Overview

overview

10

Static

static

8

emotet_doc

windows7_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0a1d9d99039b977f7b4456b122f7a5a8f6379a85327c8916ed713444ee8c6047.doc

  • Size

    188KB

  • Sample

    200717-7nv68mh216

  • MD5

    89f8922bbf5af3210267cdc73fcb6d05

  • SHA1

    319ebb69fa357c7d5e5e2427678645ba3f101418

  • SHA256

    0a1d9d99039b977f7b4456b122f7a5a8f6379a85327c8916ed713444ee8c6047

  • SHA512

    c33d17216112a778d30515f125ec9bd5ca08453a2ec8fa06fc8122230ef60ed3766c82e2a1b5f440fc3f18c38680b44c929f4f6157d119046f7b46cdd400c064

Score
10/10
discoverymacro

Malware Config

Targets

    • Target

      0a1d9d99039b977f7b4456b122f7a5a8f6379a85327c8916ed713444ee8c6047.doc

    • Size

      188KB

    • MD5

      89f8922bbf5af3210267cdc73fcb6d05

    • SHA1

      319ebb69fa357c7d5e5e2427678645ba3f101418

    • SHA256

      0a1d9d99039b977f7b4456b122f7a5a8f6379a85327c8916ed713444ee8c6047

    • SHA512

      c33d17216112a778d30515f125ec9bd5ca08453a2ec8fa06fc8122230ef60ed3766c82e2a1b5f440fc3f18c38680b44c929f4f6157d119046f7b46cdd400c064

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks