Overview

overview

8

Static

static

emotet_exe...xe.dll

windows7_x64

8

emotet_exe...xe.dll

windows10_x64

8

Analysis

  • max time kernel
    82s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-01-2021 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    emotet_exe_e2_7aed3fe2d0743ca0f167a3029bc9f6d2a2efca22fc97ef085234513788859c09_2021-01-13__000249.exe.dll

  • Size

    269KB

  • MD5

    4e21380791741e450fd0150acb87b357

  • SHA1

    ff7c3180893a91092c1523155e418a793a9dc86e

  • SHA256

    7aed3fe2d0743ca0f167a3029bc9f6d2a2efca22fc97ef085234513788859c09

  • SHA512

    eb1ecc3ecbf4043fdd55a1d3af245500803a25d93790a82ddab6e9d20ccb94d4e48621f4da4a18a000636ca56a06a94e902aa406f30256cc4b68f2cb28735cb8

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e2_7aed3fe2d0743ca0f167a3029bc9f6d2a2efca22fc97ef085234513788859c09_2021-01-13__000249.exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e2_7aed3fe2d0743ca0f167a3029bc9f6d2a2efca22fc97ef085234513788859c09_2021-01-13__000249.exe.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1332-3-0x000007FEF7140000-0x000007FEF73BA000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1728-2-0x0000000000000000-mapping.dmp

    Download