Overview

overview

10

Static

static

1

Revised Po...l.ppam

windows7-x64

10

Revised Po...l.ppam

windows10-2004-x64

1

Analysis

  • max time kernel
    0s
  • max time network
    90s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-12-2023 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Revised Posting Policy Offrs by HQ Dec 2023 final.ppam

  • Size

    3.6MB

  • MD5

    e05cfdcd11105776fb13edd620795551

  • SHA1

    5b4584c6a419b08bb107e274d0ed2f24411ddbcc

  • SHA256

    da298e4d09a9e151c6bf60e8ebfdd8fc2e633d078c705db768e3284acdad0678

  • SHA512

    925df1bf84404597bddb82db83896206435aaaca39a62846abe3ce3b1dbddc9b198f7caf76eac7294384682f49c0057d12b0b5ac81383f6ee8f51138781e4519

  • SSDEEP

    98304:/S/mMAQoSERBI9w//t2M7rv/GkBqAnimQNX:LM/tQI9wXt2MjGEqAnINX

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\Revised Posting Policy Offrs by HQ Dec 2023 final.ppam" /ou ""
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1204
    • C:\Users\Admin\Documents\522147\jevisvmansr.exe
      C:\Users\Admin\Documents\522147\jevisvmansr.exe
      2⤵
        PID:2800

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
      Filesize

      307B

      MD5

      0a81e877953a15a7fc5789f31bc4180a

      SHA1

      246cef05362a4eb5a4bcdb6d4e4554cbcfe1b037

      SHA256

      6bc0b0bff2ffc0feab541722b462326af6f509e542833d4aa6b1f2c8ef9fcff2

      SHA512

      ddd9ead1eb23eb74742ffde0b14973e2b312ecb9ee2409a239eade11a3b9c1e4e748e76cc87d1a6183867f380c79a41b229379376f932491245dafb17d93aadd

      Download Submit

    • C:\Users\Admin\Documents\522147\dowcxs.zip
      Filesize

      13KB

      MD5

      e26c4cdd2fc8dbe389cc11fb9b94bb4c

      SHA1

      f466f44ad94be333981126a737bfd0b25f95a8f7

      SHA256

      5a97a910c0b6f4b86dca1f3af657afc477300dfc5af49446946f4cb034485c0a

      SHA512

      c02083334070ebab3724d8b1e2bca5b9fdf8d800d162db52b4644d3dd1e777affedc8b139c3f51e03982babef5ae9868058756d2a929b1dcbf5174a4aeed3083

      Download Submit

    • C:\Users\Admin\Documents\522147\dowcxs.zip:Zone.Identifier
      Filesize

      26B

      MD5

      fbccf14d504b7b2dbcb5a5bda75bd93b

      SHA1

      d59fc84cdd5217c6cf74785703655f78da6b582b

      SHA256

      eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

      SHA512

      aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

      Download Submit

    • C:\Users\Admin\Documents\522147\jevisvmansr.exe
      Filesize

      41KB

      MD5

      c76b5043e6aba876a3adae104b5a153a

      SHA1

      1ba06a7e98dbe00dfdc6a846ae19833ae28aa03c

      SHA256

      fc6b8e359740308b3db1b27ed566c052157c2812485a0e289c23224ce21bac18

      SHA512

      e124c9845a4524e9ce8877c24deb3e8c66e31ff2a46326046eb837c740623b998e4a24196a6ca2a454ecb3e57fb1c20169a28e45cacb66acc8973715c5fee679

      Download Submit

    • C:\Users\Admin\Documents\522147\jevisvmansr.exe
      Filesize

      20KB

      MD5

      29edacc24c536ba0a2c837aced608bf9

      SHA1

      847e8145a026a0d763a30fe8144799c6cfb4390f

      SHA256

      546934157d4b75be45ab1fd4bfcd240b0532d3b69f81c4a2527e0db647b311bf

      SHA512

      fa03c24f5b537ea4ae43f2820abd393d95d06608e5e08bf9ca3e5c0f1065296a96f676919e2988ee6b6dab6efe47b74e4af62d5137d9b5a3822f8545e7697922

