Extracted

• • Target

    lB_39.xlsm

  • Size

    84KB

  • MD5

    ca40024e1f730cb8775a13d96f73b734

  • SHA1

    fcb6c0e0fed10e795558bd3242d18f1f47245991

  • SHA256

    ae4c37f20738b2bc766ca1b1437dd27be15c5a86e663f8ce3fc8be6762483305

  • SHA512

    1134b50655628f2470d987e1e3d298378485baa73d7c0daeeb35b3993869dff3740568468d68b19185f5489f82682c741745c7919a738019179bfdf5039fc9e4

  Score

  10^/10

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Drops file in System32 directory

  behavioral1behavioral2