Overview

overview

8

Static

static

8

emotet_doc

windows10_x64

1

Analysis

  • max time kernel
    60s
  • max time network
    15s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    17-07-2020 17:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a64798861089c14e40315e3b16a49b9fbe503f4cce3daacd2642728ff93ada9.doc

  • Size

    196KB

  • MD5

    572b8881e0c46128b605daeb589e7a73

  • SHA1

    a67f7ec183d0d5fbe07f95ec011379ff3633ae81

  • SHA256

    0a64798861089c14e40315e3b16a49b9fbe503f4cce3daacd2642728ff93ada9

  • SHA512

    9972ed43084f887d14c6512bc47430a7ef048596c227b70cb85bec8932cc9470d3bf64ebf74a51714ef30ced4c9b3397e0803c21cdee03751f5b8e4a51c49de3

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\0a64798861089c14e40315e3b16a49b9fbe503f4cce3daacd2642728ff93ada9.doc" /o ""
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:2008

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2008-0-0x000001DB1DE54000-0x000001DB1DE59000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2008-1-0x000001DB1DE59000-0x000001DB1DE5E000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2008-2-0x000001DB1BC32000-0x000001DB1BC43000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2008-3-0x000001DB1E02D000-0x000001DB1E032000-memory.dmp

    Filesize

    20KB

    Download