bb667b89d752f1e25b86d73460969392d0a2f264e0780008999e955cbb2e6de7

Analysis

max time kernel
94s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 17:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fathers Day 2024 Powerpoint.pptx
Size

1.7MB
MD5

250b3e42192751118610a43379b2a775
SHA1

97d2957d1dc4a591abc36c4cb160039be1a1d53c
SHA256

bb667b89d752f1e25b86d73460969392d0a2f264e0780008999e955cbb2e6de7
SHA512

fc8a8ca52c69d6ccdcfa9f72fc62ad954df9de4b0f14837d2ecc149daa1b82690df3de3049ea87fff4db4513dfd8ff83d3118431bd52d7f41c6ad4baddca6fbb
SSDEEP

49152:GSk4KNDZlR87z+D9yViJraJ8PfR25MQ6V3geZPrYecrkLDN65FnN:8NdE7N8raaKMrZPrYJQXN6DnN

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2744	POWERPNT.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2744	POWERPNT.EXE
2744	POWERPNT.EXE
2744	POWERPNT.EXE
2744	POWERPNT.EXE

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\Fathers Day 2024 Powerpoint.pptx" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2744-2-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp

Filesize
64KB

Download
memory/2744-1-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp

Filesize
64KB

Download
memory/2744-0-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp

Filesize
64KB

Download
memory/2744-4-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp

Filesize
64KB

Download
memory/2744-5-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-3-0x00007FFFF264D000-0x00007FFFF264E000-memory.dmp

Filesize
4KB

Download
memory/2744-6-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp

Filesize
64KB

Download
memory/2744-8-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-7-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-9-0x00007FFFB0040000-0x00007FFFB0050000-memory.dmp

Filesize
64KB

Download
memory/2744-11-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-13-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-16-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-20-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-19-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-18-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-17-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-15-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-14-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-12-0x00007FFFB0040000-0x00007FFFB0050000-memory.dmp

Filesize
64KB

Download
memory/2744-10-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download
memory/2744-38-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp

Filesize
64KB

Download
memory/2744-39-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp

Filesize
64KB

Download
memory/2744-41-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp

Filesize
64KB

Download
memory/2744-40-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp

Filesize
64KB

Download
memory/2744-42-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads