Overview

overview

10

Static

static

8

emotet_e2_...oc.doc

windows7_x64

10

emotet_e2_...oc.doc

windows10_x64

1

Analysis

  • max time kernel
    135s
  • max time network
    126s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    28-07-2020 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    emotet_e2_c5e193758814cfcd065e7e247aa69f5cea018221cde134eb4360d20f66ef4280_2020-07-28__230800._doc.doc

  • Size

    174KB

  • MD5

    c64cc19321ec79b5900cc356d86f7048

  • SHA1

    3532483dcbc46e16b3a05a5f8a04fa3b655132cf

  • SHA256

    c5e193758814cfcd065e7e247aa69f5cea018221cde134eb4360d20f66ef4280

  • SHA512

    a5aa661d1a672585fd7162c1840fedb8fbed04db4bedaf6d7a0df6f98783acac3986ea3dbb8572cfabab5d5cfb4f59524cfcd2fbc90f6ba57a03dd04e1e361db

Score
1/10

Malware Config

Signatures

  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\emotet_e2_c5e193758814cfcd065e7e247aa69f5cea018221cde134eb4360d20f66ef4280_2020-07-28__230800._doc.doc" /o ""
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Checks processor information in registry
    • Enumerates system info in registry
    PID:2896

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2896-0-0x000002298E5AA000-0x000002298E5AF000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2896-1-0x000002298BF5C000-0x000002298BF61000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2896-2-0x000002298E5A5000-0x000002298E5AA000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2896-3-0x000002298E5AA000-0x000002298E5AF000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2896-4-0x000002298BF5C000-0x000002298BF61000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2896-5-0x000002298E790000-0x000002298E795000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2896-6-0x000002298E795000-0x000002298E79A000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2896-7-0x000002298E795000-0x000002298E79A000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2896-8-0x000002298E790000-0x000002298E795000-memory.dmp

    Filesize

    20KB

    Download