Analysis
-
max time kernel
24s -
max time network
143s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
14-01-2021 00:02
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144.exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144.exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144.exe.dll
-
Size
271KB
-
MD5
d361b6d2649d873f6f9953df1d84f9c4
-
SHA1
6db25f11aa3f288996796c7d5f1691034929da34
-
SHA256
5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d
-
SHA512
1a82e34c9c24b48943c3be44f990fddf6cff04af33afa59d03ff58daccd1201dc00a7ff2c06c6016489aed902ecad8941ebb3978238a80eb71a63e12c13ed940
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
rundll32.exeflow pid process 6 1104 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1104 rundll32.exe 1104 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1832 wrote to memory of 1104 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1104 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1104 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1104 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1104 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1104 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1104 1832 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_5c3fbb6d9fac98e2745a447d3d9b307dec3b1c1775fb70c2fc743855c1e5588d_2021-01-14__000144.exe.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses