eb543cbb9105448e57a3c791a39a8988287bc66770b997a8c3e5898e981dba78
General
Target
Filesize
Completed
eb543cbb9105448e57a3c791a39a8988287bc66770b997a8c3e5898e981dba78.dll
532KB
14-05-2022 14:33
Score
10/10
MD5
SHA1
SHA256
f752a534d34e65f93e071f66f3b5ea02
1c5c0b51aac9b86ed89ea3e90003c6590d329797
eb543cbb9105448e57a3c791a39a8988287bc66770b997a8c3e5898e981dba78
Malware Config
Signatures 5
Filter: none
-
Emotet
Description
Emotet is a trojan that is primarily spread through spam emails.
Tags
-
suricata: ET MALWARE W32/Emotet CnC Beacon 3
Description
suricata: ET MALWARE W32/Emotet CnC Beacon 3
Tags
-
Suspicious behavior: EnumeratesProcessesregsvr32.exe
Reported IOCs
pid process 4612 regsvr32.exe 4612 regsvr32.exe -
Suspicious behavior: RenamesItselfregsvr32.exe
Reported IOCs
pid process 3128 regsvr32.exe -
Suspicious use of WriteProcessMemoryregsvr32.exe
Reported IOCs
description pid process target process PID 3128 wrote to memory of 4612 3128 regsvr32.exe regsvr32.exe PID 3128 wrote to memory of 4612 3128 regsvr32.exe regsvr32.exe
Processes 2
-
C:\Windows\system32\regsvr32.exePID:3128regsvr32 /s C:\Users\Admin\AppData\Local\Temp\eb543cbb9105448e57a3c791a39a8988287bc66770b997a8c3e5898e981dba78.dllSuspicious behavior: RenamesItselfSuspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exePID:4612C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PcxiZqZb\MmIW.dll"Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/3128-114-0x0000000180000000-0x0000000180030000-memory.dmp
-
memory/4612-119-0x0000000000000000-mapping.dmp
Title
Loading data