Overview

overview

10

Static

static

8

792a7b8e75...f.xlsm

windows7_x64

10

792a7b8e75...f.xlsm

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    792a7b8e75aa51f90c66ee711faf429dfe3220b038cc3725ee935083fcb60e0f

  • Size

    83KB

  • Sample

    220113-21qhqsdbep

  • MD5

    7a289586cef7787e334abefa7601508c

  • SHA1

    f4d6bb8ffcd38e7b9f8d31c7a442f0388cfe5602

  • SHA256

    792a7b8e75aa51f90c66ee711faf429dfe3220b038cc3725ee935083fcb60e0f

  • SHA512

    d8b236deb1e722a3a724b587db0737fa2c9cf500817a32017300d6de7541e75a571b7813f0a78a4cad1d02af685ef6acf5522990b0372612de87edc0c4e00632

Score
10/10
macrosuricataxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

http://adi.iswks.com/assets/hO1v71pqfNN/

Targets

    • Target

      792a7b8e75aa51f90c66ee711faf429dfe3220b038cc3725ee935083fcb60e0f

    • Size

      83KB

    • MD5

      7a289586cef7787e334abefa7601508c

    • SHA1

      f4d6bb8ffcd38e7b9f8d31c7a442f0388cfe5602

    • SHA256

      792a7b8e75aa51f90c66ee711faf429dfe3220b038cc3725ee935083fcb60e0f

    • SHA512

      d8b236deb1e722a3a724b587db0737fa2c9cf500817a32017300d6de7541e75a571b7813f0a78a4cad1d02af685ef6acf5522990b0372612de87edc0c4e00632

    Score
    10/10
    suricata

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata: ET MALWARE W32/Emotet CnC Beacon 3

      suricata

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks