Analysis
-
max time kernel
20s -
max time network
129s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 00:02
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e3_1256cd8773234155c67ed3293c81b926d2d16d94960dfb7ea9f2df14b6a7f27d_2021-01-14__000231._exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e3_1256cd8773234155c67ed3293c81b926d2d16d94960dfb7ea9f2df14b6a7f27d_2021-01-14__000231._exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e3_1256cd8773234155c67ed3293c81b926d2d16d94960dfb7ea9f2df14b6a7f27d_2021-01-14__000231._exe.dll
-
Size
278KB
-
MD5
666bee305fc67f19cfa59236ffa9e0fe
-
SHA1
43800c7777f68cfb96a5317da9405eae0f43f301
-
SHA256
1256cd8773234155c67ed3293c81b926d2d16d94960dfb7ea9f2df14b6a7f27d
-
SHA512
6d4df799e0e2d8aaed795f03711bdb4878cef08e038fc507af95f99a8a52f7d655743814a1f8ae3ad229766513ecc12553429f48bf226567dcf29a60ee88796e
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 20 1432 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
rundll32.exepid process 1432 rundll32.exe 1432 rundll32.exe 1432 rundll32.exe 1432 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 972 wrote to memory of 1432 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1432 972 rundll32.exe rundll32.exe PID 972 wrote to memory of 1432 972 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_1256cd8773234155c67ed3293c81b926d2d16d94960dfb7ea9f2df14b6a7f27d_2021-01-14__000231._exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_1256cd8773234155c67ed3293c81b926d2d16d94960dfb7ea9f2df14b6a7f27d_2021-01-14__000231._exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1432-2-0x0000000000000000-mapping.dmp