Overview

overview

10

Static

static

8ac8e7c7d3...97.exe

windows7_x64

10

8ac8e7c7d3...97.exe

windows10_x64

10

Resubmissions

11-11-2021 07:04

211111-hv496aahd5 10

04-11-2021 08:03

211104-jxwapsgba5 10

Analysis

  • max time kernel
    1800s
  • max time network
    1791s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    11-11-2021 07:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ac8e7c7d38192eeb5edd4fab3adab9437c456fbe2cd1a757fd1da79c74ee897.exe

  • Size

    352KB

  • MD5

    6cb0a519e981f65f5fa3eb7894a9d975

  • SHA1

    564285b2d70cc9c592c84ae0774f25825cff7cc4

  • SHA256

    8ac8e7c7d38192eeb5edd4fab3adab9437c456fbe2cd1a757fd1da79c74ee897

  • SHA512

    e66cc0f6e3d6ed2fd6ee9692d6c78a4e32a94322aee775cfd8c0ef8a22f25eec5f0c8625a2c45da50a631535e5f460e88b5749b4cb81840359cbd68b247a3085

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet Payload 5 IoCs

    Detects Emotet payload in memory.

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 51 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ac8e7c7d38192eeb5edd4fab3adab9437c456fbe2cd1a757fd1da79c74ee897.exe
    "C:\Users\Admin\AppData\Local\Temp\8ac8e7c7d38192eeb5edd4fab3adab9437c456fbe2cd1a757fd1da79c74ee897.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:368
    • C:\Windows\SysWOW64\iccvid\tdh.exe
      "C:\Windows\SysWOW64\iccvid\tdh.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1472

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\iccvid\tdh.exe
    MD5

    6cb0a519e981f65f5fa3eb7894a9d975

    SHA1

    564285b2d70cc9c592c84ae0774f25825cff7cc4

    SHA256

    8ac8e7c7d38192eeb5edd4fab3adab9437c456fbe2cd1a757fd1da79c74ee897

    SHA512

    e66cc0f6e3d6ed2fd6ee9692d6c78a4e32a94322aee775cfd8c0ef8a22f25eec5f0c8625a2c45da50a631535e5f460e88b5749b4cb81840359cbd68b247a3085

    Download Submit

  • memory/368-58-0x0000000000571000-0x000000000057C000-memory.dmp

    Filesize

    44KB

    Download

  • memory/368-60-0x0000000000580000-0x00000000005AC000-memory.dmp

    Filesize

    176KB

    Download

  • memory/368-59-0x000000000057C000-0x000000000057D000-memory.dmp

    Filesize

    4KB

    Download

  • memory/368-55-0x0000000000530000-0x000000000056D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/368-61-0x00000000765D1000-0x00000000765D3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/368-71-0x00000000004E0000-0x000000000051A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1472-62-0x0000000000000000-mapping.dmp

    Download

  • memory/1472-64-0x00000000003A0000-0x00000000003DD000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1472-67-0x0000000000791000-0x000000000079C000-memory.dmp

    Filesize

    44KB

    Download