Overview

overview

10

Static

static

10339b0cc2...b2.exe

windows7_x64

10

10339b0cc2...b2.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    179s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    04-06-2022 13:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10339b0cc22729340f8e538735d29b8839fe325bb8d4f70a33026765dd7f71b2.exe

  • Size

    448KB

  • MD5

    d984329d7732da39de1085ac9cdcb428

  • SHA1

    ce1fe98f8e01e9e721b8af936aac9f315ffd7ba4

  • SHA256

    10339b0cc22729340f8e538735d29b8839fe325bb8d4f70a33026765dd7f71b2

  • SHA512

    1d3e167d6f1f9e201251ecfd5a649bcb438db26fb2f53495264ae04744838aba8c0293898e7867e9c9e12f46915c0de80b11146b8e68c4e7ffdd9ce4815d8b0f

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10339b0cc22729340f8e538735d29b8839fe325bb8d4f70a33026765dd7f71b2.exe
    "C:\Users\Admin\AppData\Local\Temp\10339b0cc22729340f8e538735d29b8839fe325bb8d4f70a33026765dd7f71b2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Users\Admin\AppData\Local\Temp\10339b0cc22729340f8e538735d29b8839fe325bb8d4f70a33026765dd7f71b2.exe
      "C:\Users\Admin\AppData\Local\Temp\10339b0cc22729340f8e538735d29b8839fe325bb8d4f70a33026765dd7f71b2.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:1048
  • C:\Windows\SysWOW64\restartcbgnd.exe
    "C:\Windows\SysWOW64\restartcbgnd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\restartcbgnd.exe
      "C:\Windows\SysWOW64\restartcbgnd.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:1952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1048-69-0x00000000761F1000-0x00000000761F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1048-68-0x0000000000300000-0x0000000000310000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1048-60-0x00000000002E0000-0x00000000002F9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1048-64-0x00000000002E0000-0x00000000002F9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1048-86-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1048-76-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1048-67-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1952-84-0x0000000000380000-0x0000000000399000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1952-78-0x00000000003A0000-0x00000000003B9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1952-85-0x00000000003C0000-0x00000000003D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1952-83-0x00000000003A0000-0x00000000003B9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1952-88-0x0000000000380000-0x0000000000399000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1956-65-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1956-66-0x0000000000290000-0x00000000002A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1956-54-0x0000000000270000-0x0000000000289000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1956-58-0x0000000000270000-0x0000000000289000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1964-77-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1964-80-0x0000000000280000-0x0000000000290000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1964-74-0x0000000000260000-0x0000000000279000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1964-70-0x0000000000260000-0x0000000000279000-memory.dmp

    Filesize

    100KB

    Download