Overview

overview

8

Static

static

emotet_exe...xe.dll

windows7_x64

8

emotet_exe...xe.dll

windows10_x64

8

Analysis

  • max time kernel
    35s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    13-01-2021 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    emotet_exe_e1_2057b1c272cca18b84d820801257555faf68c282de7009a9a6eda9012fdb7e9b_2021-01-13__000233.exe.dll

  • Size

    275KB

  • MD5

    887ebc711020b58c5fdbd96dd300a7d8

  • SHA1

    8240ea5b66d724c9b1aa0d2620cd644832deab4a

  • SHA256

    2057b1c272cca18b84d820801257555faf68c282de7009a9a6eda9012fdb7e9b

  • SHA512

    a2024f4be11bb7ad8105c6b34e510f15da2c0808f9faccdab7a1fd5d12c5a98c71ba7cf6722376cf1dd230e0be91565e8fdeeb46493680a5015e7815ce39c440

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_2057b1c272cca18b84d820801257555faf68c282de7009a9a6eda9012fdb7e9b_2021-01-13__000233.exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:776
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_2057b1c272cca18b84d820801257555faf68c282de7009a9a6eda9012fdb7e9b_2021-01-13__000233.exe.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1528-3-0x000007FEF74B0000-0x000007FEF772A000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/1952-2-0x0000000000000000-mapping.dmp

    Download