Extracted

• • Target

    44bcf11f0ea0f7abb29cf5ab332319f1ee001f3b15972d7ec13bc255ad011098.xls

  • Size

    217KB

  • MD5

    1004b0863be0a3b8cd170364665d7a93

  • SHA1

    988d78c42274621be353cafc5a1c45dadf4e9ebf

  • SHA256

    44bcf11f0ea0f7abb29cf5ab332319f1ee001f3b15972d7ec13bc255ad011098

  • SHA512

    0bcd21a0e4664dbc89400000d717ae4f1464822ad991ab6eaf852a6b46ba51a57f694af7f111bc95b9543c540e3e72f42b8612a29f98fa6d5d82814ee0ddee01

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg8yY+TAQXTHGUMEyP5p6f5jQmN:nbGUMVWlbN

  Score

  10^/10

  emotetbankerpersistencetrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2