Extracted

• • Target

    18675f25203e08b39f835cec09a3697c6b1998dadcf22ba528828184f9f4515a.xlsx

  • Size

    1.1MB

  • MD5

    73346e64a29d684532eca0a6a17e8f4c

  • SHA1

    61980a1ee86bfe46bccfc5d2262c635dc06bf6b6

  • SHA256

    18675f25203e08b39f835cec09a3697c6b1998dadcf22ba528828184f9f4515a

  • SHA512

    9e821cbde002e872c03ef05adfe720efebb729a655747bde5d8e81e2949bc199b3c3774d476610d24a5b37b4c69c0cad521561904030e6657bf1aed27d007dda

  • SSDEEP

    24576:Auq9PLiijE2Z5Z2am4ZFb9+k5HbW3kZiyihBMpOLpEI:AuEPLiij7Z5ZKA9l5HbWUsK0

  Score

  10^/10

  defense_evasiondiscoveryexecution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Evasion via Device Credential Deployment

    defense_evasionexecution

  • Drops file in System32 directory

  behavioral1behavioral2