Extracted

• • Target

    ba4f936860c86d9a1ee246fd5c0373947e5cdd6b3288e0097ab623272fce62d1.xls

  • Size

    217KB

  • MD5

    ddb28b3be7ee8336a95a385fcad9ca08

  • SHA1

    cbb68ccab5b26726f0b7171a0cc01f7efc0d72ec

  • SHA256

    ba4f936860c86d9a1ee246fd5c0373947e5cdd6b3288e0097ab623272fce62d1

  • SHA512

    dc2df3f74c7e1ba9cafdf7f0e092e2dc91c431b53cf7fffdad0b9029d1fc0d0f08a8f24c3f18f40c17393f6c8e14dba48d0a9e4d0ae3863bb5a1c2ea38ded2c9

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg8yY+TAQXTHGUMEyP5p6f5jQm9:nbGUMVWlb9

  Score

  10^/10

  emotetbankerpersistencetrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2