Analysis
-
max time kernel
147s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
04-06-2022 16:13
General
-
Target
0f416f2a59558774bf4f6799231c2b441abae078912c3f2324db8c1e5b4ef5c8.exe
-
Size
556KB
-
MD5
60985097eabef1b073f9a6dd7d6b83a7
-
SHA1
c2c098460122d7d8f845b53ccdc38a094af520a3
-
SHA256
0f416f2a59558774bf4f6799231c2b441abae078912c3f2324db8c1e5b4ef5c8
-
SHA512
436823e24970d5632b1d26fd358887d3af1a5feeb2c64ff103140eae5eb3a423573315241f24adfb7128598de2f99dfea4b8c5dd7e0e02ff3cc876c5f584c837
Score
10/10
Malware Config
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f416f2a59558774bf4f6799231c2b441abae078912c3f2324db8c1e5b4ef5c8.exe"C:\Users\Admin\AppData\Local\Temp\0f416f2a59558774bf4f6799231c2b441abae078912c3f2324db8c1e5b4ef5c8.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\0f416f2a59558774bf4f6799231c2b441abae078912c3f2324db8c1e5b4ef5c8.exe"C:\Users\Admin\AppData\Local\Temp\0f416f2a59558774bf4f6799231c2b441abae078912c3f2324db8c1e5b4ef5c8.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\buildiwamreg.exe"C:\Windows\SysWOW64\buildiwamreg.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\buildiwamreg.exe"C:\Windows\SysWOW64\buildiwamreg.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/768-135-0x0000000000000000-mapping.dmp
-
memory/768-136-0x0000000002100000-0x0000000002117000-memory.dmpFilesize
92KB
-
memory/768-140-0x0000000002100000-0x0000000002117000-memory.dmpFilesize
92KB
-
memory/768-143-0x0000000000920000-0x0000000000937000-memory.dmpFilesize
92KB
-
memory/768-144-0x0000000000940000-0x0000000000950000-memory.dmpFilesize
64KB
-
memory/768-158-0x0000000000920000-0x0000000000937000-memory.dmpFilesize
92KB
-
memory/1092-130-0x00000000005B0000-0x00000000005C7000-memory.dmpFilesize
92KB
-
memory/1092-134-0x00000000005B0000-0x00000000005C7000-memory.dmpFilesize
92KB
-
memory/1092-142-0x00000000005D0000-0x00000000005E0000-memory.dmpFilesize
64KB
-
memory/1092-141-0x0000000000590000-0x00000000005A7000-memory.dmpFilesize
92KB
-
memory/3856-149-0x0000000000B60000-0x0000000000B77000-memory.dmpFilesize
92KB
-
memory/3856-156-0x0000000000B30000-0x0000000000B47000-memory.dmpFilesize
92KB
-
memory/3856-157-0x0000000000F20000-0x0000000000F30000-memory.dmpFilesize
64KB
-
memory/3856-145-0x0000000000B60000-0x0000000000B77000-memory.dmpFilesize
92KB
-
memory/5096-150-0x0000000000000000-mapping.dmp
-
memory/5096-151-0x0000000000DC0000-0x0000000000DD7000-memory.dmpFilesize
92KB
-
memory/5096-155-0x0000000000DC0000-0x0000000000DD7000-memory.dmpFilesize
92KB
-
memory/5096-159-0x0000000000DA0000-0x0000000000DB7000-memory.dmpFilesize
92KB
-
memory/5096-160-0x00000000008E0000-0x000000000095A000-memory.dmpFilesize
488KB
-
memory/5096-161-0x0000000000DA0000-0x0000000000DB7000-memory.dmpFilesize
92KB
-
memory/5096-162-0x00000000008E0000-0x000000000095A000-memory.dmpFilesize
488KB