Analysis

  • max time kernel
    49s
  • max time network
    60s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 00:01

General

  • Target

    emotet_exe_e1_25fb0a71ad75732672b88e0571fb4ff7deee9cb7dd6bac5d98e6dc77efbb9fbc_2021-01-14__000143._exe.dll

  • Size

    271KB

  • MD5

    89844b6587d63a05c26d2a76f293cdc3

  • SHA1

    eb2d3a604bd47c43fead53db5c453df63a2cae3d

  • SHA256

    25fb0a71ad75732672b88e0571fb4ff7deee9cb7dd6bac5d98e6dc77efbb9fbc

  • SHA512

    b2c07086495db5cc4ad23c53280bac861f12f5470665259cf9ac54adb3dc4048672af1cb1e36907ec5468a8ac996e4b72736bd7d3538a27957354e1d893aef64

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_25fb0a71ad75732672b88e0571fb4ff7deee9cb7dd6bac5d98e6dc77efbb9fbc_2021-01-14__000143._exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:508
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_25fb0a71ad75732672b88e0571fb4ff7deee9cb7dd6bac5d98e6dc77efbb9fbc_2021-01-14__000143._exe.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1036-2-0x0000000000000000-mapping.dmp