Overview

overview

10

Static

static

8

SlurpeeDOC

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    emotet_e2_2439ee9fc3c9ff3abb5350b061df8a74a208cd42d2d808372179bee8e8b84e39_2021-01-12__202417444079._doc

  • Size

    158KB

  • Sample

    210112-e21spbqwza

  • MD5

    7f2d1ba58bfd7bee81b0a37902a43548

  • SHA1

    66f4b3df90b1307b5066610ac0a7796ee1fa7057

  • SHA256

    2439ee9fc3c9ff3abb5350b061df8a74a208cd42d2d808372179bee8e8b84e39

  • SHA512

    b72ca193890c1ea89b3e2c7f0f092ae2a457094c8e69777ee4c7c25b87dc8e0953595af9ce56aa6e508189994ffe53cdeaf73b0a2b245824a31f8f5df568be15

Score
10/10
macro

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://shulovbaazar.com/c/bcL6/
exe.dropper

https://mybusinessevent.com/tiki-install/e/
exe.dropper

http://uhk.cncranes.com/ErrorPages/3/
exe.dropper

https://capturetheaction.com.au/wp-includes/Yjp/
exe.dropper

https://thenetworker.ca/comment/8N4/
exe.dropper

https://trayonlinegh.com/cgi-bin/HBPR/
exe.dropper

http://mmo.martinpollock.co.uk/a/SQSGg/

Targets

    • Target

      emotet_e2_2439ee9fc3c9ff3abb5350b061df8a74a208cd42d2d808372179bee8e8b84e39_2021-01-12__202417444079._doc

    • Size

      158KB

    • MD5

      7f2d1ba58bfd7bee81b0a37902a43548

    • SHA1

      66f4b3df90b1307b5066610ac0a7796ee1fa7057

    • SHA256

      2439ee9fc3c9ff3abb5350b061df8a74a208cd42d2d808372179bee8e8b84e39

    • SHA512

      b72ca193890c1ea89b3e2c7f0f092ae2a457094c8e69777ee4c7c25b87dc8e0953595af9ce56aa6e508189994ffe53cdeaf73b0a2b245824a31f8f5df568be15

    Score
    10/10

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks