Extracted

• • Target

    edb509bf36a97bad536a054fb67b0a749107ea257a77b98f497d0d761cc89d60

  • Size

    12KB

  • MD5

    fa6a5bc6c1a25b5e8a07515857df7412

  • SHA1

    b5df9df44e66656dff5254f1aeb2406196c68b49

  • SHA256

    edb509bf36a97bad536a054fb67b0a749107ea257a77b98f497d0d761cc89d60

  • SHA512

    e0c84c2e8027845fe27fdcba1f5b3185523bc4aa60a3131d4d02b0253c8bd579d4b61de05c4c22dc6ad4578cc7e3c86d6979d66fe1a7d73e80919a20bc90c8d0

  • SSDEEP

    192:NL29RBzDzeobchBj8JONPONeruQqrEPEjr7AhY:129jnbcvYJOw0uQqvr7CY

  Score

  10^/10

  execution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  behavioral1behavioral2