Overview

overview

10

Static

static

8

emotet_v6

windows10-1703-x64

1

emotet_doc

windows10-1703-x64

10

Analysis

  • max time kernel
    17s
  • max time network
    154s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-03-2023 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a49ae9a2ac9ce330db6a2dd480c129fa7206392262e64d4433f2c7f35cda28a9.doc

  • Size

    201KB

  • MD5

    f0c64ca95b183fe9dd9a69631029ac13

  • SHA1

    34547a5c6d7e9eb675b8e3fb810b36a0ed62213b

  • SHA256

    a49ae9a2ac9ce330db6a2dd480c129fa7206392262e64d4433f2c7f35cda28a9

  • SHA512

    19b6419e698a19fd626ba24b7086467b7d262314ea410a99656aa45c7355311507f9625498b736db11100a4e898d723a8c27244987099e75a8c931510eea4355

  • SSDEEP

    3072:tYAYyVlI23Etx/4DeJxD0QU+5c/18dJ95R3s14Mzgpq:qAXatZxh0QHg8dJ9r3dMzgQ

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Script User-Agent 10 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\a49ae9a2ac9ce330db6a2dd480c129fa7206392262e64d4433f2c7f35cda28a9.doc" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:1688

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-121-0x00007FFB66CA0000-0x00007FFB66CB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-122-0x00007FFB66CA0000-0x00007FFB66CB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-123-0x00007FFB66CA0000-0x00007FFB66CB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-124-0x00007FFB66CA0000-0x00007FFB66CB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-127-0x00007FFB63F00000-0x00007FFB63F10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-128-0x00007FFB63F00000-0x00007FFB63F10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-408-0x00007FFB66CA0000-0x00007FFB66CB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-410-0x00007FFB66CA0000-0x00007FFB66CB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-409-0x00007FFB66CA0000-0x00007FFB66CB0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1688-407-0x00007FFB66CA0000-0x00007FFB66CB0000-memory.dmp
    Filesize

    64KB

    Download