8fa8d19ca8875f370b5267c9e666f67d3eeb4ea55d061e6ac0aa618e8ac3d8de | Triage

Analysis

max time kernel
25s
max time network
125s
platform
windows10_x64
resource
win10v20201028
submitted
13-01-2021 12:00

Sharing

Report Analysis Logs

General

Target

emotet_exe_e1_8fa8d19ca8875f370b5267c9e666f67d3eeb4ea55d061e6ac0aa618e8ac3d8de_2021-01-13__115917.exe.dll
Size

271KB
MD5

6d65571a1d5bb5ce2f3168dbcc6c12c9
SHA1

c5c2903fcdf700d27b240f834f1641b67fa352c7
SHA256

8fa8d19ca8875f370b5267c9e666f67d3eeb4ea55d061e6ac0aa618e8ac3d8de
SHA512

84732ad954375ee0d524c38cad5898cff8c8b1bdfb67c9ae7f8920c2c2f098871d7e1ee87c118c6cf1fd09cbad919a43897715112a1506139f62547ee74f04a3

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

16 416 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

416 rundll32.exe
416 rundll32.exe
416 rundll32.exe
416 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3992 wrote to memory of 416	3992	rundll32.exe	rundll32.exe
PID 3992 wrote to memory of 416	3992	rundll32.exe	rundll32.exe
PID 3992 wrote to memory of 416	3992	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_8fa8d19ca8875f370b5267c9e666f67d3eeb4ea55d061e6ac0aa618e8ac3d8de_2021-01-13__115917.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3992

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_8fa8d19ca8875f370b5267c9e666f67d3eeb4ea55d061e6ac0aa618e8ac3d8de_2021-01-13__115917.exe.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/416-2-0x0000000000000000-mapping.dmp

Download