Analysis
-
max time kernel
18s -
max time network
142s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 00:02
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e1_d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4_2021-01-14__000142.exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e1_d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4_2021-01-14__000142.exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e1_d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4_2021-01-14__000142.exe.dll
-
Size
271KB
-
MD5
5e4f66c1907fa5f7a961ef2ebc85597f
-
SHA1
4cc66f96a5c0bae823c857840ea1732a0dc62ec7
-
SHA256
d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4
-
SHA512
003a778ea85807541d96f8cd055598c0e369c02ad347ba8b8f319c50f4fa546322691584065bd6c20659966867ae43220fe2132e64c7951b114330cbb6a39f17
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 21 4796 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 4796 rundll32.exe 4796 rundll32.exe 4796 rundll32.exe 4796 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4728 wrote to memory of 4796 4728 rundll32.exe rundll32.exe PID 4728 wrote to memory of 4796 4728 rundll32.exe rundll32.exe PID 4728 wrote to memory of 4796 4728 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4_2021-01-14__000142.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4_2021-01-14__000142.exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4796-2-0x0000000000000000-mapping.dmp