8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17 | Triage

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
06-03-2022 18:13

Sharing

Report Analysis Logs

General

Target

8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
Size

185KB
MD5

5bc3cefc6e58da7854531995affdda12
SHA1

98eefbc90cdb23a24205a2e14390f5a98d88fdd5
SHA256

8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17
SHA512

8e8e4834fa917e72a76aa631e3e8615841ada655bbe319b4066e3a669f97321ecdb6cfb7926f314fa4de837f520e2de9470500bec4693220a75464422348a715

Score

10^/10

suricata

Malware Config

Signatures

suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M11
suricata

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe

pid	process
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
1512	8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe

C:\Users\Admin\AppData\Local\Temp\8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe
"C:\Users\Admin\AppData\Local\Temp\8e900979676e85fcbd09eee9f8f2fc6300f1ad2cd4d1e449de1662e27891df17.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...