Can ppt file be malware?
File link: https://app.letsdefend.io/download/downloadfile/PO00187.zip/
Password: infected
Load up the malware in VirusTotal and examine the analysis. Sign up for an account to view more details.
Question 1
What was the general name / category of the malicious file in the analyzed ppt file?
A number of security vendor’s have labeled them as a VB Trojan.
Question 2
Which of the url addresses it communicates with has been detected as harmful by sandboxes?
Examine the URL that has the most detections.
Question 3
What is the name of the htm file that drops to disk?
Question 4
Which process is running to persistent under mshta.exe after the relevant malware runs?
Found a good resource on persistence scheduled tasks here.
Question 5
If there was a snort IDS in the environment at the time of the incident, which rules would it match?
Persecure : my learning archive 