Overview

overview

10

Static

static

0d4177b361...1c.exe

windows7_x64

10

0d4177b361...1c.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    156s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    29-05-2022 21:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0d4177b3616d93464ba2f0a20849e9e79e5e190789ea17a74b9c6d787a92561c.exe

  • Size

    148KB

  • MD5

    adce284377cd66d0b73e10e7d01c20c1

  • SHA1

    83f73b3e5add87fda0ea1b1962ab282122118687

  • SHA256

    0d4177b3616d93464ba2f0a20849e9e79e5e190789ea17a74b9c6d787a92561c

  • SHA512

    375af3e19e4a54f27343781207347248afff18bbfd52fe93e3f2666e88e5aca931f8e64d71d7e91136e32bd4769046b62379b4cebaee8598a2e3d14dca196d0f

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d4177b3616d93464ba2f0a20849e9e79e5e190789ea17a74b9c6d787a92561c.exe
    "C:\Users\Admin\AppData\Local\Temp\0d4177b3616d93464ba2f0a20849e9e79e5e190789ea17a74b9c6d787a92561c.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Users\Admin\AppData\Local\Temp\0d4177b3616d93464ba2f0a20849e9e79e5e190789ea17a74b9c6d787a92561c.exe
      "C:\Users\Admin\AppData\Local\Temp\0d4177b3616d93464ba2f0a20849e9e79e5e190789ea17a74b9c6d787a92561c.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:888
  • C:\Windows\SysWOW64\svcsindexer.exe
    "C:\Windows\SysWOW64\svcsindexer.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\SysWOW64\svcsindexer.exe
      "C:\Windows\SysWOW64\svcsindexer.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/888-79-0x0000000000100000-0x000000000011A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/888-59-0x0000000000000000-mapping.dmp

    Download

  • memory/888-61-0x0000000000130000-0x000000000014A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/888-65-0x0000000000100000-0x000000000011A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/888-66-0x0000000000150000-0x0000000000168000-memory.dmp

    Filesize

    96KB

    Download

  • memory/888-67-0x0000000075E41000-0x0000000075E43000-memory.dmp

    Filesize

    8KB

    Download

  • memory/968-83-0x0000000000100000-0x000000000011A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/968-81-0x00000000001D0000-0x00000000001E8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/968-80-0x0000000000100000-0x000000000011A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/968-72-0x0000000000000000-mapping.dmp

    Download

  • memory/968-73-0x00000000001B0000-0x00000000001CA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1752-68-0x00000000001E0000-0x00000000001FA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1752-78-0x0000000000200000-0x0000000000218000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1752-77-0x00000000001C0000-0x00000000001DA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1824-54-0x0000000000180000-0x000000000019A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1824-60-0x00000000002B0000-0x00000000002C8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1824-58-0x0000000000110000-0x000000000012A000-memory.dmp

    Filesize

    104KB

    Download