Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
22-02-2022 15:56
General
-
Target
16c1966aa46985b23969f4f226a3ae8cf5ec7d21c9998c9b89501bff460b6709.exe
-
Size
65KB
-
MD5
f32f76d54ea70f75302793d7e0f61762
-
SHA1
8c350b7e986a7b312ac42acaff91316f196ce06c
-
SHA256
16c1966aa46985b23969f4f226a3ae8cf5ec7d21c9998c9b89501bff460b6709
-
SHA512
3dd0b97da2768fddda53ca1343b62527194f2f505c1a2fd80c406ae581a7fc718c939c4c1905fa1aaeaf8cd3dfeaff02823449a0506cc29598165602a61c62f9
Score
10/10
Malware Config
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Drops file in System32 directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies data under HKEY_USERS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\16c1966aa46985b23969f4f226a3ae8cf5ec7d21c9998c9b89501bff460b6709.exe"C:\Users\Admin\AppData\Local\Temp\16c1966aa46985b23969f4f226a3ae8cf5ec7d21c9998c9b89501bff460b6709.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\16c1966aa46985b23969f4f226a3ae8cf5ec7d21c9998c9b89501bff460b6709.exe--54c49f182⤵
- Suspicious behavior: RenamesItself
-
-
C:\Windows\SysWOW64\handcaching.exe"C:\Windows\SysWOW64\handcaching.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\handcaching.exe--564dcd262⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
-