Overview

overview

10

Static

static

emotet.exe

windows7_x64

10

emotet.exe

windows10_x64

10

Analysis

  • max time kernel
    137s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    18-11-2020 21:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    emotet.exe

  • Size

    213KB

  • MD5

    3135be2c48f42ef0f3540f7434eb9f39

  • SHA1

    6c8773fd797cad0e05ee4c27658d484576bca4f4

  • SHA256

    47ce4a3551cfd77c69cb0615b6e3a40f78a57f8321477654dd6b06512070f1ae

  • SHA512

    03d6fc239d9f47975592f78e4a31ec8d30a414768f017dded7c5ca7f1fc877bf8561f85b1ed8ed1335177e5cb6300b3359032370e325aaa508e1be9989f370e7

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: EmotetMutantsSpam 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\emotet.exe
    "C:\Users\Admin\AppData\Local\Temp\emotet.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Users\Admin\AppData\Local\Temp\emotet.exe
      "C:\Users\Admin\AppData\Local\Temp\emotet.exe"
      2⤵
      • Suspicious behavior: EmotetMutantsSpam
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:2724
  • C:\Windows\SysWOW64\loadavolume.exe
    "C:\Windows\SysWOW64\loadavolume.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Windows\SysWOW64\loadavolume.exe
      "C:\Windows\SysWOW64\loadavolume.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious behavior: EmotetMutantsSpam
      • Suspicious behavior: EnumeratesProcesses
      PID:4000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1928-4-0x00000000001F0000-0x0000000000207000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2604-0-0x0000000001160000-0x0000000001177000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2724-1-0x0000000000000000-mapping.dmp
    Download
  • memory/2724-2-0x00000000021B0000-0x00000000021C7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/2724-3-0x0000000000070000-0x00000000000A9000-memory.dmp
    Filesize

    228KB

    Download
  • memory/4000-5-0x0000000000000000-mapping.dmp
    Download
  • memory/4000-6-0x0000000000DB0000-0x0000000000DC7000-memory.dmp
    Filesize

    92KB

    Download
  • memory/4000-7-0x0000000000070000-0x00000000000A9000-memory.dmp
    Filesize

    228KB

    Download