Overview

overview

10

Static

static

mw5go9sX5gzFc06t.dll

windows7_x64

10

mw5go9sX5gzFc06t.dll

windows10-2004_x64

8

Analysis

  • max time kernel
    123s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    20-01-2022 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mw5go9sX5gzFc06t.dll

  • Size

    548KB

  • MD5

    c7f0fcd06b6757af2bbb33cc2cfb81c3

  • SHA1

    231300463ad19358fc71ef8c1a4a358967887594

  • SHA256

    0a8cebd3dbaaaec6da67ecc981207a79a0f386290bf9e5495b03ef4e5aad68d7

  • SHA512

    be908ce404b23212e7d81e0926b946035426f0fe16b253bc0b5f5177fe8a1c3a29a482ce7453117a62780f516f0f4d2a8051572778c8881b9c1e4a8453bd4eca

Score
10/10
emotetepoch4bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

131.100.24.231:80

209.59.138.75:7080

103.8.26.103:8080

51.38.71.0:443

212.237.17.99:8080

79.172.212.216:8080

207.38.84.195:8080

104.168.155.129:8080

178.79.147.66:8080

46.55.222.11:443

103.8.26.102:8080

192.254.71.210:443

45.176.232.124:443

203.114.109.124:443

51.68.175.8:8080

58.227.42.236:80

45.142.114.231:8080

217.182.143.207:443

178.63.25.185:443

45.118.115.99:8080
eck1.plain
ecs1.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\mw5go9sX5gzFc06t.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:540
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\mw5go9sX5gzFc06t.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:740
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\mw5go9sX5gzFc06t.dll",DllRegisterServer
        3⤵
          PID:1928

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/540-54-0x000007FEFB8C1000-0x000007FEFB8C3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/740-55-0x0000000076041000-0x0000000076043000-memory.dmp

      Filesize

      8KB

      Download

    • memory/740-56-0x0000000000340000-0x0000000000366000-memory.dmp

      Filesize

      152KB

      Download