50d35a243faf64b345bdb0cc0059b0d7a21912e97ac166e874708715cfd457ba
General
Target
Filesize
Completed
50d35a243faf64b345bdb0cc0059b0d7a21912e97ac166e874708715cfd457ba.dll
532KB
14-05-2022 14:33
Score
10/10
MD5
SHA1
SHA256
6bd614ca9f3b13f8e01a954269870701
86081a830e9e5996c2742aea687f8582dda217eb
50d35a243faf64b345bdb0cc0059b0d7a21912e97ac166e874708715cfd457ba
Malware Config
Signatures 5
Filter: none
-
Emotet
Description
Emotet is a trojan that is primarily spread through spam emails.
Tags
-
suricata: ET MALWARE W32/Emotet CnC Beacon 3
Description
suricata: ET MALWARE W32/Emotet CnC Beacon 3
Tags
-
Suspicious behavior: EnumeratesProcessesregsvr32.exe
Reported IOCs
pid process 2480 regsvr32.exe 2480 regsvr32.exe -
Suspicious behavior: RenamesItselfregsvr32.exe
Reported IOCs
pid process 788 regsvr32.exe -
Suspicious use of WriteProcessMemoryregsvr32.exe
Reported IOCs
description pid process target process PID 788 wrote to memory of 2480 788 regsvr32.exe regsvr32.exe PID 788 wrote to memory of 2480 788 regsvr32.exe regsvr32.exe
Processes 2
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\50d35a243faf64b345bdb0cc0059b0d7a21912e97ac166e874708715cfd457ba.dllSuspicious behavior: RenamesItselfSuspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe "C:\Windows\system32\ShqSLhBSn\cOgHln.dll"Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/788-116-0x0000000180000000-0x0000000180030000-memory.dmp
-
memory/2480-121-0x0000000000000000-mapping.dmp
Title
Loading data