Analysis
-
max time kernel
4s -
max time network
9s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
22-01-2021 10:53
Static task
static1
Behavioral task
behavioral1
Sample
emotet_exe_e3_c982f6034920851ee90586aa82b6609f1d1b6ea0783accf11d26f66e01d08292_2021-01-22__105253.exe.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emotet_exe_e3_c982f6034920851ee90586aa82b6609f1d1b6ea0783accf11d26f66e01d08292_2021-01-22__105253.exe.dll
Resource
win10v20201028
General
-
Target
emotet_exe_e3_c982f6034920851ee90586aa82b6609f1d1b6ea0783accf11d26f66e01d08292_2021-01-22__105253.exe.dll
-
Size
907B
-
MD5
874c49d184c380452d2265aa672fbc8b
-
SHA1
5d88e0ceae84649806199df0384ed55d8c20ed65
-
SHA256
c982f6034920851ee90586aa82b6609f1d1b6ea0783accf11d26f66e01d08292
-
SHA512
f4a42561c0a48387dd2c82a07c4131b04fe46e45f8f53c45d7e1982b1174ef68930d6e7faaa9c1fd3798ae65e547ac1928d542442015d40383051a61b7eb50ea
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1856 wrote to memory of 2032 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2032 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2032 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2032 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2032 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2032 1856 rundll32.exe rundll32.exe PID 1856 wrote to memory of 2032 1856 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_c982f6034920851ee90586aa82b6609f1d1b6ea0783accf11d26f66e01d08292_2021-01-22__105253.exe.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet_exe_e3_c982f6034920851ee90586aa82b6609f1d1b6ea0783accf11d26f66e01d08292_2021-01-22__105253.exe.dll,#12⤵