Analysis

  • max time kernel
    29s
  • max time network
    31s
  • platform
    windows10_x64
  • resource
    win10v200722
  • submitted
    31-07-2020 23:14

General

  • Target

    30b725039642e7079e1b01067571fcbe9294ea154a734e3a20b483e8493e2476.exe

  • Size

    392KB

  • MD5

    475128f9091210acdf408f034eeb982b

  • SHA1

    53f82ebe7cd21e4fe74e81face096452e88a0efd

  • SHA256

    30b725039642e7079e1b01067571fcbe9294ea154a734e3a20b483e8493e2476

  • SHA512

    dd8c6d81f70c0d9f16f1a50fb60bcf3d02ab7929004e8aaf837e07d18fd084efe71cadc8b7928a7ffca1674b11d7ac864886c8ea7bd048f9ba2cd05e7337cb83

Score
10/10

Malware Config

Extracted

Family

emotet

C2

73.116.193.136:80

185.94.252.13:443

149.62.173.247:8080

89.32.150.160:8080

185.94.252.12:80

77.90.136.129:8080

83.169.21.32:7080

104.236.161.64:8080

114.109.179.60:80

189.2.177.210:443

68.183.190.199:8080

144.139.91.187:443

185.94.252.27:443

190.181.235.46:80

82.196.15.205:8080

46.28.111.142:7080

181.167.96.215:80

202.62.39.111:80

219.92.13.25:80

191.99.160.58:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----
6

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Emotet Payload 2 IoCs

    Detects Emotet payload in memory.

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

Processes

  • C:\Users\Admin\AppData\Local\Temp\30b725039642e7079e1b01067571fcbe9294ea154a734e3a20b483e8493e2476.exe
    "C:\Users\Admin\AppData\Local\Temp\30b725039642e7079e1b01067571fcbe9294ea154a734e3a20b483e8493e2476.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    PID:3952

Network

    No results found
  • 73.116.193.136:80
    30b725039642e7079e1b01067571fcbe9294ea154a734e3a20b483e8493e2476.exe
    156 B
    3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3952-0-0x0000000002240000-0x000000000224C000-memory.dmp

    Filesize

    48KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.