Overview

overview

1

Static

static

1

IsraelXXXI...X.pptx

windows7-x64

1

IsraelXXXI...X.pptx

windows10-2004-x64

1

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2023, 13:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    IsraelXXXItalyXProjectXByXXAbouXSaeidXXXAbouXOmranXIsisXXarmyX.pptx

  • Size

    5.8MB

  • MD5

    c841a89414101ee0024ae72a5e750467

  • SHA1

    70cc2054092cc6b29f4372c1bd7c0f822fa3d4b1

  • SHA256

    fddbcc732b6c9139431f229017c8dd827ceb2fa459cc966c1a18959c251504bd

  • SHA512

    9fef77b5388266e1ee0596584e74586fa5361e23524fc14dcedaeec7b752b816ff7ac95d29771380a34fcfb3a1cbee158fa97382a20166377fd7b9096c93d742

  • SSDEEP

    98304:ixXKZYvbS5SaMcrzw3sgi/mLvIMPiGGyDjUULd8rg3UC05uAEbAhFYkG:ixoYvbcS2asgiOrfi8fU0Ag3fAEbAUX

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
    "C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\IsraelXXXItalyXProjectXByXXAbouXSaeidXXXAbouXOmranXIsisXXarmyX.pptx"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      2⤵
        PID:1972

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A539BC48.jpeg
            Filesize

            11KB

            MD5

            9fb3000adba5bf953a9c3fb8847c51b8

            SHA1

            df769427d15b6d45d230f30fa2462e8d31848568

            SHA256

            412c49f2576df4016d46a271b2fe3110f291579c81f4a69b236b6d3d8963a3d9

            SHA512

            8da334d33a0778d4bceb54469776f198e7f9428d4c6d15b96b634d9272559ec5b32abc6a247711796a028bf463c4dde0708ce62e8412e6ce23920a2d747c1fe6

            Download Submit

          • memory/2604-1-0x000000002D840000-0x000000002DA52000-memory.dmp

            Filesize

            2.1MB

            Download

          • memory/2604-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2604-2-0x0000000073D4D000-0x0000000073D58000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2604-31-0x000000005FFF0000-0x0000000060000000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2604-32-0x0000000073D4D000-0x0000000073D58000-memory.dmp

            Filesize

            44KB

            Download