Analysis
-
max time kernel
86s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 00:02
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll
-
Size
271KB
-
MD5
215e26743ce5d0e7ee3452813c34fc44
-
SHA1
eca0a3cd2e8d0850ccbfa0a7ea32b6ff9839c365
-
SHA256
e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419
-
SHA512
0ad16ac721c6231dfaa1c1b5277a89e38c22a9d5ac89ae6dfbc82b303bb0aa23711cee11b12f4152ed1f5be697a3f029c41e757ebfea0a833616a714acce5d19
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 14 1580 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 1580 rundll32.exe 1580 rundll32.exe 1580 rundll32.exe 1580 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1924 wrote to memory of 1580 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 1580 1924 rundll32.exe rundll32.exe PID 1924 wrote to memory of 1580 1924 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141.exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1580-2-0x0000000000000000-mapping.dmp