Can ppt file be malware?
File link: https://app.letsdefend.io/download/downloadfile/PO00187.zip/
Load up the malware in VirusTotal and examine the analysis. Sign up for an account to view more details.
What was the general name / category of the malicious file in the analyzed ppt file?
A number of security vendor’s have labeled them as a VB Trojan.
Which of the url addresses it communicates with has been detected as harmful by sandboxes?
Examine the URL that has the most detections.
What is the name of the htm file that drops to disk?
Which process is running to persistent under mshta.exe after the relevant malware runs?
Found a good resource on persistence scheduled tasks here.
If there was a snort IDS in the environment at the time of the incident, which rules would it match?
Leave a Reply