Analysis Overview
SHA256
bb667b89d752f1e25b86d73460969392d0a2f264e0780008999e955cbb2e6de7
Threat Level: No (potentially) malicious behavior was detected
The file Fathers Day 2024 Powerpoint.pptx was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
Checks processor information in registry
Enumerates system info in registry
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-13 17:32
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-13 17:32
Reported
2024-06-13 17:35
Platform
win10v2004-20240611-en
Max time kernel
94s
Max time network
98s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Processes
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\Fathers Day 2024 Powerpoint.pptx" /ou ""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.243.111.52.in-addr.arpa | udp |
Files
memory/2744-2-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp
memory/2744-1-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp
memory/2744-0-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp
memory/2744-4-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp
memory/2744-5-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-3-0x00007FFFF264D000-0x00007FFFF264E000-memory.dmp
memory/2744-6-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp
memory/2744-8-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-7-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-9-0x00007FFFB0040000-0x00007FFFB0050000-memory.dmp
memory/2744-11-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-13-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-16-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-20-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-19-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-18-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-17-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-15-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-14-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-12-0x00007FFFB0040000-0x00007FFFB0050000-memory.dmp
memory/2744-10-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp
memory/2744-38-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp
memory/2744-39-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp
memory/2744-41-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp
memory/2744-40-0x00007FFFB2630000-0x00007FFFB2640000-memory.dmp
memory/2744-42-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp