Extracted

• • Target

    6b4515547adadc7e3b80b1f13d7b8a14838b4dd5672736e06c1bb48afc5a13a8

  • Size

    12KB

  • MD5

    ce30256af3881693c8a6abc17c06e9a1

  • SHA1

    342d961ef33431f7bf31d41e3935fd32402dc2dc

  • SHA256

    6b4515547adadc7e3b80b1f13d7b8a14838b4dd5672736e06c1bb48afc5a13a8

  • SHA512

    1058a975e9b24686b593d3d8c8ddb7c14eae53270ebcadc9578b1fff22676853dec60ada4e8c7af515f12e9af2ca104703bae06dce996797f9c7f6ffee1b5e11

  • SSDEEP

    192:dL29RBzDzeobchBj8JONcONEruArEPEjr7Ahn:F29jnbcvYJO1CuAvr7Cn

  Score

  10^/10

  execution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  behavioral1behavioral2