Overview

overview

10

Static

static

10

54f253b1d6...b8.exe

windows7_x64

10

54f253b1d6...b8.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    103s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    07-03-2022 08:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54f253b1d6ff9624c28ef96253e1bb6e7f4a5e6285a5282c4648e2f242bbc5b8.exe

  • Size

    100KB

  • MD5

    7134f0f2f92c6fd7008aa8fc59f69213

  • SHA1

    b3f2cf09471d3caa5fd4ab26ae7a6076ee43b947

  • SHA256

    54f253b1d6ff9624c28ef96253e1bb6e7f4a5e6285a5282c4648e2f242bbc5b8

  • SHA512

    68a79b83aeab3302af5c40a3a8ee28e532c265080f9228d9c62a4060d249e5b6f1e6099e1d7eb86b8e8ad6b86ca7879d1b29ad25aee8cab6e2188063ddad63f8

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54f253b1d6ff9624c28ef96253e1bb6e7f4a5e6285a5282c4648e2f242bbc5b8.exe
    "C:\Users\Admin\AppData\Local\Temp\54f253b1d6ff9624c28ef96253e1bb6e7f4a5e6285a5282c4648e2f242bbc5b8.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4240
    • C:\Users\Admin\AppData\Local\Temp\54f253b1d6ff9624c28ef96253e1bb6e7f4a5e6285a5282c4648e2f242bbc5b8.exe
      --b2258006
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4140
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
        3⤵
        • Program crash
        PID:1668
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4140 -ip 4140
    1⤵
      PID:1036

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads