7d448547e0cad89bd34f0fddac8a407d161d5ac389466b1bab0b785ec1dbb8ad | Triage

Resubmissions

16-03-2024 23:03

240316-21xbaaee5y 10

13-01-2022 00:09

220113-afz3wsegem 1

Analysis

max time kernel
242s
max time network
253s
platform
windows10_x64
resource
win10-en-20211208
submitted
13-01-2022 00:09

Sharing

Report Analysis Logs

General

Target

emotet_exe_e5_7d448547e0cad89bd34f0fddac8a407d161d5ac389466b1bab0b785ec1dbb8ad_2022-01-13__000954._exe.dll
Size

470KB
MD5

ec656a71699b8ce883ae4d6159b5940b
SHA1

ff7ec1f0b9c2c2df1e4a331773c32b853628dd09
SHA256

7d448547e0cad89bd34f0fddac8a407d161d5ac389466b1bab0b785ec1dbb8ad
SHA512

2029cd81824652c357eaa8edcb4c05ba3e365ffca957a4cbaa54049e35fb213162756b18edbf1e272817088d3d74f76ec8a4c73e38863c2b7484bff5bd530daa

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 2740 wrote to memory of 2784	2740	regsvr32.exe	regsvr32.exe
PID 2740 wrote to memory of 2784	2740	regsvr32.exe	regsvr32.exe
PID 2740 wrote to memory of 2784	2740	regsvr32.exe	regsvr32.exe
PID 2784 wrote to memory of 2128	2784	regsvr32.exe	rundll32.exe
PID 2784 wrote to memory of 2128	2784	regsvr32.exe	rundll32.exe
PID 2784 wrote to memory of 2128	2784	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\emotet_exe_e5_7d448547e0cad89bd34f0fddac8a407d161d5ac389466b1bab0b785ec1dbb8ad_2022-01-13__000954._exe.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2740

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\emotet_exe_e5_7d448547e0cad89bd34f0fddac8a407d161d5ac389466b1bab0b785ec1dbb8ad_2022-01-13__000954._exe.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2784

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\emotet_exe_e5_7d448547e0cad89bd34f0fddac8a407d161d5ac389466b1bab0b785ec1dbb8ad_2022-01-13__000954._exe.dll",DllRegisterServer
3⤵
PID:2128

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2128-116-0x0000000000000000-mapping.dmp

Download
memory/2784-115-0x0000000000000000-mapping.dmp

Download
memory/2784-117-0x00000000004F0000-0x000000000063A000-memory.dmp

Filesize
1.3MB

Download