Analysis

  • max time kernel
    24s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    14-01-2021 00:02

General

  • Target

    emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144.exe.dll

  • Size

    271KB

  • MD5

    d361b6d2649d873f6f9953df1d84f9c4

  • SHA1

    6db25f11aa3f288996796c7d5f1691034929da34

  • SHA256

    5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d

  • SHA512

    1a82e34c9c24b48943c3be44f990fddf6cff04af33afa59d03ff58daccd1201dc00a7ff2c06c6016489aed902ecad8941ebb3978238a80eb71a63e12c13ed940

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144.exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144.exe.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      PID:1104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1104-2-0x0000000000000000-mapping.dmp
  • memory/1620-3-0x000007FEF6550000-0x000007FEF67CA000-memory.dmp
    Filesize

    2.5MB