Extracted

• • Target

    subscription_1618344415.xlsb

  • Size

    181KB

  • MD5

    307a6d965c1435b17e3fe2ab03f92d16

  • SHA1

    47965c868c70245f783fcace03271eb287761c51

  • SHA256

    522245f192f8a25267d3c07be6cefa5f9ae583f62ac781577c8653f5cf00f7f6

  • SHA512

    596ea5cd389a298953b9dde78f3d95e0ffcc0e61d5b047f9dc6100adb405d36356e570019b376f0eacd95f397231fe54996a7ca269e9930ff7e395b5cab755ff

  Score

  10^/10

  nloaderloader

  • Nloader

    Simple loader that includes the keyword 'campo' in the URL used to download other families.

    loadernloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Nloader Payload

  • Blocklisted process makes network request

  • Loads dropped DLL

  behavioral1behavioral2