Extracted

• • Target

    file.doc

  • Size

    159KB

  • MD5

    91d36bdc24320509824ce981e2b947a1

  • SHA1

    68efe300bc46a826218fcb9c48020d4fdb1328f1

  • SHA256

    b2bf6fd741c90c1f70e56a46a458aad5889596863ff687083039e9a2afcd6c09

  • SHA512

    df701cf581514eba7d7b85df13f793a5df52fd885c29debfae51fe2e27aa8766ef815747a88d43d620bf2effb0fab05ecfbb158b17ae910bc7e50c35feac7138

  Score

  10^/10

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2