4bd67fea57ad57f6cc36306a5daa25519593e3cb384d77f9681289f8cfea5f0b | Triage

Submit
Reports

Overview

overview

Static

static

EMInstalle....6.exe

windows7_x64

8

EMInstalle....6.exe

windows10_x64

Sharing

General

Target

EMInstaller-3.4.0.6.exe
Size

143.5MB
Sample

210309-n86nx5kzse
MD5

57ffe5fbca3864d9d46f3f1262dedae3
SHA1

7c376879e0611c059eb5e672e46d9e0720ba187f
SHA256

4bd67fea57ad57f6cc36306a5daa25519593e3cb384d77f9681289f8cfea5f0b
SHA512

78c914b2f063e080471824b9c79af99a9ec75f33229a0816c18280bf6b27d7a43f32228efb29a715d4515e2143d9f6b287a8efdf554de17cc1b0f3092c00ac8d

Score

10^/10

discovery macro persistence xlm

Static task

static1

Behavioral task

behavioral1

Sample

EMInstaller-3.4.0.6.exe

Resource

win7v20201028

discovery macro persistence xlm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

EMInstaller-3.4.0.6.exe

Resource

win10v20201028

discovery macro persistence xlm

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  EMInstaller-3.4.0.6.exe
- Size
  
  143.5MB
- MD5
  
  57ffe5fbca3864d9d46f3f1262dedae3
- SHA1
  
  7c376879e0611c059eb5e672e46d9e0720ba187f
- SHA256
  
  4bd67fea57ad57f6cc36306a5daa25519593e3cb384d77f9681289f8cfea5f0b
- SHA512
  
  78c914b2f063e080471824b9c79af99a9ec75f33229a0816c18280bf6b27d7a43f32228efb29a715d4515e2143d9f6b287a8efdf554de17cc1b0f3092c00ac8d
Score

10^/10

discovery macro persistence xlm
- Registers COM server for autorun
  persistence
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Replication Through Removable Media

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Replication Through Removable Media

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverymacropersistencexlm

behavioral2

discoverymacropersistencexlm

© 2018-2024

Terms | Privacy