Analysis
-
max time kernel
21s -
max time network
142s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
14-01-2021 00:02
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll
-
Size
271KB
-
MD5
215e26743ce5d0e7ee3452813c34fc44
-
SHA1
eca0a3cd2e8d0850ccbfa0a7ea32b6ff9839c365
-
SHA256
e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419
-
SHA512
0ad16ac721c6231dfaa1c1b5277a89e38c22a9d5ac89ae6dfbc82b303bb0aa23711cee11b12f4152ed1f5be697a3f029c41e757ebfea0a833616a714acce5d19
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 5 1296 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1296 rundll32.exe 1296 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1824 wrote to memory of 1296 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1296 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1296 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1296 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1296 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1296 1824 rundll32.exe rundll32.exe PID 1824 wrote to memory of 1296 1824 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses