e6ec70418c0896839b13b04b2308298bfd5c71e5543de240bb1fb9e24cf7c9ac

Analysis

Target

emotet_exe_e2_e6ec70418c0896839b13b04b2308298bfd5c71e5543de240bb1fb9e24cf7c9ac_2021-01-13__000250.exe.dll
Size

269KB
MD5

1922c21b374c6deb8973f5fdb00e4f6e
SHA1

334a4107509cc910f9a81be5c84005a2287459a7
SHA256

e6ec70418c0896839b13b04b2308298bfd5c71e5543de240bb1fb9e24cf7c9ac
SHA512

88fbde6a6ca7d781e06c9c3f1b7cedb33985d8a22a5beb72224f817e2b725362cb9fe6476a3f5fc84ba47af9f59ea35911e58d93bbf73dc09d369d5908c88090

Score

8^/10

Blocklisted process makes network request 2 IoCs

Processes:

rundll32.exe

flow pid process

18 904 rundll32.exe
19 904 rundll32.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

rundll32.exe

pid process

904 rundll32.exe
904 rundll32.exe
904 rundll32.exe
904 rundll32.exe
904 rundll32.exe
904 rundll32.exe

flow	pid	process
18	904	rundll32.exe
19	904	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 576 wrote to memory of 904	576	rundll32.exe	rundll32.exe
PID 576 wrote to memory of 904	576	rundll32.exe	rundll32.exe
PID 576 wrote to memory of 904	576	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e2_e6ec70418c0896839b13b04b2308298bfd5c71e5543de240bb1fb9e24cf7c9ac_2021-01-13__000250.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e2_e6ec70418c0896839b13b04b2308298bfd5c71e5543de240bb1fb9e24cf7c9ac_2021-01-13__000250.exe.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:904