The VMRay Labs team has uncovered a malicious Excel file uses macros to download an image from a remote resource – but hidden inside are the commands to execute the next payload

Then the malware schedules a task that is only executed when the user locks the screen. 

See why we think this is malicious in plain language.

See the whole path of the sample’s execution

Map the malicious activities on the MITRE ATT&CK Framework

Explore detailed information on the IP addresses, URLs and DNS, including function logs and PCAP Streams

Download the IOCs and artifacts to have a clear picture of the threat.

Download the files that the malware downloads, drops or modifies.