Analysis
-
max time kernel
2s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
22-01-2021 11:33
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e3_be829b878815b7343c1d9ee8d18d9fd3173d88ff6193ce4b688460bd858e7e43_2021-01-22__113245._exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e3_be829b878815b7343c1d9ee8d18d9fd3173d88ff6193ce4b688460bd858e7e43_2021-01-22__113245._exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e3_be829b878815b7343c1d9ee8d18d9fd3173d88ff6193ce4b688460bd858e7e43_2021-01-22__113245._exe.dll
-
Size
266KB
-
MD5
a1fbbb28e61acd5ea5e0ebcfb6800066
-
SHA1
3c7323c0d1c8180fa64ca8b6c6b82fe4e30ad92e
-
SHA256
be829b878815b7343c1d9ee8d18d9fd3173d88ff6193ce4b688460bd858e7e43
-
SHA512
c4a1ab610fa1b3efd693442e4154f8bcba529200e4411512722014859b6d2584f94609ee3948404b2169b06ca624e41d0db6a537c64287f2ebfc52102e81e53c
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1904 wrote to memory of 1444 1904 rundll32.exe rundll32.exe PID 1904 wrote to memory of 1444 1904 rundll32.exe rundll32.exe PID 1904 wrote to memory of 1444 1904 rundll32.exe rundll32.exe PID 1904 wrote to memory of 1444 1904 rundll32.exe rundll32.exe PID 1904 wrote to memory of 1444 1904 rundll32.exe rundll32.exe PID 1904 wrote to memory of 1444 1904 rundll32.exe rundll32.exe PID 1904 wrote to memory of 1444 1904 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_be829b878815b7343c1d9ee8d18d9fd3173d88ff6193ce4b688460bd858e7e43_2021-01-22__113245._exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_be829b878815b7343c1d9ee8d18d9fd3173d88ff6193ce4b688460bd858e7e43_2021-01-22__113245._exe.dll,#12⤵