Extracted

• • Target

    f30d7d5b39245a6c2350c535d1b4d4dc5aeea540916bed4cef7fb61b39796326.xls

  • Size

    217KB

  • MD5

    2b56de8c77b3cd04c40b246d9416180c

  • SHA1

    d20f631ae1d10ca140460968f392613990b49caf

  • SHA256

    f30d7d5b39245a6c2350c535d1b4d4dc5aeea540916bed4cef7fb61b39796326

  • SHA512

    d2f455ebcae7377b304c4d204a71490d8fcbf54c5f7d281bc545dac1ecda2c4638f4a26d5bc1254b4e504644dd295866b8eb590dff5c0e6ea3ffb00333638828

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQmn:bbGUMVWlbn

  Score

  10^/10

  emotetbankerpersistencetrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2