Extracted

• • Target

    8e19151505711eb3a6195f7907b07d7f0870c5497f72cb83807c738d8ce466a5.xls

  • Size

    217KB

  • MD5

    6672abec1cc22bf01448f878a0b09bd9

  • SHA1

    34bf220cc1af6fa493e1bfca7afdf0ac00818d42

  • SHA256

    8e19151505711eb3a6195f7907b07d7f0870c5497f72cb83807c738d8ce466a5

  • SHA512

    de288cd8303b21fa7db4557d39c33a24cbd443319ffab5aef6d88c13e52983f9b6ad59ee8c7697eacb771fde952a7f9ca634448c263969e72e3d8432682f9945

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQmr:bbGUMVWlbr

  Score

  10^/10

  emotetbankerpersistencetrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2