Extracted

• • Target

    document[2022.01.31_15-32].xll

  • Size

    5.5MB

  • MD5

    70828862c70defaa1247cbf982baa581

  • SHA1

    d790adf35b62424622b37e9a8f6f7ad18f6103ec

  • SHA256

    f1382d5cab7ee309b2a97cb31400fd30909c3b5789a3981081feec2788083edd

  • SHA512

    faa6f6f9ced8a7415cb53766d2d0a5339952c0805ca100b971ba1852678149f10ffa1e72776b8937cae02347c56150f37a060d4bba3c575c75ad5c4233142471

  Score

  10^/10

  persistence

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Sets service image path in registry

    persistence

  • Loads dropped DLL

  behavioral1behavioral2