Overview

overview

10

Static

static

3a39346cbb...cf.exe

windows7_x64

10

3a39346cbb...cf.exe

windows10-2004_x64

3

Analysis

  • max time kernel
    169s
  • max time network
    188s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    25-06-2022 06:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a39346cbb3b0da3659f40e491bd2157a32ccd46099bd1fc3a8b26a71108facf.exe

  • Size

    444KB

  • MD5

    bf634e6bd5d768e5b4ad4dd40965ae4e

  • SHA1

    5ac1aab29da72cd8b5b65d161bd25dfdcc3b39a0

  • SHA256

    3a39346cbb3b0da3659f40e491bd2157a32ccd46099bd1fc3a8b26a71108facf

  • SHA512

    d3333884c24f43bf522fa6d1089498c34a0cf2d8c90abebaa43b1570d531d21b759edf580fddd24bb921abf8cf2b4637b54a56e968f481e1bdadbba79a0f6bfd

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a39346cbb3b0da3659f40e491bd2157a32ccd46099bd1fc3a8b26a71108facf.exe
    "C:\Users\Admin\AppData\Local\Temp\3a39346cbb3b0da3659f40e491bd2157a32ccd46099bd1fc3a8b26a71108facf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Users\Admin\AppData\Local\Temp\3a39346cbb3b0da3659f40e491bd2157a32ccd46099bd1fc3a8b26a71108facf.exe
      "C:\Users\Admin\AppData\Local\Temp\3a39346cbb3b0da3659f40e491bd2157a32ccd46099bd1fc3a8b26a71108facf.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:1796
  • C:\Windows\SysWOW64\accesssys.exe
    "C:\Windows\SysWOW64\accesssys.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Windows\SysWOW64\accesssys.exe
      "C:\Windows\SysWOW64\accesssys.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:1836

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1528-75-0x00000000004C0000-0x00000000004D9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1528-83-0x00000000003F0000-0x0000000000400000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-82-0x00000000004A0000-0x00000000004B9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1528-71-0x00000000004C0000-0x00000000004D9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1796-84-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1796-60-0x00000000002F0000-0x0000000000309000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1796-64-0x00000000002F0000-0x0000000000309000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1796-67-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1796-68-0x0000000000310000-0x0000000000320000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1796-69-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1796-70-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1836-81-0x00000000003D0000-0x00000000003E9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1836-77-0x00000000003D0000-0x00000000003E9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1836-85-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1836-86-0x0000000000270000-0x0000000000280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1836-88-0x0000000000240000-0x0000000000259000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1944-54-0x00000000003C0000-0x00000000003D9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1944-66-0x0000000000350000-0x0000000000360000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1944-65-0x00000000003A0000-0x00000000003B9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/1944-58-0x00000000003C0000-0x00000000003D9000-memory.dmp

    Filesize

    100KB

    Download