Extracted

• • Target

    cancel_sub_JPL12345678901234.xlsb

  • Size

    241KB

  • MD5

    b4a0b38ff2bd7619e42c0f1d1fb0171b

  • SHA1

    c0e61bcc7139bc2342e5a9eb9a2bc056c475624d

  • SHA256

    3cc4948d4d3cac89a74284ae4dc49d177b834f295e9f767a46dcd73726b7239d

  • SHA512

    8830468a4f8ee1032abe7ede05fdc11fb592355c81447bf0d65b995a6d6a55fc399025084bb74bb7f4b52a14ee7a2ea79a2100480222c1da95e19b3b4a59cff5

  Score

  10^/10

  nloaderloader

  • Nloader

    Simple loader that includes the keyword 'campo' in the URL used to download other families.

    loadernloader

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Nloader Payload

  • Blocklisted process makes network request

  • Loads dropped DLL

  behavioral1behavioral2