Extracted

• • Target

    66085ec20d2b85fa38b28e8b9b9677bcfb9878421f564ef140f2f71428a70e36

  • Size

    12KB

  • MD5

    6800bdb8e0bfd0d57762b346fdf5c03e

  • SHA1

    9835f0143f70fc3afe57338da5996d9717d10cd9

  • SHA256

    66085ec20d2b85fa38b28e8b9b9677bcfb9878421f564ef140f2f71428a70e36

  • SHA512

    ef4f8958b4e9e5dd3cce884e37de60e7f4765b7801fe114a7a378ccf4deaaba251eff10ff4e7cfb6cae93e89082c8ea6eaf4c998cb9f8b0b2bfb814bb5f93827

  • SSDEEP

    192:3L29RBzDzeobchBj8JON1ON8ruvrEPEjr7Aha:b29jnbcvYJOSyuvvr7Ca

  Score

  10^/10

  execution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  behavioral1behavioral2