emotet | ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5 | Triage

Analysis

max time kernel
127s
max time network
162s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 03:20

Sharing

Report Analysis Logs

General

Target

ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5.dll
Size

520KB
MD5

645bf3a71a1a0ff3ebf91c4b28365277
SHA1

4f7e0521bded1c8385619b5855267ad1e214ab56
SHA256

ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5
SHA512

40379ca6c27c1d1380dc2d222e1a5c6c9dc4deb89045c7c7a1761a91ccc8454e39c617f7a38a7ca9f04052e14ef69b2603b18d8f6fd6e7a0bf12888279db4b04

Score

10^/10

emotet banker trojan

Malware Config

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 3584 wrote to memory of 2020	3584	regsvr32.exe	regsvr32.exe
PID 3584 wrote to memory of 2020	3584	regsvr32.exe	regsvr32.exe
PID 3584 wrote to memory of 2020	3584	regsvr32.exe	regsvr32.exe
PID 2020 wrote to memory of 672	2020	regsvr32.exe	rundll32.exe
PID 2020 wrote to memory of 672	2020	regsvr32.exe	rundll32.exe
PID 2020 wrote to memory of 672	2020	regsvr32.exe	rundll32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3584

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:2020

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe "C:\Users\Admin\AppData\Local\Temp\ef656da336597caa1047d79fd66703564eca7ee72c28a97e35963bdaf4e127b5.dll",DllRegisterServer
3⤵
PID:672

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-118-0x00000000049C1000-0x00000000049E4000-memory.dmp

Filesize
140KB

Download