Overview

overview

10

Static

static

46492e7484...1b.exe

windows7_x64

10

46492e7484...1b.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    07-07-2022 09:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46492e74843cad3c1737eb6574a23860f6d06bb6ded87cfa60813f6a2733651b.exe

  • Size

    107KB

  • MD5

    2713803ed23c454fa465882d919de3a3

  • SHA1

    9e143c0e0fb22c132aec6dffeac137bee7bf8008

  • SHA256

    46492e74843cad3c1737eb6574a23860f6d06bb6ded87cfa60813f6a2733651b

  • SHA512

    ed35ef97a281736228e65de3967f95fa00fa8598bd7c77175e93d7f77cc7039afd170f310d8b3108219716349bbe39a54d7ef6f0573a8f6c1999bff51e7eb078

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 21 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46492e74843cad3c1737eb6574a23860f6d06bb6ded87cfa60813f6a2733651b.exe
    "C:\Users\Admin\AppData\Local\Temp\46492e74843cad3c1737eb6574a23860f6d06bb6ded87cfa60813f6a2733651b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1528
    • C:\Users\Admin\AppData\Local\Temp\46492e74843cad3c1737eb6574a23860f6d06bb6ded87cfa60813f6a2733651b.exe
      "C:\Users\Admin\AppData\Local\Temp\46492e74843cad3c1737eb6574a23860f6d06bb6ded87cfa60813f6a2733651b.exe"
      2⤵
      • Suspicious behavior: RenamesItself
      PID:1456
  • C:\Windows\SysWOW64\mgmtmgmt.exe
    C:\Windows\SysWOW64\mgmtmgmt.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Windows\SysWOW64\mgmtmgmt.exe
      "C:\Windows\SysWOW64\mgmtmgmt.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2036

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/948-69-0x0000000000330000-0x000000000033E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/948-82-0x0000000000340000-0x0000000000350000-memory.dmp

    Filesize

    64KB

    Download

  • memory/948-81-0x0000000000320000-0x000000000032E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/948-73-0x0000000000330000-0x000000000033E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1456-68-0x0000000000250000-0x000000000025E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1456-66-0x0000000075391000-0x0000000075393000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1456-59-0x0000000000000000-mapping.dmp

    Download

  • memory/1456-83-0x0000000000250000-0x000000000025E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1528-67-0x0000000000270000-0x0000000000280000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1528-54-0x0000000000260000-0x000000000026E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1528-65-0x0000000000250000-0x000000000025E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1528-58-0x0000000000260000-0x000000000026E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2036-74-0x0000000000000000-mapping.dmp

    Download

  • memory/2036-84-0x0000000000250000-0x000000000025E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2036-85-0x0000000000250000-0x000000000025E000-memory.dmp

    Filesize

    56KB

    Download