Extracted

• • Target

    4ff4b84d4233a00cafef82b08777f38d01b7413c48bb8e2a4fc81c8df62d3904

  • Size

    12KB

  • MD5

    6cc9731c3596d595d936cecf341024d5

  • SHA1

    d2f326eb528b0d2db19e1576f0a72d2bda0148be

  • SHA256

    4ff4b84d4233a00cafef82b08777f38d01b7413c48bb8e2a4fc81c8df62d3904

  • SHA512

    ea9d8af5a73ea9524a5b4231183f2ff3dc359bfa0264e1312ecfbfda82c9dc181f46dc6b1b731aca8d39985dbd2ea9a5c4eeab23eaba1b085df589f08dcbbbe5

  • SSDEEP

    192:HL29RBzDzeobchBj8JONlONFzJruqrEPEjr7Ahq:r29jnbcvYJOiJuqvr7Cq

  Score

  10^/10

  execution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  behavioral1behavioral2