      Download Submit

    • C:\Users\Admin\Documents\522147\jevisvmansr.exe
      Filesize

      4KB

      MD5

      31e6a85bb1a5f4602efa8ee059b86ac7

      SHA1

      d52fe20fd819e62b6c99048d10d38e0428d2a272

      SHA256

      f7ebe6cad57412100b1240b5e016af0f0e87f465a157dff9f63d87b6404c66bf

      SHA512

      564880518de94ac66470646580e0c4dc4d0981cbff09d4bace1b48795470415bb92db68913543e1382331963523e6f60dcdadcad5853d2e35dc21f793cf64bb6

      Download Submit

    • C:\Users\Admin\Documents\522147\oleObject1.zip
      Filesize

      24KB

      MD5

      e7dd281b2f3c47da1f1fe1757e9a25d3

      SHA1

      747e668b8989d2f47151cd2a03053cdf8c85ba66

      SHA256

      1d5936da68e735d136e3e20f5aa114f9282731a66bfc9c92decb8ee7c5e87c89

      SHA512

      b807a124cb5b4f6636d251d4ac614d0a970054ec8bd765a970ac622670cde7aac0b7d6a88e82eb8b1893079ca164d17a527eaa89297152acb2e567f7ab652eac

      Download Submit

    • C:\Users\Admin\Documents\522147\ppt\jevisvmansr.zip
      Filesize

      5KB

      MD5

      a4b91f12842845f395b4d3b6419b2f35

      SHA1

      4213e6e5279e11b35740dec0c81a772244cd1bac

      SHA256

      5c951803c20d4e80faf9a963cd0e691264958cc18187491e652b3f00251c327f

      SHA512

      fefab4db9a2d8631e9bc9fda7238ecb20323de6072e918f8fbcc0996b2605494efc5199e3b9ccd13ece44e0644037a0b34306df3c37dfd032a4f27ea774e4bc9

      Download Submit

    • C:\Users\Admin\Documents\Revised Posting Policy Offrs by HQ Dec 2023 final.pptx
      Filesize

      120KB

      MD5

      3e63821c99e1216d487b813abd1a972c

      SHA1

      aff6801ce0839b800e1735e45685636565b92ad9

      SHA256

      d293495dc7e1ea64a9319b03dcabffe807475d1fe413d18dc18f510fb2019cc7

      SHA512

      9b3a91c6109857cc63a7e1e635d5519f5cb387fc604a502f2ddde0f769e85d537115ef95eefefdd3c8c05d6ac9c23aa83f21ddbde1c4b67171dab3b6f6b9d7ac

      Download Submit

    • memory/1204-0-0x00007FFEE84D0000-0x00007FFEE84E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-19-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-18-0x00007FFEE5D20000-0x00007FFEE5D30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-17-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-15-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-13-0x00007FFEE5D20000-0x00007FFEE5D30000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-12-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-10-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-9-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-7-0x00007FFEE84D0000-0x00007FFEE84E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-5-0x00007FFEE84D0000-0x00007FFEE84E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-3-0x00007FFEE84D0000-0x00007FFEE84E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-1-0x00007FFEE84D0000-0x00007FFEE84E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-2-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-28-0x000001AE2A070000-0x000001AE2A870000-memory.dmp

      Filesize

      8.0MB

      Download

    • memory/1204-60-0x000001AE2A070000-0x000001AE2A870000-memory.dmp

      Filesize

      8.0MB

      Download

    • memory/1204-22-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-21-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-63-0x000001AE2A070000-0x000001AE2A870000-memory.dmp

      Filesize

      8.0MB

      Download

    • memory/1204-20-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-16-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-14-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-11-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-8-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-288-0x00007FFEE84D0000-0x00007FFEE84E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-289-0x00007FFEE84D0000-0x00007FFEE84E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-290-0x00007FFEE84D0000-0x00007FFEE84E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1204-6-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-4-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-292-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-294-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-293-0x00007FFF28450000-0x00007FFF28645000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1204-291-0x00007FFEE84D0000-0x00007FFEE84E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2800-253-0x0000027D5B430000-0x0000027D5B440000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2800-251-0x00007FFEF9F90000-0x00007FFEFAA51000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2800-252-0x0000027D3FD20000-0x0000027D40E10000-memory.dmp

      Filesize

      16.9MB

      Download

    • memory/2800-295-0x00007FFEF9F90000-0x00007FFEFAA51000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/2800-296-0x0000027D5B430000-0x0000027D5B440000-memory.dmp

      Filesize

      64KB

      Download