emotet | 02dd05026d963dd83c2b6e32d34e7f72510d2570d381e77a8e899e8df1d3e7f5 | Triage

Resubmissions

14-05-2022 14:54

220514-sadxkscgal 10

13-05-2022 15:51

220513-tardcahaf6 10

Analysis

max time kernel
290s
max time network
301s
platform
windows10_x64
resource
win10-20220414-en
submitted
14-05-2022 14:54

Sharing

Report Analysis Logs

General

Target

e4-d1c07a55f6904b2afb4c57b9b00cfdf0.dll
Size

745KB
MD5

d1c07a55f6904b2afb4c57b9b00cfdf0
SHA1

1b31abd33d7efe77bf677192615dfcb445f6e90d
SHA256

02dd05026d963dd83c2b6e32d34e7f72510d2570d381e77a8e899e8df1d3e7f5
SHA512

d70f98b9c397e388bfe8982a5aeb79b22e349a1322606839946980b307a1d32037d13c7d70ce59e05824cca5d93bc00166fa5fdba53e3913a8ed4bcda9dd880f

Score

10^/10

emotet banker suricata trojan

Malware Config

Signatures

Emotet
Emotet is a trojan that is primarily spread through spam emails.
trojan banker emotet
suricata: ET MALWARE W32/Emotet CnC Beacon 3
suricata: ET MALWARE W32/Emotet CnC Beacon 3
suricata
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

regsvr32.exe

pid process

2668 regsvr32.exe
2668 regsvr32.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

regsvr32.exe

pid process

2292 regsvr32.exe

Suspicious use of WriteProcessMemory 2 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2292 wrote to memory of 2668	2292	regsvr32.exe	regsvr32.exe
PID 2292 wrote to memory of 2668	2292	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e4-d1c07a55f6904b2afb4c57b9b00cfdf0.dll
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:2292

C:\Windows\system32\regsvr32.exe
C:\Windows\system32\regsvr32.exe "C:\Windows\system32\OuUqOabCAUoLqBR\xkBScHTYaz.dll"
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2292-117-0x0000000180000000-0x0000000180030000-memory.dmp

Filesize
192KB

Download
memory/2668-122-0x0000000000000000-mapping.dmp

Download