Analysis

  • max time kernel
    11s
  • max time network
    22s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    28-07-2020 22:51

General

  • Target

    4b451297d5c4f104d1f1a5d12e7ec25013afbbaf8b2a721e8112229ff30f7525.exe

  • Size

    612KB

  • MD5

    c131f972ddfa35f95bee6adda8a0398e

  • SHA1

    20aacf72c32f4024af041f5f1a8d58d62def9b05

  • SHA256

    4b451297d5c4f104d1f1a5d12e7ec25013afbbaf8b2a721e8112229ff30f7525

  • SHA512

    78c11e9d1642bca11d742c062c3f34cbd2fcc912a133c97d99a49fc942052b4241eafd8581c1e0147968a77f6e997369d24f1444c2d6f2a50a75d29e56746754

Score
10/10

Malware Config

Extracted

Family

emotet

C2

179.60.229.168:443

185.94.252.13:443

189.218.165.63:80

77.90.136.129:8080

217.199.160.224:7080

104.131.41.185:8080

2.47.112.152:80

185.94.252.27:443

186.250.52.226:8080

51.255.165.160:8080

68.183.170.114:8080

191.99.160.58:80

104.131.103.37:8080

181.31.211.181:80

202.62.39.111:80

83.169.21.32:7080

87.106.46.107:8080

72.47.248.48:7080

177.75.143.112:443

190.17.195.202:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----
6

Signatures

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Emotet Payload 1 IoCs

    Detects Emotet payload in memory.

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b451297d5c4f104d1f1a5d12e7ec25013afbbaf8b2a721e8112229ff30f7525.exe
    "C:\Users\Admin\AppData\Local\Temp\4b451297d5c4f104d1f1a5d12e7ec25013afbbaf8b2a721e8112229ff30f7525.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    PID:3076

Network

    No results found
  • 179.60.229.168:443
    4b451297d5c4f104d1f1a5d12e7ec25013afbbaf8b2a721e8112229ff30f7525.exe
    156 B
    3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3076-0-0x0000000000600000-0x000000000060C000-memory.dmp

    Filesize

    48KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.