Overview

overview

10

Static

static

8

emotet_doc

windows7_x64

10

Resubmissions

17-07-2020 17:34

200717-11ew4vhpq6 10

17-07-2020 17:19

200717-bsfqa8665j 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7bf808ea3b70583a98b450b147880dd741c863b82bd064df6f773a9562a5a6b1.doc

  • Size

    188KB

  • Sample

    200717-11ew4vhpq6

  • MD5

    916161ce414c12d8c489a44c9cd81026

  • SHA1

    b919f28eb70f4c84de1715d9b70489d172153004

  • SHA256

    7bf808ea3b70583a98b450b147880dd741c863b82bd064df6f773a9562a5a6b1

  • SHA512

    dd814df4b53b99eb4287cfe3bb9772eab728d516d43a36621a6bd2106018324fe6d2dc1321717158d32ec4cd996b2194e21cb05c78604c1b4de0abae23a6fe85

Score
10/10
discoverymacro

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

https://ramukakaonline.com/wp-includes/cxSzmSXN/
exe.dropper

http://shubhinfoways.com/p/XEcc5x1qx73/
exe.dropper

http://test2.cxyw.net/hyeht3/aWybkzi/
exe.dropper

http://sustainableandorganicgarments.com/komentarz/KHF6ry92657/
exe.dropper

http://staging.icuskin.com/wp-content/o5hhrj8wvfv372729/

Targets

    • Target

      7bf808ea3b70583a98b450b147880dd741c863b82bd064df6f773a9562a5a6b1.doc

    • Size

      188KB

    • MD5

      916161ce414c12d8c489a44c9cd81026

    • SHA1

      b919f28eb70f4c84de1715d9b70489d172153004

    • SHA256

      7bf808ea3b70583a98b450b147880dd741c863b82bd064df6f773a9562a5a6b1

    • SHA512

      dd814df4b53b99eb4287cfe3bb9772eab728d516d43a36621a6bd2106018324fe6d2dc1321717158d32ec4cd996b2194e21cb05c78604c1b4de0abae23a6fe85

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks