Overview

overview

10

Static

static

3b48381013...e4.exe

windows7_x64

10

3b48381013...e4.exe

windows10-2004_x64

3

Analysis

  • max time kernel
    143s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    03-07-2022 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b483810130ab7c6bfa6625f45cafb070e793128a723c62d77c5598d2009a7e4.exe

  • Size

    132KB

  • MD5

    61ddf7ff23b1e906bc39754e4eadaf44

  • SHA1

    55a4d71f502392f29e734ebf3bac6fec2c91f07e

  • SHA256

    3b483810130ab7c6bfa6625f45cafb070e793128a723c62d77c5598d2009a7e4

  • SHA512

    e64d0673b39d19219ecdb8d938d933249df379d6006eb8ae0298e6695cf93106049f75d46adafbf05a3061fa72659743fb59d93021ba4a88e722c928c58e42ac

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b483810130ab7c6bfa6625f45cafb070e793128a723c62d77c5598d2009a7e4.exe
    "C:\Users\Admin\AppData\Local\Temp\3b483810130ab7c6bfa6625f45cafb070e793128a723c62d77c5598d2009a7e4.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Users\Admin\AppData\Local\Temp\3b483810130ab7c6bfa6625f45cafb070e793128a723c62d77c5598d2009a7e4.exe
      "C:\Users\Admin\AppData\Local\Temp\3b483810130ab7c6bfa6625f45cafb070e793128a723c62d77c5598d2009a7e4.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:940
  • C:\Windows\SysWOW64\vscsingle.exe
    "C:\Windows\SysWOW64\vscsingle.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1164
    • C:\Windows\SysWOW64\vscsingle.exe
      "C:\Windows\SysWOW64\vscsingle.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:884

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/884-72-0x0000000000000000-mapping.dmp

    Download

  • memory/884-84-0x0000000000100000-0x000000000011A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/884-81-0x00000000001C0000-0x00000000001D8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/884-80-0x0000000000100000-0x000000000011A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/884-73-0x0000000000120000-0x000000000013A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/940-79-0x0000000000140000-0x000000000015A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/940-67-0x0000000076191000-0x0000000076193000-memory.dmp

    Filesize

    8KB

    Download

  • memory/940-66-0x0000000000180000-0x0000000000198000-memory.dmp

    Filesize

    96KB

    Download

  • memory/940-65-0x0000000000140000-0x000000000015A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/940-58-0x0000000000000000-mapping.dmp

    Download

  • memory/1164-68-0x0000000000830000-0x000000000084A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1164-77-0x00000000004A0000-0x00000000004BA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1164-78-0x0000000000850000-0x0000000000868000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2008-64-0x0000000000180000-0x0000000000198000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2008-54-0x0000000000160000-0x000000000017A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2008-63-0x0000000000090000-0x00000000000AA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2008-83-0x0000000000180000-0x0000000000198000-memory.dmp

    Filesize

    96KB

    Download