Analysis

  • max time kernel
    43s
  • max time network
    54s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    14-01-2021 00:01

General

  • Target

    emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141._exe.dll

  • Size

    271KB

  • MD5

    e4c17fbb70a71a57102a5e6238d741dc

  • SHA1

    68c3ad4c799ef4506c513cc172fb2aa1450ab796

  • SHA256

    4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b

  • SHA512

    a0319a51666090e4428f1e6bfb2bb4a06c5fb985fc9be434c79c54a366b223ae93d1ebe9372209fabb27faee5caa74977de451f27c2200ec29313fc8fb3605ec

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141._exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:980
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_4b0fc83ee767b76b201f8a8a9e472a859cea02ea98ed7734a72751699707386b_2021-01-14__000141._exe.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1204-2-0x0000000000000000-mapping.dmp