Overview

overview

10

Static

static

9a8f50ee90...9e.exe

windows7_x64

10

9a8f50ee90...9e.exe

windows10_x64

10

Analysis

  • max time kernel
    65s
  • max time network
    123s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    18-07-2020 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9a8f50ee90c6e2e2f530fcec9de98dd23dd4e52bda805aff978ff12ef404289e.exe

  • Size

    100KB

  • MD5

    d33b11d682f7c858e099f7e6664979b2

  • SHA1

    75e1ced690afd30b96d38da511fc163b20f9e4a3

  • SHA256

    9a8f50ee90c6e2e2f530fcec9de98dd23dd4e52bda805aff978ff12ef404289e

  • SHA512

    848691a02e87f2a613bd0208494d212a03dd23e7618b22f1d8fa4c9b999c350587d2ad8b960b14f441caf0e7c96a18cc842414301b0fcc2e745ba33a15a63086

Score
10/10
trojanbankeremotet

Malware Config

Extracted

Family

emotet

C2

177.144.135.2:80

104.247.221.104:443

201.213.32.59:80

190.147.137.153:443

178.79.163.131:8080

190.17.195.202:80

212.71.237.140:8080

68.183.190.199:8080

12.162.84.2:8080

186.250.52.226:8080

181.129.96.162:8080

185.94.252.12:80

77.55.211.77:8080

177.72.13.80:80

70.32.115.157:8080

114.109.179.60:80

68.183.170.114:8080

5.196.35.138:7080

87.106.46.107:8080

190.163.1.31:8080
rsa_pubkey.plain

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet

Processes

  • C:\Users\Admin\AppData\Local\Temp\9a8f50ee90c6e2e2f530fcec9de98dd23dd4e52bda805aff978ff12ef404289e.exe
    "C:\Users\Admin\AppData\Local\Temp\9a8f50ee90c6e2e2f530fcec9de98dd23dd4e52bda805aff978ff12ef404289e.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    PID:3888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3888-0-0x0000000000A00000-0x0000000000A0C000-memory.dmp
    Filesize

    48KB

    Download