Overview

overview

10

Static

static

8

emotet_e3_...oc.doc

windows7_x64

10

emotet_e3_...oc.doc

windows10_x64

1

Analysis

  • max time kernel
    135s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    01-08-2020 01:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    emotet_e3_3313ffb88f8caf097099973a0b3621c3e20f101fc72c95b9d54f29026c272fa1_2020-08-01__014402._doc.doc

  • Size

    173KB

  • MD5

    c89b9e03039cd45613eb1dc345ed6420

  • SHA1

    2267a2357a0177aeff7d6f4fdb1e7544893179c0

  • SHA256

    3313ffb88f8caf097099973a0b3621c3e20f101fc72c95b9d54f29026c272fa1

  • SHA512

    f8a0d5b21d707f590e2aef51ba6ac146e60493b0ac107857b7ad321fa9bf30c7e4d23365c52ae635998eecace47089104de5ea58d0d2de568cc70d6cfcbda1e7

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\emotet_e3_3313ffb88f8caf097099973a0b3621c3e20f101fc72c95b9d54f29026c272fa1_2020-08-01__014402._doc.doc" /o ""
    1⤵
    • Enumerates system info in registry
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: AddClipboardFormatListener
    • Checks processor information in registry
    PID:3044

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3044-0-0x0000015570975000-0x0000015570978000-memory.dmp

    Filesize

    12KB

    Download

  • memory/3044-1-0x0000015570978000-0x000001557097D000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3044-2-0x0000015570978000-0x000001557097D000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3044-3-0x000001557012F000-0x0000015570134000-memory.dmp

    Filesize

    20KB

    Download

  • memory/3044-4-0x0000015570AAE000-0x0000015570AC2000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3044-5-0x0000015570AAE000-0x0000015570AC2000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3044-6-0x0000015570AAE000-0x0000015570AC2000-memory.dmp

    Filesize

    80KB

    Download

  • memory/3044-7-0x0000015570AAE000-0x0000015570AC2000-memory.dmp

    Filesize

    80KB

    Download