General
-
Target
RETO-MALWAREDFIR.ppt
-
Size
133KB
-
Sample
240426-afrfragd53
-
MD5
00d7a6d6029559fa2fb656d906f7c5e4
-
SHA1
42eb2e085ba018868c8a4018341516d843154b30
-
SHA256
a1e8da85d99cfb4c8569ea850691cf6c565b6083114198e17369f3013e4016b5
-
SHA512
dff64ad6a392d49adf39c6c3154888651068a7e58ed70e7cd40fea6eed0ad31a41295cd197e60c6fb4b18ebe89fd707bb373edf4235f9f4c6fbdeebd2766d856
-
SSDEEP
1536:6slfQ+C4xIytrmsKemd8JkpuJFeOMn63nMq5Z+av1Dc3N:6sV7rmsKemuJkpuJtE6cq5BpmN
Behavioral task
behavioral1
Sample
RETO-MALWAREDFIR.pps
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
RETO-MALWAREDFIR.pps
Resource
win10v2004-20240412-en
Malware Config
Extracted
http://12384928198391823%12384928198391823@j.mp/hdkjashdkasbctdgjsa
Targets
-
-
Target
RETO-MALWAREDFIR.ppt
-
Size
133KB
-
MD5
00d7a6d6029559fa2fb656d906f7c5e4
-
SHA1
42eb2e085ba018868c8a4018341516d843154b30
-
SHA256
a1e8da85d99cfb4c8569ea850691cf6c565b6083114198e17369f3013e4016b5
-
SHA512
dff64ad6a392d49adf39c6c3154888651068a7e58ed70e7cd40fea6eed0ad31a41295cd197e60c6fb4b18ebe89fd707bb373edf4235f9f4c6fbdeebd2766d856
-
SSDEEP
1536:6slfQ+C4xIytrmsKemd8JkpuJFeOMn63nMq5Z+av1Dc3N:6sV7rmsKemuJkpuJtE6cq5BpmN
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Adds Run key to start application
-