Analysis

  • max time kernel
    67s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    14-05-2022 15:06

General

  • Target

    93249404eda253bf228b258152e391219a3c357f1a00458e017278fd4aa9034c.dll

  • Size

    532KB

  • MD5

    85f108c84ade393a7aae571025f040a6

  • SHA1

    38b2f69cd483156d223070b05f920407cac26d14

  • SHA256

    93249404eda253bf228b258152e391219a3c357f1a00458e017278fd4aa9034c

  • SHA512

    68d98c4e71a9e95620f10d4b7fcb8436a43003beb20c32079c6bea661a822a8ecceba1e373156b96a99ee36dfd7ebdbdecf54df49189e32c8a3328aee5c0df7d

Score
10/10

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\93249404eda253bf228b258152e391219a3c357f1a00458e017278fd4aa9034c.dll
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:3932
    • C:\Windows\system32\regsvr32.exe
      C:\Windows\system32\regsvr32.exe "C:\Windows\system32\CxpcSnICN\GjPe.dll"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2940-119-0x0000000000000000-mapping.dmp
  • memory/3932-114-0x0000000180000000-0x0000000180030000-memory.dmp
    Filesize

    192KB