Overview

overview

10

Static

static

10

ffbcf5e115...dc.exe

windows7_x64

10

ffbcf5e115...dc.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    153s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    01-07-2022 05:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc.exe

  • Size

    81KB

  • MD5

    71c50c8e9b397f5c411eef6a4bcfd95e

  • SHA1

    d673dba48390fa8d87cb5cb0318aed397a0382d4

  • SHA256

    ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc

  • SHA512

    7c265b82dbec012de0aa8aad45d2f6d09e51fd0f7614bb0cec6bf046ac3b84306acdab4c2257772629bd333781e94dc0663a5daff1377db5b5b91af7b8044623

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc.exe
    "C:\Users\Admin\AppData\Local\Temp\ffbcf5e11564aa99ec6b8b6686fd02f9ef65ba1a5929e180d46b9bc3da3aa5dc.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    PID:4968
  • C:\Windows\SysWOW64\shelltrc.exe
    "C:\Windows\SysWOW64\shelltrc.exe"
    1⤵
      PID:4484

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads