cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4 | Triage

Analysis

max time kernel
22s
max time network
139s
platform
windows7_x64
resource
win7v20201028
submitted
14-01-2021 00:02

Sharing

Report Analysis Logs

General

Target

emotet_exe_e3_cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4_2021-01-14__000233._exe.dll
Size

278KB
MD5

21f5546dc87302048b86d6c5c7b1696f
SHA1

b0a596afdc099b20f094a208148deac2c2d037cd
SHA256

cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4
SHA512

94986528c2e080e48b71a05260c8429ab0aa2fecbb6d96d17dfa7cadda626c907174d4eb4e84adfbeafa0fbad7f74f8feea189067c849af8f1da36c4f4974ef5

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

5 1920 rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

1920 rundll32.exe
1920 rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1088 wrote to memory of 1920	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 1920	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 1920	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 1920	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 1920	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 1920	1088	rundll32.exe	rundll32.exe
PID 1088 wrote to memory of 1920	1088	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4_2021-01-14__000233._exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1088

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4_2021-01-14__000233._exe.dll,#1
2⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1300-3-0x000007FEF7E50000-0x000007FEF80CA000-memory.dmp

Filesize
2.5MB

Download
memory/1920-2-0x0000000000000000-mapping.dmp

Download