Analysis
-
max time kernel
52s -
max time network
147s -
platform
windows10_x64 -
resource
win10-20220414-en -
submitted
21-05-2022 18:56
General
-
Target
bc1579d2e43f07b843f2a67179661adf92e7a00a9244977403c3e5fe6d8c73c5.dll
-
Size
362KB
-
MD5
ee276bc731b3c22eed456fc00950fdab
-
SHA1
ed1abb336ba83b844498345cf6baacdeed8af8d6
-
SHA256
bc1579d2e43f07b843f2a67179661adf92e7a00a9244977403c3e5fe6d8c73c5
-
SHA512
52d59c3a8392a9641550e041940c85c363cf41c8f0441ee0037671eabb3a31339e99fe45cdea4e729d6549ecbd3a9fa634adb70b1f84e9f180e5a11116716e7d
Malware Config
Extracted
emotet
Epoch5
194.9.172.107:8080
66.42.57.149:443
165.22.73.229:8080
202.29.239.162:443
76.189.152.228:1645
59.185.164.123:8382
115.19.43.159:30377
104.248.225.227:8080
54.38.242.185:443
103.133.214.242:8080
78.47.204.80:443
210.57.209.142:8080
103.41.204.169:8080
118.98.72.86:443
88.217.172.165:8080
87.106.97.83:7080
85.25.120.45:8080
195.77.239.39:8080
37.44.244.177:8080
36.67.23.59:443
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
suricata: ET MALWARE W32/Emotet CnC Beacon 3
suricata: ET MALWARE W32/Emotet CnC Beacon 3
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\bc1579d2e43f07b843f2a67179661adf92e7a00a9244977403c3e5fe6d8c73c5.dll1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe "C:\Windows\system32\SBqyIz\imSXRqxfOkF.dll"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/64-122-0x0000000000000000-mapping.dmp
-
memory/2264-117-0x0000000180000000-0x0000000180031000-memory.dmpFilesize
196KB