Extracted

• • Target

    a11bd2bde079c17dc7b6793404f812830e99af2883f33ee49c01bc8c85751d50_JC.xll

  • Size

    12KB

  • MD5

    ad86b0520d48a0b530915850244f196b

  • SHA1

    2d28250d44de5ce82ded47bfb29a8ae6353a3fa4

  • SHA256

    a11bd2bde079c17dc7b6793404f812830e99af2883f33ee49c01bc8c85751d50

  • SHA512

    138934773d669a60900a82ee011f781576dc82275b4c62e696472e1d5890c2b155bf60ecab4eefc1345d4c42fe125078013ee242b8581f28ad735cb288cb1a39

  • SSDEEP

    192:uU5z9iLjq2pJk+/qcJklyJOEd8LsWGQwrgAh:3z9AbJH/IwJOs3/QwrgC

  Score

  10^/10

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  behavioral1behavioral2