f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5 | Triage

Analysis

max time kernel
40s
max time network
50s
platform
windows10_x64
resource
win10v20201028
submitted
22-01-2021 10:36

Sharing

Report Analysis Logs

General

Target

emotet_exe_e1_f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5_2021-01-22__103653._exe.dll
Size

346KB
MD5

1542602628751eb95eecd6c00ff5cee8
SHA1

90c4d944f28167a4320c66a9efcab331e978f8d7
SHA256

f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5
SHA512

782bf6a3bbf7a2703f8ee30db9aa92153959bac402f8102f400cabba8427109cac4fef540cf9b6862f6b56db33c335e58c443d732d353f3538badbf0a1ff06a6

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 636 wrote to memory of 1316	636	rundll32.exe	rundll32.exe
PID 636 wrote to memory of 1316	636	rundll32.exe	rundll32.exe
PID 636 wrote to memory of 1316	636	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5_2021-01-22__103653._exe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:636

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5_2021-01-22__103653._exe.dll,#1
2⤵
PID:1316

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1316-2-0x0000000000000000-mapping.dmp

Download