Overview

overview

10

Static

static

iscsied.bin.exe

windows7_x64

10

iscsied.bin.exe

windows10_x64

10

Analysis

  • max time kernel
    129s
  • max time network
    143s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    10-07-2020 10:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    iscsied.bin.exe

  • Size

    692KB

  • MD5

    cdedba9345f7443d417373a581f0eb96

  • SHA1

    e376629c1a6fcc48a9478e90c59153a634f1cc12

  • SHA256

    ce8679260773363b9b36e64d7624af8ad5af6f631a3813f789245ac9a06db390

  • SHA512

    f8a99ad2c77339b2b0930b6c24823cb793c3ac5dcd0b2336c9ed7265296c28586a335903bec195665e05ae3b1370abb1be05df38135269fae43bc577f84679d1

Score
10/10
trojanbankeremotet

Malware Config

Extracted

Family

emotet

C2

181.230.65.232:80

77.74.78.80:443

192.241.220.183:8080

195.201.56.70:8080

125.63.106.22:80

203.153.216.178:7080

139.59.12.63:8080

190.251.235.239:80

14.99.112.138:80

192.163.221.191:8080

46.49.124.53:80

81.214.253.80:443

46.32.229.152:8080

74.208.173.91:8080

163.172.107.70:8080

37.46.129.215:8080

212.112.113.235:80

50.116.78.109:8080

113.161.148.81:80

78.188.170.128:80
rsa_pubkey.plain

Signatures

  • Suspicious behavior: EmotetMutantsSpam 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\iscsied.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\iscsied.bin.exe"
    1⤵
    • Suspicious behavior: EmotetMutantsSpam
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    • Suspicious use of SetWindowsHookEx
    PID:1612
    • C:\Windows\SysWOW64\Windows.Media.Import\Windows.Media.Import.exe
      "C:\Windows\SysWOW64\Windows.Media.Import\Windows.Media.Import.exe"
      2⤵
      • Suspicious behavior: EmotetMutantsSpam
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1612-0-0x0000000000650000-0x000000000065C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1612-1-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/1784-3-0x0000000000540000-0x000000000054C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1784-4-0x0000000000400000-0x00000000004B2000-memory.dmp

    Filesize

    712KB

    Download