Extracted

• • Target

    7e8bc31fde2acc45f23d277c2e9ea931aec4bb3048571ee1244856b3b8607f48.xls

  • Size

    217KB

  • MD5

    e8a4b008fd8e7e6806fb00d295c513a1

  • SHA1

    4462a0f303d66d5d98e8c461023c129d82672c27

  • SHA256

    7e8bc31fde2acc45f23d277c2e9ea931aec4bb3048571ee1244856b3b8607f48

  • SHA512

    6c5be307096e174108f941bcc984c8bef9ea08275123f5bb7842aafbc0abb75bf1aa6ae26369cbb45a8f886baea1c4e9f50036479d15a2c3c27a572f055e7cab

  • SSDEEP

    6144:zKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgLyY+TAQXTHGUMEyP5p6f5jQmS:nbGUMVWlbS

  Score

  10^/10

  emotetbankerpersistencetrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2