Extracted

• • Target

    f6d35bf62ffe3afee91f2935cb77ae9ab515aa8417333eced50712ae6558151d.xls

  • Size

    217KB

  • MD5

    3110461b258c6e137f88013788c7bccc

  • SHA1

    c4f60593e095f2ffd7bff85ce190231026ac5a68

  • SHA256

    f6d35bf62ffe3afee91f2935cb77ae9ab515aa8417333eced50712ae6558151d

  • SHA512

    819593892ca847e15e7456a27e21a43462833050692348a0f7215da221ae352f1f68aad343a241d99ec7adf07b7860732778069d6557cb7862a8bf49eb77f0bd

  • SSDEEP

    6144:OKpb8rGYrMPe3q7Q0XV5xtuEsi8/dgIyY+TAQXTHGUMEyP5p6f5jQmL:bbGUMVWlbL

  Score

  10^/10

  emotetbankerpersistencetrojan

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2