Analysis
-
max time kernel
28s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 00:02
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141.exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141.exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141.exe.dll
-
Size
271KB
-
MD5
e4c17fbb70a71a57102a5e6238d741dc
-
SHA1
68c3ad4c799ef4506c513cc172fb2aa1450ab796
-
SHA256
4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b
-
SHA512
a0319a51666090e4428f1e6bfb2bb4a06c5fb985fc9be434c79c54a366b223ae93d1ebe9372209fabb27faee5caa74977de451f27c2200ec29313fc8fb3605ec
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 14 4960 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 4960 rundll32.exe 4960 rundll32.exe 4960 rundll32.exe 4960 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4764 wrote to memory of 4960 4764 rundll32.exe rundll32.exe PID 4764 wrote to memory of 4960 4764 rundll32.exe rundll32.exe PID 4764 wrote to memory of 4960 4764 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141.exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4960-2-0x0000000000000000-mapping.dmp