Image for post
Image for post
Figure 1 Emotet.doc Opened in LibreOffice

Figure 2 below shows the ANY.RUN process graph for the initial stages of the Emotet malware sample that we’re going to analyze. There is so much interesting code to get from first click to system compromise and I wanted to explore the process in a little more detail. This article is provided for informational purposes only, so proceed at your own risk if you decide to follow along.


When working with malware or other offensive cyber tools it’s very important to ensure that malware and other exploits don’t escape to your computer, network, or worse yet, onto the Internet. VMWare Workstation Pro has been my go to desktop virtualization platform for many years. It’s a mature, stable and flexible platform that you can rely on for whatever testing you need to do. When I used a Mac, I used VMWare Fusion, which is essentially the same software and should support the configurations discussed in this article. There are, of course, other desktop virtualization platforms such as VirtualBox. VirtualBox is the closest competitor in my opinion and it’s free! Perhaps I’ll do another article on VirtualBox, but today we’re going to stick with VMWare Workstation Pro. …

About

Adam Munger

Cyber Leader and Eternal Student

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store