Analysis
-
max time kernel
44s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
13-05-2022 15:51
Static task
static1
Behavioral task
behavioral1
Sample
e4-d1c07a55f6904b2afb4c57b9b00cfdf0.dll
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
e4-d1c07a55f6904b2afb4c57b9b00cfdf0.dll
-
Size
745KB
-
MD5
d1c07a55f6904b2afb4c57b9b00cfdf0
-
SHA1
1b31abd33d7efe77bf677192615dfcb445f6e90d
-
SHA256
02dd05026d963dd83c2b6e32d34e7f72510d2570d381e77a8e899e8df1d3e7f5
-
SHA512
d70f98b9c397e388bfe8982a5aeb79b22e349a1322606839946980b307a1d32037d13c7d70ce59e05824cca5d93bc00166fa5fdba53e3913a8ed4bcda9dd880f
Malware Config
Signatures
-
suricata: ET MALWARE W32/Emotet CnC Beacon 3
suricata: ET MALWARE W32/Emotet CnC Beacon 3
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
regsvr32.exepid process 996 regsvr32.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
regsvr32.exepid process 1800 regsvr32.exe -
Suspicious use of WriteProcessMemory 5 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1800 wrote to memory of 996 1800 regsvr32.exe regsvr32.exe PID 1800 wrote to memory of 996 1800 regsvr32.exe regsvr32.exe PID 1800 wrote to memory of 996 1800 regsvr32.exe regsvr32.exe PID 1800 wrote to memory of 996 1800 regsvr32.exe regsvr32.exe PID 1800 wrote to memory of 996 1800 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\e4-d1c07a55f6904b2afb4c57b9b00cfdf0.dll1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe "C:\Windows\system32\CAtuNn\cTkPXQExupAhIl.dll"2⤵
- Suspicious behavior: EnumeratesProcesses