Analysis
-
max time kernel
45s -
max time network
58s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 00:01
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144._exe.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144._exe.dll
-
Size
271KB
-
MD5
d361b6d2649d873f6f9953df1d84f9c4
-
SHA1
6db25f11aa3f288996796c7d5f1691034929da34
-
SHA256
5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d
-
SHA512
1a82e34c9c24b48943c3be44f990fddf6cff04af33afa59d03ff58daccd1201dc00a7ff2c06c6016489aed902ecad8941ebb3978238a80eb71a63e12c13ed940
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 15 472 rundll32.exe 19 472 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
rundll32.exepid process 472 rundll32.exe 472 rundll32.exe 472 rundll32.exe 472 rundll32.exe 472 rundll32.exe 472 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 576 wrote to memory of 472 576 rundll32.exe rundll32.exe PID 576 wrote to memory of 472 576 rundll32.exe rundll32.exe PID 576 wrote to memory of 472 576 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144._exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144._exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/472-2-0x0000000000000000-mapping.dmp