Analysis

  • max time kernel
    52s
  • max time network
    137s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    14-05-2022 15:04

General

  • Target

    bd07e59b68ae688cbd8cb22b00dcf7e59dd93d7b94808178b93d1e8f83838c12.dll

  • Size

    532KB

  • MD5

    9bf6326cb3407abc20641afff894c14b

  • SHA1

    03360f45f31ba715ba61af91335874cbe0608977

  • SHA256

    bd07e59b68ae688cbd8cb22b00dcf7e59dd93d7b94808178b93d1e8f83838c12

  • SHA512

    66eeba23f7969bac52a5488b7a7a6cf11fba743a38c6070db2cf4965479f155c9ba0fbf4c90f8179882bbed67cf8ec5f772aa98dcf581530d09df348e17476e6

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • suricata: ET MALWARE W32/Emotet CnC Beacon 3

    suricata: ET MALWARE W32/Emotet CnC Beacon 3

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bd07e59b68ae688cbd8cb22b00dcf7e59dd93d7b94808178b93d1e8f83838c12.dll
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Windows\system32\regsvr32.exe
      C:\Windows\system32\regsvr32.exe "C:\Windows\system32\BzoxLdCEtwZXRxn\bwptQIIqbGmKndv.dll"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:64

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/64-124-0x0000000000000000-mapping.dmp
  • memory/2192-119-0x0000000180000000-0x0000000180030000-memory.dmp
    Filesize

    192KB