Analysis
-
max time kernel
22s -
max time network
139s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
14-01-2021 00:02
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e3_cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4_2021-01-14__000233._exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e3_cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4_2021-01-14__000233._exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e3_cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4_2021-01-14__000233._exe.dll
-
Size
278KB
-
MD5
21f5546dc87302048b86d6c5c7b1696f
-
SHA1
b0a596afdc099b20f094a208148deac2c2d037cd
-
SHA256
cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4
-
SHA512
94986528c2e080e48b71a05260c8429ab0aa2fecbb6d96d17dfa7cadda626c907174d4eb4e84adfbeafa0fbad7f74f8feea189067c849af8f1da36c4f4974ef5
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 5 1920 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1920 rundll32.exe 1920 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1088 wrote to memory of 1920 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1920 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1920 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1920 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1920 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1920 1088 rundll32.exe rundll32.exe PID 1088 wrote to memory of 1920 1088 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4_2021-01-14__000233._exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_cee89080ab471dc784cc9c3d5760842ca5ee712a0d1d791cc1b64303b493cfe4_2021-01-14__000233._exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses