Analysis
-
max time kernel
16s -
max time network
126s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 00:03
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e3_3cb2dbaf32a6fa0039204c8edd52f63957d03e14136b98f246e9626af97a34a5_2021-01-14__000230.exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e3_3cb2dbaf32a6fa0039204c8edd52f63957d03e14136b98f246e9626af97a34a5_2021-01-14__000230.exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e3_3cb2dbaf32a6fa0039204c8edd52f63957d03e14136b98f246e9626af97a34a5_2021-01-14__000230.exe.dll
-
Size
278KB
-
MD5
a923150848ae6d9432b4684e2af35f27
-
SHA1
edc9240836d2c421423842c2e839abc6f461b0bd
-
SHA256
3cb2dbaf32a6fa0039204c8edd52f63957d03e14136b98f246e9626af97a34a5
-
SHA512
2077341361b2df1bc55323d9e9bc02e0a14dd82489e78ba596fd29f772cfd3579e21be5fb3bb4de03fc182c7bd37af294cc0f8938e5bbb75e9c699fd02177a47
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 15 4848 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 4848 rundll32.exe 4848 rundll32.exe 4848 rundll32.exe 4848 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4804 wrote to memory of 4848 4804 rundll32.exe rundll32.exe PID 4804 wrote to memory of 4848 4804 rundll32.exe rundll32.exe PID 4804 wrote to memory of 4848 4804 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_3cb2dbaf32a6fa0039204c8edd52f63957d03e14136b98f246e9626af97a34a5_2021-01-14__000230.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_3cb2dbaf32a6fa0039204c8edd52f63957d03e14136b98f246e9626af97a34a5_2021-01-14__000230.exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4848-2-0x0000000000000000-mapping.dmp