Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
17/05/2022, 11:12
220517-na42jsdfdj 10Analysis
-
max time kernel
51s -
max time network
141s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
17/05/2022, 11:12
General
-
Target
e77f43d40f2d83758a0cc564b67c80d8fe3f53842ebe2b57f081e0b5633dc528.dll
-
Size
422KB
-
MD5
f5b20538eb35feb985e579b07d3481f3
-
SHA1
186cb2c71f10f03bf0686031f1f34b61e72e4c1d
-
SHA256
e77f43d40f2d83758a0cc564b67c80d8fe3f53842ebe2b57f081e0b5633dc528
-
SHA512
3193d94d56439c15012cc574cc5351815dd3344e6dd418414031263f2c91515afcd900f07562c5ec7751c23ec561549dc289bfd829c5d9ef26a8e926e4692d54
Malware Config
Extracted
emotet
Epoch5
210.57.209.142:8080
103.56.149.105:8080
104.248.225.227:8080
102.210.135.187:23495
103.41.204.169:8080
175.126.176.79:8080
207.148.81.119:8080
72.4.161.141:54121
110.235.83.107:7080
54.38.242.185:443
103.133.214.242:8080
126.156.228.29:21905
88.217.172.165:8080
68.183.93.250:443
56.131.8.84:33519
159.69.237.188:443
51.68.141.164:8080
37.44.244.177:8080
49.94.121.99:37937
105.144.128.17:33675
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
suricata: ET MALWARE W32/Emotet CnC Beacon 3
suricata: ET MALWARE W32/Emotet CnC Beacon 3
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\e77f43d40f2d83758a0cc564b67c80d8fe3f53842ebe2b57f081e0b5633dc528.dll1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe "C:\Windows\system32\LLFNReJyTYDSF\tsWCHx.dll"2⤵
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
200KB