Overview

overview

10

Static

static

69952fafa4...ff.dll

windows7_x64

10

69952fafa4...ff.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    49s
  • max time network
    115s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    14-05-2022 01:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69952fafa4ad582439ef0a1fbed1f6ff.dll

  • Size

    532KB

  • MD5

    69952fafa4ad582439ef0a1fbed1f6ff

  • SHA1

    496210b0b66937e547783ac8787eaf061b1c34fe

  • SHA256

    913db6d757a6f498a23cb1bbe7f8aa7f622bac41e86e52b698c9139be59fafc1

  • SHA512

    5e68681ba497cabf74080b784ad4cbed9d076938009d982897c0a5ff512a0eae6cba2df1b91667e27b2186fa45977983d68795b9a62d88d903b5a10057cfa5a4

Score
10/10
emotetbankersuricatatrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • suricata: ET MALWARE W32/Emotet CnC Beacon 3

    suricata: ET MALWARE W32/Emotet CnC Beacon 3

    suricata
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\69952fafa4ad582439ef0a1fbed1f6ff.dll
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:304
    • C:\Windows\system32\regsvr32.exe
      C:\Windows\system32\regsvr32.exe "C:\Windows\system32\ZDjWHzDX\KawhEsQae.dll"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/304-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp
    Filesize

    8KB

    Download
  • memory/304-55-0x0000000180000000-0x0000000180030000-memory.dmp
    Filesize

    192KB

    Download
  • memory/2032-58-0x0000000000000000-mapping.dmp
    Download