535f2b04a4086696d3fafb347cba4a40d6647a3c9c0b8b4690e966d789b5f45e | Triage

Submit
Reports

Overview

overview

Static

static

MV SPYRO A...S.xlsm

windows7_x64

MV SPYRO A...S.xlsm

windows10_x64

Sharing

General

Target

MV SPYRO AFEA VOY 156 PARTICULARS.xlsm
Size

51KB
Sample

200711-zcktxzqyfa
MD5

63e87619e5dcb07ca54ef9d82d99f7c0
SHA1

7fd77e39fbf7ad6e8ade3e6592580a81a7373c54
SHA256

535f2b04a4086696d3fafb347cba4a40d6647a3c9c0b8b4690e966d789b5f45e
SHA512

f7ba6d6d7b45b3f335bdb787c2393f0fc22aea8b01317643b3b3d006801c4cfc1a40301aa71cee87a57b460ba70c12be603369b042081dcfb1539466c904e8d1

Score

10^/10

spyware

Static task

static1

Behavioral task

behavioral1

Sample

MV SPYRO AFEA VOY 156 PARTICULARS.xlsm

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MV SPYRO AFEA VOY 156 PARTICULARS.xlsm

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  MV SPYRO AFEA VOY 156 PARTICULARS.xlsm
- Size
  
  51KB
- MD5
  
  63e87619e5dcb07ca54ef9d82d99f7c0
- SHA1
  
  7fd77e39fbf7ad6e8ade3e6592580a81a7373c54
- SHA256
  
  535f2b04a4086696d3fafb347cba4a40d6647a3c9c0b8b4690e966d789b5f45e
- SHA512
  
  f7ba6d6d7b45b3f335bdb787c2393f0fc22aea8b01317643b3b3d006801c4cfc1a40301aa71cee87a57b460ba70c12be603369b042081dcfb1539466c904e8d1
Score

10^/10

spyware
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blacklisted process makes network request
- Executes dropped EXE
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Exploitation for Client Execution

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy