Analysis
-
max time kernel
129s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
22-06-2022 06:40
General
-
Target
2ed804b62a00797d5451138a2f0c88fc48c4cbc7da4da7a73414c9ba4e6a12ec.exe
-
Size
350KB
-
MD5
61fd6d472d3c6402c1eb5b6d7c121c06
-
SHA1
01f1e8eaa2c869f307ce544c486dca031c9f69ef
-
SHA256
2ed804b62a00797d5451138a2f0c88fc48c4cbc7da4da7a73414c9ba4e6a12ec
-
SHA512
2121705c36bd049c14ad1c730429edff5fa1f0150bc129cb6eddf0f75871b6d507a580f12ee331626b0bada245e893fb1248ee6e1d1bfeeeb046c72b11214890
Score
10/10
Malware Config
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Drops file in System32 directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies data under HKEY_USERS 18 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ed804b62a00797d5451138a2f0c88fc48c4cbc7da4da7a73414c9ba4e6a12ec.exe"C:\Users\Admin\AppData\Local\Temp\2ed804b62a00797d5451138a2f0c88fc48c4cbc7da4da7a73414c9ba4e6a12ec.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2ed804b62a00797d5451138a2f0c88fc48c4cbc7da4da7a73414c9ba4e6a12ec.exe"C:\Users\Admin\AppData\Local\Temp\2ed804b62a00797d5451138a2f0c88fc48c4cbc7da4da7a73414c9ba4e6a12ec.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\sbslanes.exe"C:\Windows\SysWOW64\sbslanes.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\sbslanes.exe"C:\Windows\SysWOW64\sbslanes.exe"2⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/276-73-0x0000000000140000-0x0000000000157000-memory.dmpFilesize
92KB
-
memory/276-86-0x0000000000160000-0x0000000000170000-memory.dmpFilesize
64KB
-
memory/276-85-0x0000000000120000-0x0000000000137000-memory.dmpFilesize
92KB
-
memory/276-77-0x0000000000140000-0x0000000000157000-memory.dmpFilesize
92KB
-
memory/808-71-0x0000000000180000-0x0000000000197000-memory.dmpFilesize
92KB
-
memory/808-62-0x00000000001A0000-0x00000000001B7000-memory.dmpFilesize
92KB
-
memory/808-87-0x0000000000180000-0x0000000000197000-memory.dmpFilesize
92KB
-
memory/808-66-0x00000000001A0000-0x00000000001B7000-memory.dmpFilesize
92KB
-
memory/808-69-0x0000000000180000-0x0000000000197000-memory.dmpFilesize
92KB
-
memory/808-70-0x0000000000110000-0x0000000000120000-memory.dmpFilesize
64KB
-
memory/808-60-0x0000000000000000-mapping.dmp
-
memory/832-78-0x0000000000000000-mapping.dmp
-
memory/832-80-0x0000000000310000-0x0000000000327000-memory.dmpFilesize
92KB
-
memory/832-84-0x0000000000310000-0x0000000000327000-memory.dmpFilesize
92KB
-
memory/832-88-0x00000000002F0000-0x0000000000307000-memory.dmpFilesize
92KB
-
memory/832-89-0x0000000000180000-0x0000000000190000-memory.dmpFilesize
64KB
-
memory/832-90-0x00000000002F0000-0x0000000000307000-memory.dmpFilesize
92KB
-
memory/1444-54-0x0000000075DE1000-0x0000000075DE3000-memory.dmpFilesize
8KB
-
memory/1444-68-0x0000000000320000-0x0000000000330000-memory.dmpFilesize
64KB
-
memory/1444-59-0x0000000000300000-0x0000000000317000-memory.dmpFilesize
92KB
-
memory/1444-55-0x0000000000300000-0x0000000000317000-memory.dmpFilesize
92KB
-
memory/1444-67-0x00000000001E0000-0x00000000001F7000-memory.dmpFilesize
92KB