Analysis
-
max time kernel
143s -
max time network
145s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
17-11-2020 14:48
General
-
Target
d1b8a02c16ffa7c6a445d56c20358114.exe
-
Size
816KB
-
MD5
55328103bca0438596479026d4e72326
-
SHA1
7e6452780a4e16c23a2f2747ec642aa7bd3fce60
-
SHA256
8fc9f9295b77940826a359976248b588074ce3fda76d38fe67370bde2422a6c1
-
SHA512
efcb80c640b0458d9166c29ed91e5d1a9593b9e7ad2b08470a3439c9794a533353cc4d44e29df9c5e279318306283c1e563b0dcab612b908f023c8272c8504cc
Malware Config
Extracted
emotet
Epoch2
79.7.158.208:80
46.105.131.87:80
209.141.54.221:8080
78.189.165.52:8080
37.139.21.175:8080
98.15.140.226:80
103.86.49.11:8080
41.60.200.34:80
190.55.181.54:443
120.151.135.224:80
162.154.38.103:80
60.130.173.117:80
5.196.74.210:8080
46.105.131.79:8080
168.235.67.138:7080
24.1.189.87:8080
95.213.236.64:8080
74.208.45.104:8080
41.215.92.157:80
87.106.139.101:8080
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Suspicious behavior: EmotetMutantsSpam 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d1b8a02c16ffa7c6a445d56c20358114.exe"C:\Users\Admin\AppData\Local\Temp\d1b8a02c16ffa7c6a445d56c20358114.exe"1⤵
- Suspicious behavior: EmotetMutantsSpam
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/292-0-0x0000000000200000-0x000000000020E000-memory.dmpFilesize
56KB
-
memory/292-1-0x0000000000290000-0x000000000029C000-memory.dmpFilesize
48KB
-
memory/292-3-0x0000000000400000-0x000000000040C000-memory.dmpFilesize
48KB
-
memory/1184-2-0x000007FEF6460000-0x000007FEF66DA000-memory.dmpFilesize
2.5MB