Overview

overview

1

Static

static

emotet_pe_1min

windows10_x64

1

Analysis

  • max time kernel
    123s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    15-01-2022 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d09680e770fd6d1c2f79d2fc30ac5d65d4de8b73353f6b4547e08ddbf3489866.dll

  • Size

    574KB

  • MD5

    b081d7baf100786d0f1aad491ac16c83

  • SHA1

    9f524db971340bfb47f262a4882b2e309bc35ae0

  • SHA256

    d09680e770fd6d1c2f79d2fc30ac5d65d4de8b73353f6b4547e08ddbf3489866

  • SHA512

    fb34ee43910c35c0293f82edb31780754b95aa545335951070eaeee9332eb66988032744fb666d8ba7c4bc5914f7a4842c5c61c1ff6261f8db3d27cfa851b4bf

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d09680e770fd6d1c2f79d2fc30ac5d65d4de8b73353f6b4547e08ddbf3489866.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3588
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\d09680e770fd6d1c2f79d2fc30ac5d65d4de8b73353f6b4547e08ddbf3489866.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3616
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\d09680e770fd6d1c2f79d2fc30ac5d65d4de8b73353f6b4547e08ddbf3489866.dll",DllRegisterServer
        3⤵
          PID:3568

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3568-118-0x0000000000000000-mapping.dmp
      Download
    • memory/3616-115-0x0000000000000000-mapping.dmp
      Download
    • memory/3616-117-0x0000000004575000-0x0000000004576000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3616-116-0x0000000004551000-0x0000000004575000-memory.dmp
      Filesize

      144KB

      Download