Analysis
-
max time kernel
43s -
max time network
54s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 00:01
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141._exe.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141._exe.dll
-
Size
271KB
-
MD5
e4c17fbb70a71a57102a5e6238d741dc
-
SHA1
68c3ad4c799ef4506c513cc172fb2aa1450ab796
-
SHA256
4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b
-
SHA512
a0319a51666090e4428f1e6bfb2bb4a06c5fb985fc9be434c79c54a366b223ae93d1ebe9372209fabb27faee5caa74977de451f27c2200ec29313fc8fb3605ec
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
Processes:
rundll32.exeflow pid process 13 1204 rundll32.exe 16 1204 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
rundll32.exepid process 1204 rundll32.exe 1204 rundll32.exe 1204 rundll32.exe 1204 rundll32.exe 1204 rundll32.exe 1204 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 980 wrote to memory of 1204 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 1204 980 rundll32.exe rundll32.exe PID 980 wrote to memory of 1204 980 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141._exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141._exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1204-2-0x0000000000000000-mapping.dmp