2057b1c272cca18b84d820801257555faf68c282de7009a9a6eda9012fdb7e9b

Analysis

Target

emotet_exe_e1_2057b1c272cca18b84d820801257555faf68c282de7009a9a6eda9012fdb7e9b_2021-01-13__000233.exe.dll
Size

275KB
MD5

887ebc711020b58c5fdbd96dd300a7d8
SHA1

8240ea5b66d724c9b1aa0d2620cd644832deab4a
SHA256

2057b1c272cca18b84d820801257555faf68c282de7009a9a6eda9012fdb7e9b
SHA512

a2024f4be11bb7ad8105c6b34e510f15da2c0808f9faccdab7a1fd5d12c5a98c71ba7cf6722376cf1dd230e0be91565e8fdeeb46493680a5015e7815ce39c440

Score

8^/10

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

16 3616 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

3616 rundll32.exe
3616 rundll32.exe
3616 rundll32.exe
3616 rundll32.exe

flow	pid	process
16	3616	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3888 wrote to memory of 3616	3888	rundll32.exe	rundll32.exe
PID 3888 wrote to memory of 3616	3888	rundll32.exe	rundll32.exe
PID 3888 wrote to memory of 3616	3888	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_2057b1c272cca18b84d820801257555faf68c282de7009a9a6eda9012fdb7e9b_2021-01-13__000233.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_2057b1c272cca18b84d820801257555faf68c282de7009a9a6eda9012fdb7e9b_2021-01-13__000233.exe.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:3616