Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    17-07-2020 20:45

General

  • Target

    44edd7336d5b638018a66a217f75c573d205af0a1eb317726f96b6e98f2764d9.exe

  • Size

    276KB

  • MD5

    194d1cb5c1cebab001a2b0061a892968

  • SHA1

    fef709af88ba6496ad67c2ed1bc53d4bb5b77933

  • SHA256

    44edd7336d5b638018a66a217f75c573d205af0a1eb317726f96b6e98f2764d9

  • SHA512

    65bcb9d1ee90e2ca17142a7764ff7e11d238425c4c723924e115410812346f1ca51cc7873016224aa8d71073c68429a9c6d4fe74472f60fa3da1dae6a51633dd

Score
10/10

Malware Config

Extracted

Family

emotet

C2

177.144.130.105:443

198.27.69.201:8080

157.7.164.178:8081

78.188.170.128:80

203.153.216.178:7080

77.74.78.80:443

178.33.167.120:8080

177.0.241.28:80

143.95.101.72:8080

51.38.201.19:7080

181.167.35.84:80

41.185.29.128:8080

192.163.221.191:8080

181.164.110.7:80

203.153.216.182:7080

80.211.32.88:8080

113.160.180.109:80

185.142.236.163:443

192.241.220.183:8080

87.106.231.60:8080

rsa_pubkey.plain

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: EmotetMutantsSpam 1 IoCs
  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

Processes

  • C:\Users\Admin\AppData\Local\Temp\44edd7336d5b638018a66a217f75c573d205af0a1eb317726f96b6e98f2764d9.exe
    "C:\Users\Admin\AppData\Local\Temp\44edd7336d5b638018a66a217f75c573d205af0a1eb317726f96b6e98f2764d9.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: EmotetMutantsSpam
    PID:316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/316-0-0x00000000002B0000-0x00000000002BC000-memory.dmp

    Filesize

    48KB

  • memory/316-1-0x0000000000400000-0x0000000000448000-memory.dmp

    Filesize

    288KB