Overview

overview

10

Static

static

0b11f581e4...b8.exe

windows7_x64

10

0b11f581e4...b8.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    30-05-2022 04:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b11f581e4d4a3fa3cc31b94839c221ea8b386a341c880e0d49f739dc12182b8.exe

  • Size

    176KB

  • MD5

    53e9f2b5a7b01961f9f346581a5d7522

  • SHA1

    300a775e5c1df294428511a87115ae07c97b94d6

  • SHA256

    0b11f581e4d4a3fa3cc31b94839c221ea8b386a341c880e0d49f739dc12182b8

  • SHA512

    2657dd26469ea44e5ed8a43760811ae67e1e58221cec720b7db0315fb6b60414181ee756c6a1418aad0326cacd9337cd49ac34c360e57c5bb6443886b7953072

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b11f581e4d4a3fa3cc31b94839c221ea8b386a341c880e0d49f739dc12182b8.exe
    "C:\Users\Admin\AppData\Local\Temp\0b11f581e4d4a3fa3cc31b94839c221ea8b386a341c880e0d49f739dc12182b8.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1984
    • C:\Users\Admin\AppData\Local\Temp\0b11f581e4d4a3fa3cc31b94839c221ea8b386a341c880e0d49f739dc12182b8.exe
      "C:\Users\Admin\AppData\Local\Temp\0b11f581e4d4a3fa3cc31b94839c221ea8b386a341c880e0d49f739dc12182b8.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:1120
  • C:\Windows\SysWOW64\bangjpn.exe
    "C:\Windows\SysWOW64\bangjpn.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1052
    • C:\Windows\SysWOW64\bangjpn.exe
      "C:\Windows\SysWOW64\bangjpn.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:996

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/996-89-0x0000000000630000-0x0000000000647000-memory.dmp

    Filesize

    92KB

    Download

  • memory/996-87-0x00000000009D0000-0x00000000009F0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/996-86-0x0000000000630000-0x0000000000647000-memory.dmp

    Filesize

    92KB

    Download

  • memory/996-83-0x0000000000650000-0x0000000000667000-memory.dmp

    Filesize

    92KB

    Download

  • memory/996-79-0x0000000000650000-0x0000000000667000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1052-84-0x0000000000460000-0x0000000000477000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1052-85-0x0000000000A80000-0x0000000000AA0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1052-76-0x0000000000480000-0x0000000000497000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1052-72-0x0000000000480000-0x0000000000497000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1120-70-0x0000000000350000-0x0000000000370000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1120-69-0x0000000000310000-0x0000000000327000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1120-66-0x0000000000330000-0x0000000000347000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1120-62-0x0000000000330000-0x0000000000347000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1120-88-0x0000000000310000-0x0000000000327000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1984-67-0x0000000000480000-0x0000000000497000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1984-54-0x00000000753C1000-0x00000000753C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1984-68-0x00000000005C0000-0x00000000005E0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1984-59-0x00000000004A0000-0x00000000004B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1984-55-0x00000000004A0000-0x00000000004B7000-memory.dmp

    Filesize

    92KB

    Download