Analysis

  • max time kernel
    43s
  • max time network
    55s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 00:01

General

  • Target

    emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141._exe.dll

  • Size

    271KB

  • MD5

    215e26743ce5d0e7ee3452813c34fc44

  • SHA1

    eca0a3cd2e8d0850ccbfa0a7ea32b6ff9839c365

  • SHA256

    e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419

  • SHA512

    0ad16ac721c6231dfaa1c1b5277a89e38c22a9d5ac89ae6dfbc82b303bb0aa23711cee11b12f4152ed1f5be697a3f029c41e757ebfea0a833616a714acce5d19

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141._exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4700
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_e0c7356fbbaed85b1353cf0baa2ac4572cbe692e65e814c456d6756d7e2c2419_2021-01-14__000141._exe.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:4720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4720-2-0x0000000000000000-mapping.dmp