315d5360c189ed18032c58051 | Triage

Submit
Reports

Overview

overview

Static

static

8

PO#00187.pps

windows7-x64

Sharing

General

Target

PO00187.zip
Size

43KB
Sample

230326-fewxqsfe63
MD5

aefbf777bc7d03434d1f0b22b53d1098
SHA1

95b8b8916851b31174a5e91478517e43ff48fbc8
SHA256

bf0a7997cf340b4c22a7206b22b682b29e73c0c315d5360c189ed18032c58051
SHA512

ffbd8a0863be8e8c679d02f6e249ecf2920e4d46d156ce1bda01f70574edebe08096c450bab79da1bfadbf6f1872c39fb62f833bc56a68ccb5bd3c86707f1226
SSDEEP

768:PSEb25xLiOKiEqiW3p2F9HtN/urCtXBKSLVaLHiYpFKYlqnLF1GbmmU5q3GO1fc0:bbiKTnep2F9HtN/qCtXVa+YpTl4LF1Gp

Score

10^/10

macro

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PO#00187.pps

Resource

win7-20230220-en

windows7-x64

10 signatures

300 seconds

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://12384928198391823%12384928198391823@j.mp/hdkjashdkasbctdgjsa

Targets

- Target
  
  PO#00187.ppt
- Size
  
  133KB
- MD5
  
  1dadb4c3fe45566d28b7156be2e2aa6b
- SHA1
  
  53fecb422d1b1663e4a9aec9f5a3a020e818a6f9
- SHA256
  
  0289ee3c551ba84d34ab1760d042ab420733d96dbfedfae9718f8eb138c3259b
- SHA512
  
  b514646371ff67b67ee9c1bc4e3258442be1d175cf1290fbddc58405969bfcf0693cbddfa216aa6e0c73f7521096ef867773e1767a569e04d70480f71d5de62a
- SSDEEP
  
  1536:FslfQ+C4xIytrmsKemd8JkpuJFeOMn63nMq5Z+av1Dc3Y:FsV7rmsKemuJkpuJtE6cq5BpmY
Score

10^/10
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy