Analysis
-
max time kernel
147s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
21-05-2022 18:28
General
-
Target
737cfdada9b96a10c4e365d8c91783f69db0cc00d73bf3775fe1b497d094b822.exe
-
Size
496KB
-
MD5
320791ecd7ae8e567848485bea07e0eb
-
SHA1
809d17d81e9cf4c2a88e7116392f44b4efb021fb
-
SHA256
737cfdada9b96a10c4e365d8c91783f69db0cc00d73bf3775fe1b497d094b822
-
SHA512
2b1f24a3c64e0a3db5d025f2d39157e5d4551ba2b9a95bbf9b4ae1c875588c98bd3cbbbe83c7089f9c82e37ab19ac50f66711631c09e1b0713ac5a17e529a3de
Malware Config
Extracted
emotet
Epoch3
210.1.219.238:80
162.144.42.60:8080
134.209.193.138:443
68.183.233.80:8080
172.105.78.244:8080
181.113.229.139:443
139.59.12.63:8080
185.142.236.163:443
113.203.250.121:443
74.208.173.91:8080
173.94.215.84:80
31.146.61.34:80
115.78.11.155:80
95.216.205.155:8080
82.239.200.118:80
81.17.93.134:80
179.5.118.12:80
162.249.220.190:80
77.74.78.80:443
24.26.151.3:80
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
suricata: ET MALWARE Win32/Emotet CnC Activity (POST) M9
-
Suspicious behavior: EnumeratesProcesses 5 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\737cfdada9b96a10c4e365d8c91783f69db0cc00d73bf3775fe1b497d094b822.exe"C:\Users\Admin\AppData\Local\Temp\737cfdada9b96a10c4e365d8c91783f69db0cc00d73bf3775fe1b497d094b822.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2044-54-0x0000000075841000-0x0000000075843000-memory.dmpFilesize
8KB
-
memory/2044-55-0x0000000000240000-0x000000000024C000-memory.dmpFilesize
48KB
-
memory/2044-59-0x0000000000230000-0x0000000000239000-memory.dmpFilesize
36KB