Overview

overview

10

Static

static

10

f115m.exe

windows7_x64

10

f115m.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    167s
  • max time network
    178s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220310-en
  • submitted
    16-03-2022 05:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f115m.exe

  • Size

    62KB

  • MD5

    d55debae7e5587c13005e43c05d2f1f0

  • SHA1

    734d02cc5f9ca76ebc44084582af07997a657cb9

  • SHA256

    f1159db89a9cc29443631e1381cad5f06bd1ec9158eccd77ea27123b83ce89a8

  • SHA512

    076ae8b41d7fa125beb136d47c2cc4d790abbabc004019216aae2cba21d428561d602459b4184fa8e398f5b46078443e92a080cd72e892702422679c53917ff7

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f115m.exe
    "C:\Users\Admin\AppData\Local\Temp\f115m.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Users\Admin\AppData\Local\Temp\f115m.exe
      --a71d2922
      2⤵
      • Suspicious behavior: RenamesItself
      PID:1552
  • C:\Windows\SysWOW64\smsallow.exe
    "C:\Windows\SysWOW64\smsallow.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3508
    • C:\Windows\SysWOW64\smsallow.exe
      --f4d16d42
      2⤵
        PID:3628

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads