Analysis

  • max time kernel
    41s
  • max time network
    50s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 00:01

General

  • Target

    emotet_exe_e1_d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4_2021-01-14__000142._exe.dll

  • Size

    271KB

  • MD5

    5e4f66c1907fa5f7a961ef2ebc85597f

  • SHA1

    4cc66f96a5c0bae823c857840ea1732a0dc62ec7

  • SHA256

    d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4

  • SHA512

    003a778ea85807541d96f8cd055598c0e369c02ad347ba8b8f319c50f4fa546322691584065bd6c20659966867ae43220fe2132e64c7951b114330cbb6a39f17

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4_2021-01-14__000142._exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:744
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_d9f6dfa452f15185695123ea5f83cb15f8d77c8dc1f3bce6ed0272a547a978c4_2021-01-14__000142._exe.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:3704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3704-2-0x0000000000000000-mapping.dmp