Analysis
-
max time kernel
40s -
max time network
50s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
22-01-2021 10:36
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e1_f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5_2021-01-22__103653._exe.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
emotet_exe_e1_f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5_2021-01-22__103653._exe.dll
-
Size
346KB
-
MD5
1542602628751eb95eecd6c00ff5cee8
-
SHA1
90c4d944f28167a4320c66a9efcab331e978f8d7
-
SHA256
f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5
-
SHA512
782bf6a3bbf7a2703f8ee30db9aa92153959bac402f8102f400cabba8427109cac4fef540cf9b6862f6b56db33c335e58c443d732d353f3538badbf0a1ff06a6
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 636 wrote to memory of 1316 636 rundll32.exe rundll32.exe PID 636 wrote to memory of 1316 636 rundll32.exe rundll32.exe PID 636 wrote to memory of 1316 636 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5_2021-01-22__103653._exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e1_f5a2ec7716664ae860577125e6e304b393e655a69cdd48c93387c0ec08cc98d5_2021-01-22__103653._exe.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1316-2-0x0000000000000000-mapping.dmp