Extracted

• • Target

    26cb6055be1ee503f87d040c84c0a7cacb245b4182445e3eee47ed6e073eca47

  • Size

    565KB

  • MD5

    0e24fa3bb4de4977e68fa4438c025d9d

  • SHA1

    16f1dc4c8790f43208f5dfc4303dd011b6f75b6d

  • SHA256

    26cb6055be1ee503f87d040c84c0a7cacb245b4182445e3eee47ed6e073eca47

  • SHA512

    fda799b71bc6f87f40b40eaee131376c5b97fb819c60831ac19c2291c4e1e21e17455cd4961936429196df323fb8cad3a99868d427ea97d15b4088a6336cd0fd

  • SSDEEP

    12288:mqZrQEOQU7c7r+wSrozwZa5C68EYwrWfVHdxL:hZr7O9WTSFaoWX8R

  Score

  10^/10

  evasionpersistenceupx

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Modifies Windows Firewall

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Registers COM server for autorun

    persistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2