Analysis

  • max time kernel
    14s
  • max time network
    28s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    31-07-2020 17:14

General

  • Target

    947a3ff96938744424bfe2185f0caa7f0a106c8af19afc25895327328ffb5e31.exe

  • Size

    372KB

  • MD5

    2f18dff2293cb28738382052d2b1c5f9

  • SHA1

    bb7faedf28db6392de8b5e7d7d71bc951106fc58

  • SHA256

    947a3ff96938744424bfe2185f0caa7f0a106c8af19afc25895327328ffb5e31

  • SHA512

    bdcb569beda358854ef1cac12e2ac5aab9b24cd1830ff5dd22ddcc59539e13004da332d435aea83c324345c031f3c502697da64c4aa1fd309c415ab4c7d622dd

Score
10/10

Malware Config

Extracted

Family

emotet

C2

73.116.193.136:80

185.94.252.13:443

149.62.173.247:8080

89.32.150.160:8080

185.94.252.12:80

77.90.136.129:8080

83.169.21.32:7080

104.236.161.64:8080

114.109.179.60:80

189.2.177.210:443

68.183.190.199:8080

144.139.91.187:443

185.94.252.27:443

190.181.235.46:80

82.196.15.205:8080

46.28.111.142:7080

181.167.96.215:80

202.62.39.111:80

219.92.13.25:80

191.99.160.58:80

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
3
uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
4
6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
5
-----END PUBLIC KEY-----
6

Signatures

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Emotet Payload 2 IoCs

    Detects Emotet payload in memory.

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

Processes

  • C:\Users\Admin\AppData\Local\Temp\947a3ff96938744424bfe2185f0caa7f0a106c8af19afc25895327328ffb5e31.exe
    "C:\Users\Admin\AppData\Local\Temp\947a3ff96938744424bfe2185f0caa7f0a106c8af19afc25895327328ffb5e31.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious behavior: EnumeratesProcesses
    PID:3908

Network

    No results found
  • 73.116.193.136:80
    947a3ff96938744424bfe2185f0caa7f0a106c8af19afc25895327328ffb5e31.exe
    156 B
    3
  • 142.105.151.124:443
    40 B
    46 B
    1
    1
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3908-0-0x0000000000560000-0x000000000056C000-memory.dmp

    Filesize

    48KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.