New PowerPoint Mouseover Based Downloader – Analysis Results
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Connection Proxy - T1090 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | b02805c6-9862-4083-96b1-1a28b9707853 |
| Fingerprint | afcc299daf2d4100 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 2, 2017, 5:46 p.m. |
| Added to db | Jan. 18, 2023, 11:08 p.m. |
| Last updated | Nov. 17, 2024, 10:40 p.m. |
| Headline | New PowerPoint Mouseover Based Downloader – Analysis Results |
| Title | New PowerPoint Mouseover Based Downloader – Analysis Results |
| Detected Hints/Tags/Attributes | 40/2/37 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | peerlyst.com |
|
| Details | Domain | 3 | cccn.nl |
|
| Details | Domain | 1 | 168.gop |
|
| Details | Domain | 3 | www.joesecurity.org |
|
| Details | File | 13 | c.php |
|
| Details | File | 2 | ii.js |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 1 | 484.exe |
|
| Details | File | 74 | mstsc.exe |
|
| Details | File | 1 | sectcms.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 1 | order.pps |
|
| Details | File | 1 | c:\users\current user\appdata\local\temp\484.exe |
|
| Details | File | 1 | c:\users\current user\appdata\roaming\microsoft\internet explorer\sectcms.exe |
|
| Details | File | 1 | c:\users\current user\appdata\local\temp\ii.js |
|
| Details | File | 1 | report-823c408af2d2b19088935a07c03b4222.html |
|
| Details | md5 | 1 | 823c408af2d2b19088935a07c03b4222 |
|
| Details | md5 | 1 | 9B5AC6C4FD5355700407962F7F51666C |
|
| Details | md5 | 1 | 13CDBD8C31155610B628423DC2720419 |
|
| Details | md5 | 1 | F5B3D1128731CAC04B2DC955C1A41114 |
|
| Details | sha1 | 1 | df99061e8ad75929af5ac1a11b29f4122a84edaf |
|
| Details | sha1 | 1 | 9fdb4cd70bbfb058d450ac9a6985bf3c71840906 |
|
| Details | sha1 | 1 | 7633a023852d5a0b625423bffc3bbb14b81c6a0c |
|
| Details | sha1 | 1 | 104919078a6d688e5848ff01b667b4d672b9b447 |
|
| Details | sha256 | 1 | f05af917f6cbd7294bd312a6aad70d071426ce5c24cf21e6898341d9f85013c0 |
|
| Details | sha256 | 1 | e97b266d0b5af843e49579c65838cec113562a053b5f87a69e8135a0a82564e5 |
|
| Details | sha256 | 3 | 55c69d2b82addd7a0cd3bebe910cd42b7343bd3faa7593356bcdca13dd73a0ef |
|
| Details | sha256 | 3 | 55821b2be825629d6674884d93006440d131f77bed216d36ea20e4930a280302 |
|
| Details | sha256 | 3 | 796a386b43f12b99568f55166e339fcf43a4792d292bdd05dafa97ee32518921 |
|
| Details | IPv4 | 1 | 46.21.169.110 |
|
| Details | Url | 3 | http://cccn.nl/c.php |
|
| Details | Url | 3 | http://cccn.nl/2.2 |
|
| Details | Url | 1 | https://www.peerlyst.com/posts/microsoft-office-malware-now-being-delivered-without-macros-but-using-pps-url-mouse-hover-marry-tramp?trk=search_page_search_result |
|
| Details | Url | 1 | https://www.joesecurity.org/reports/report-823c408af2d2b19088935a07c03b4222.html |
|
| Details | Url | 1 | https://www.hybrid-analysis.com/sample/796a386b43f12b99568f55166e339fcf43a4792d292bdd05dafa97ee32518921?environmentid=100 |
|
| Details | Url | 1 | https://www.virustotal.com/en/file/796a386b43f12b99568f55166e339fcf43a4792d292bdd05dafa97ee32518921/analysis |