Overview

overview

10

Static

static

VirusShare...87.exe

windows7_x64

10

Analysis

  • max time kernel
    290s
  • max time network
    298s
  • platform
    windows7_x64
  • resource
    win7-en-20211014
  • submitted
    19-10-2021 14:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VirusShare_bae06a0ea924a105ef52dfd4cfe79187.exe

  • Size

    112KB

  • MD5

    bae06a0ea924a105ef52dfd4cfe79187

  • SHA1

    9c091054350a7e14d9d8c76d6bceb3ecdfe26c61

  • SHA256

    3ce0b9ca45ae36be8a3d22ccff44a30207cd179d309b44163f74083826c9e663

  • SHA512

    0a3b050a39918bdce7a1c13dcac923033a9ecf9db5ffd4c744996f1f176936326f141a88932ab1d47a5deb1482dba6f6003f464fd621e831f64980c5e30545fc

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet Payload 5 IoCs

    Detects Emotet payload in memory.

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 9 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirusShare_bae06a0ea924a105ef52dfd4cfe79187.exe
    "C:\Users\Admin\AppData\Local\Temp\VirusShare_bae06a0ea924a105ef52dfd4cfe79187.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1336
    • C:\Windows\SysWOW64\softkbd\ntmarta.exe
      "C:\Windows\SysWOW64\softkbd\ntmarta.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:268

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\softkbd\ntmarta.exe
    MD5

    bae06a0ea924a105ef52dfd4cfe79187

    SHA1

    9c091054350a7e14d9d8c76d6bceb3ecdfe26c61

    SHA256

    3ce0b9ca45ae36be8a3d22ccff44a30207cd179d309b44163f74083826c9e663

    SHA512

    0a3b050a39918bdce7a1c13dcac923033a9ecf9db5ffd4c744996f1f176936326f141a88932ab1d47a5deb1482dba6f6003f464fd621e831f64980c5e30545fc

    Download Submit

  • memory/268-62-0x0000000000000000-mapping.dmp

    Download

  • memory/268-64-0x00000000001D0000-0x00000000001E2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/268-67-0x0000000000271000-0x000000000027C000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1336-55-0x0000000000240000-0x0000000000252000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1336-58-0x0000000000261000-0x000000000026C000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1336-59-0x000000000026C000-0x000000000026D000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1336-60-0x0000000075B71000-0x0000000075B73000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1336-61-0x0000000000230000-0x000000000023F000-memory.dmp

    Filesize

    60KB

    Download