Extracted

• • Target

    56198078bc738a6c008e80b80ca24434b6e17deb652b0cdb7268bcb2d5a07ada

  • Size

    56KB

  • MD5

    d85d446e27aba0ec3d337e36a330d187

  • SHA1

    28923a9a2397a97f586f37d765b84146f7b4864f

  • SHA256

    56198078bc738a6c008e80b80ca24434b6e17deb652b0cdb7268bcb2d5a07ada

  • SHA512

    e58914ff2756953979040eec1c01ff8271518d49d202342440f093f76dc47a5c42780085a5475e9b0db5e07aea48860f0c577a420ec983c9a4c16fb31bf5aa31

  • SSDEEP

    1536:Yk3hOdsylKlgryzc4bNhZFGzE+cL2knAzqCuIzFp/iE:Yk3hOdsylKlgryzc4bNhZFGzE+cL2knJ

  Score

  10^/10

  discoveryexecution

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution
  behavioral1behavioral2