e7f08dc9b1f0f6563565d7a921598187003b68a734ba6d26dba7504638e26a08 | Triage

Analysis

max time kernel
28s
max time network
130s
platform
windows10_x64
resource
win10v20201028
submitted
14-01-2021 00:02

Sharing

Report Analysis Logs

General

Target

emotet_exe_e1_e7f08dc9b1f0f6563565d7a921598187003b68a734ba6d26dba7504638e26a08_2021-01-14__000142.exe.dll
Size

271KB
MD5

d5764732b50e221c7d32ca49df6e9293
SHA1

170f4d173e70ee44df15abd4ab0b0a6988d4231e
SHA256

e7f08dc9b1f0f6563565d7a921598187003b68a734ba6d26dba7504638e26a08
SHA512

c1e484ed4de7f6b63d907d75269ccd8840ee18385b089fb52b20abff73848761bdc4dbcfa56d9be0298bca4c6d4f51a8530ae843516b94359598b6b6829a9a21

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

12 1212 rundll32.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

rundll32.exe

pid process

1212 rundll32.exe
1212 rundll32.exe
1212 rundll32.exe
1212 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 8 wrote to memory of 1212	8	rundll32.exe	rundll32.exe
PID 8 wrote to memory of 1212	8	rundll32.exe	rundll32.exe
PID 8 wrote to memory of 1212	8	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_e7f08dc9b1f0f6563565d7a921598187003b68a734ba6d26dba7504638e26a08_2021-01-14__000142.exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:8

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_e7f08dc9b1f0f6563565d7a921598187003b68a734ba6d26dba7504638e26a08_2021-01-14__000142.exe.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1212-2-0x0000000000000000-mapping.dmp

Download