Analysis

  • max time kernel
    45s
  • max time network
    58s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 00:01

General

  • Target

    emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144._exe.dll

  • Size

    271KB

  • MD5

    d361b6d2649d873f6f9953df1d84f9c4

  • SHA1

    6db25f11aa3f288996796c7d5f1691034929da34

  • SHA256

    5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d

  • SHA512

    1a82e34c9c24b48943c3be44f990fddf6cff04af33afa59d03ff58daccd1201dc00a7ff2c06c6016489aed902ecad8941ebb3978238a80eb71a63e12c13ed940

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144._exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:576
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144._exe.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/472-2-0x0000000000000000-mapping.dmp