Extracted

• • Target

    2b96a73c331374ca1a4c176638e13b4d6317f8bac8f98a08663c818f6e62e217.xls

  • Size

    217KB

  • MD5

    f44f0589b939dbca044d25700963a437

  • SHA1

    92dfc5b57eedfec9ac4a0eb38bc3a0b2b06cc546

  • SHA256

    2b96a73c331374ca1a4c176638e13b4d6317f8bac8f98a08663c818f6e62e217

  • SHA512

    f6605ba7867f60ed8954a86a679f63e44913c7804dae96ae8624a7cac22e03502be7dd0153ee56d3e365658351409f209169f5968ef4557d18021966fc29f2bf

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dg8yY+TAQXTHGUMEyP5p6f5jQmh:nbGUMVWlbh

  Score

  10^/10

  emotetbankerpersistencetrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2