0ec2a2a227dc8820d737aa67cfa11181ec34259042b4db0fb73f07ae04dec26a
General
Target
Filesize
Completed
0ec2a2a227dc8820d737aa67cfa11181ec34259042b4db0fb73f07ae04dec26a.dll
538KB
14-05-2022 15:02
Score
10/10
MD5
SHA1
SHA256
53990c7d6660491c7af59f78b3e22ce4
10b09872c66094eca925a126a4d58a922a77f513
0ec2a2a227dc8820d737aa67cfa11181ec34259042b4db0fb73f07ae04dec26a
Malware Config
Signatures 5
Filter: none
-
Emotet
Description
Emotet is a trojan that is primarily spread through spam emails.
Tags
-
suricata: ET MALWARE W32/Emotet CnC Beacon 3
Description
suricata: ET MALWARE W32/Emotet CnC Beacon 3
Tags
-
Suspicious behavior: EnumeratesProcessesregsvr32.exe
Reported IOCs
pid process 1016 regsvr32.exe 1016 regsvr32.exe -
Suspicious behavior: RenamesItselfregsvr32.exe
Reported IOCs
pid process 3984 regsvr32.exe -
Suspicious use of WriteProcessMemoryregsvr32.exe
Reported IOCs
description pid process target process PID 3984 wrote to memory of 1016 3984 regsvr32.exe regsvr32.exe PID 3984 wrote to memory of 1016 3984 regsvr32.exe regsvr32.exe
Processes 2
-
C:\Windows\system32\regsvr32.exePID:3984regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0ec2a2a227dc8820d737aa67cfa11181ec34259042b4db0fb73f07ae04dec26a.dllSuspicious behavior: RenamesItselfSuspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exePID:1016C:\Windows\system32\regsvr32.exe "C:\Windows\system32\SGEKAwfjWVrIfv\eMcK.dll"Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/1016-121-0x0000000000000000-mapping.dmp
-
memory/3984-116-0x0000000180000000-0x0000000180032000-memory.dmp
Title
Loading data