Analysis
-
max time kernel
143s -
max time network
148s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
18-02-2021 16:18
General
-
Target
43E6.tmp.exe
-
Size
372KB
-
MD5
0573884ab205d9b7bf0d51ee8a3b93af
-
SHA1
39df9c19bd28b3228f31219805fe44e8adb7ec87
-
SHA256
b264bcc61b75044b36066cadc82baf5642955b71913d284d7d7a2c7a3a7de203
-
SHA512
5f44382a2b9b1d772c312c6b2bf45c6625cc578ab1cd4670a147c0ee2856ac3306af665fb7cdff14c05497b5967673f7ffdf2a842a3a6428eaf2b1c43ae059d1
Malware Config
Extracted
emotet
Epoch2
174.102.48.180:80
88.217.172.164:443
51.75.33.120:8080
62.138.26.28:8080
169.239.182.217:8080
114.146.222.200:80
116.203.32.252:8080
103.86.49.11:8080
74.120.55.163:80
41.60.200.34:80
209.182.216.177:443
157.245.99.39:8080
87.106.139.101:8080
152.168.248.128:443
104.236.246.93:8080
47.144.21.12:443
139.130.242.43:80
181.230.116.163:80
72.12.127.184:443
61.19.246.238:443
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Emotet Payload 2 IoCs
Detects Emotet payload in memory.
-
Suspicious behavior: EnumeratesProcesses 9 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\43E6.tmp.exe"C:\Users\Admin\AppData\Local\Temp\43E6.tmp.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1044-2-0x00000000760A1000-0x00000000760A3000-memory.dmpFilesize
8KB
-
memory/1044-3-0x0000000000280000-0x000000000028C000-memory.dmpFilesize
48KB
-
memory/1044-4-0x0000000000270000-0x0000000000279000-memory.dmpFilesize
36KB
-
memory/1220-5-0x000007FEF77C0000-0x000007FEF7A3A000-memory.dmpFilesize
2.5MB