Overview

overview

10

Static

static

8

emotet_doc

windows7_x64

10

Resubmissions

17-07-2020 17:26

200717-8r1l42ntsx 10

17-07-2020 17:23

200717-wzdaf5tpz6 10

17-07-2020 16:22

200717-fram2knmh6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89d3f52d387fb432d62c6d34158f3f035811110bd2fadc91693cdc9780838249.doc

  • Size

    189KB

  • Sample

    200717-8r1l42ntsx

  • MD5

    4b86dd7bf648560f7d41e1ee00aac68b

  • SHA1

    f8c4dd551f317731293f23c8b08a64bce27039d2

  • SHA256

    89d3f52d387fb432d62c6d34158f3f035811110bd2fadc91693cdc9780838249

  • SHA512

    12d82915826131cd90ef2bbd54fbd7524c4d86dd862dfe6b444a68386309cb7404042493b750ccd2ddd47395f65f075c4d944faeae6b4678d0cdde9baecc1b31

Score
10/10
discoverymacro

Malware Config

Targets

    • Target

      89d3f52d387fb432d62c6d34158f3f035811110bd2fadc91693cdc9780838249.doc

    • Size

      189KB

    • MD5

      4b86dd7bf648560f7d41e1ee00aac68b

    • SHA1

      f8c4dd551f317731293f23c8b08a64bce27039d2

    • SHA256

      89d3f52d387fb432d62c6d34158f3f035811110bd2fadc91693cdc9780838249

    • SHA512

      12d82915826131cd90ef2bbd54fbd7524c4d86dd862dfe6b444a68386309cb7404042493b750ccd2ddd47395f65f075c4d944faeae6b4678d0cdde9baecc1b31

    Score
    10/10
    discovery

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks