Extracted

• • Target

    invoice_6_812937_pdf.ppam

  • Size

    43KB

  • MD5

    63aa8d7cc49200536403df68983a8de1

  • SHA1

    eb7caabc3fb8d4ca3548765f6fc59a03435b6aff

  • SHA256

    f7353ec4f751d69464d3b51344e2283e8a5607eb5c2b66cbb5a6b0102a58f697

  • SHA512

    6c2c6415a9c2ae4a03ccc2ceaf0a4186b46a366c215ade1f2d40ae74146de16f39833cbf5292877f452cfd8814051e1b61586e73e28bac28f35adee0d9c53074

  • SSDEEP

    768:MAzJ/c/lsTsK/n/Okf6R9/i/LxC8vVJOQPdYI+4zrSNJAWWnxmT0gXJ17CfDjraG:MAFkt09fmj7ajB0mxIPgHragw1/K8Nyh

  Score

  10^/10

  collection

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Accesses Microsoft Outlook profiles

    collection

  • Suspicious use of SetThreadContext

  behavioral1behavioral2