First, I would like to thank “Marry Trame” at peerlyst.com for posting about this new method that was discovered for a malware downloader. A link to the original post can be found at the bottom of this analysis. I would like to note that I edited the domain to my own in the PowerPoint so it wouldn’t actually successfully reach to the C&C server for the Malicious .jse file.

https://www.dodgethissecurity.com/2017/06/02/new-powerpoint-mouseover-based-downloader-analysis-results/