General
-
Target
MV SPYRO AFEA VOY 156 PARTICULARS.xlsm
-
Size
51KB
-
Sample
200711-zcktxzqyfa
-
MD5
63e87619e5dcb07ca54ef9d82d99f7c0
-
SHA1
7fd77e39fbf7ad6e8ade3e6592580a81a7373c54
-
SHA256
535f2b04a4086696d3fafb347cba4a40d6647a3c9c0b8b4690e966d789b5f45e
-
SHA512
f7ba6d6d7b45b3f335bdb787c2393f0fc22aea8b01317643b3b3d006801c4cfc1a40301aa71cee87a57b460ba70c12be603369b042081dcfb1539466c904e8d1
Static task
static1
Behavioral task
behavioral1
Sample
MV SPYRO AFEA VOY 156 PARTICULARS.xlsm
Resource
win7
Behavioral task
behavioral2
Sample
MV SPYRO AFEA VOY 156 PARTICULARS.xlsm
Resource
win10v200430
Malware Config
Targets
-
-
Target
MV SPYRO AFEA VOY 156 PARTICULARS.xlsm
-
Size
51KB
-
MD5
63e87619e5dcb07ca54ef9d82d99f7c0
-
SHA1
7fd77e39fbf7ad6e8ade3e6592580a81a7373c54
-
SHA256
535f2b04a4086696d3fafb347cba4a40d6647a3c9c0b8b4690e966d789b5f45e
-
SHA512
f7ba6d6d7b45b3f335bdb787c2393f0fc22aea8b01317643b3b3d006801c4cfc1a40301aa71cee87a57b460ba70c12be603369b042081dcfb1539466c904e8d1
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-