Overview

overview

10

Static

static

35b4c199ee...70.exe

windows7_x64

1

35b4c199ee...70.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    146s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    26-06-2022 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35b4c199eeb258efd4378ff1d55822db57a828c5b81449b3bd8fef8d0b438570.exe

  • Size

    312KB

  • MD5

    b0e9f839a6793a0e1023de9034c34d9e

  • SHA1

    caa2afb556033c01a13286f4e6185424d96d245e

  • SHA256

    35b4c199eeb258efd4378ff1d55822db57a828c5b81449b3bd8fef8d0b438570

  • SHA512

    8d6a9e5384e01637cd76464c5471266de8b754e101d5ff52c4b411915e23b49485fd7b180f6aed97990d14d468d1c0d8889bd5e1b616c00e5525ffaf4acc7e9a

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35b4c199eeb258efd4378ff1d55822db57a828c5b81449b3bd8fef8d0b438570.exe
    "C:\Users\Admin\AppData\Local\Temp\35b4c199eeb258efd4378ff1d55822db57a828c5b81449b3bd8fef8d0b438570.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3156
    • C:\Users\Admin\AppData\Local\Temp\35b4c199eeb258efd4378ff1d55822db57a828c5b81449b3bd8fef8d0b438570.exe
      "C:\Users\Admin\AppData\Local\Temp\35b4c199eeb258efd4378ff1d55822db57a828c5b81449b3bd8fef8d0b438570.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:2948
  • C:\Windows\SysWOW64\historycontrol.exe
    "C:\Windows\SysWOW64\historycontrol.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Windows\SysWOW64\historycontrol.exe
      "C:\Windows\SysWOW64\historycontrol.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Windows\SysWOW64\historycontrol.exe
        "C:\Windows\SysWOW64\historycontrol.exe"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:5076

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2216-141-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2216-144-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2284-150-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2284-147-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2948-136-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2948-139-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2948-138-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2948-145-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/3156-131-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/3156-134-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/3156-130-0x00000000003C0000-0x00000000003D9000-memory.dmp

    Filesize

    100KB

    Download

  • memory/5076-152-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/5076-154-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download

  • memory/5076-155-0x00000000003C0000-0x0000000000422000-memory.dmp

    Filesize

    392KB

    Download