Extracted

• • Target

    DHL_Shipping_Invoices_Awb_BL_0000000000000000000000101620242247820020031808174Global180030010162024.js

  • Size

    120KB

  • MD5

    c654511bc71143604fa59947da8225bf

  • SHA1

    11cb2a2983a22a64b7a822a9b0c484dc1dd5d1e9

  • SHA256

    21df648fd084fe89b86984addfb3075d9eec1d3927252c38ea1c9049554dc0d3

  • SHA512

    a646b7e6b4f16390a61399531ca0b5611602020c98084f8e65ca93e1c335bb1416a7054456217287a33f31d8e54ad8e66125ca7e8ddb87daf7de0f065ae79693

  • SSDEEP

    1536:5dgBlOFpdq7MkzYWELraVId79UuxMoMxMUOIVSq41M2twpJS7fZ134Sm:+YFp0wq

  Score

  10^/10

  discoveryexecution

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution
  behavioral1behavioral2