Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    08-07-2022 06:11

General

  • Target

    414bb592b0111434f9c95e6e396af03803bfc38a5d55fda282142b7186724728.exe

  • Size

    172KB

  • MD5

    4d6ece858531b5b9040841db3419fd1c

  • SHA1

    1ff0bb7169b26962457ed996c5a7aaf3f69aeee0

  • SHA256

    414bb592b0111434f9c95e6e396af03803bfc38a5d55fda282142b7186724728

  • SHA512

    5f4b3abd23f4572b842abd0c14ebb7fb7cdc2f5d288991fb7ea52ff415193a766567646d9b34529b16bbd5d4adc4d1f0b6847e9d8001a798ae1bc0e1c047075e

Score
10/10

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 22 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\414bb592b0111434f9c95e6e396af03803bfc38a5d55fda282142b7186724728.exe
    "C:\Users\Admin\AppData\Local\Temp\414bb592b0111434f9c95e6e396af03803bfc38a5d55fda282142b7186724728.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4900
    • C:\Users\Admin\AppData\Local\Temp\414bb592b0111434f9c95e6e396af03803bfc38a5d55fda282142b7186724728.exe
      "C:\Users\Admin\AppData\Local\Temp\414bb592b0111434f9c95e6e396af03803bfc38a5d55fda282142b7186724728.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:1288
  • C:\Windows\SysWOW64\ihuncookies.exe
    "C:\Windows\SysWOW64\ihuncookies.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4044
    • C:\Windows\SysWOW64\ihuncookies.exe
      "C:\Windows\SysWOW64\ihuncookies.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2148

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1288-135-0x0000000000000000-mapping.dmp

  • memory/1288-137-0x0000000002080000-0x0000000002097000-memory.dmp

    Filesize

    92KB

  • memory/1288-142-0x0000000002080000-0x0000000002097000-memory.dmp

    Filesize

    92KB

  • memory/1288-143-0x0000000002060000-0x0000000002077000-memory.dmp

    Filesize

    92KB

  • memory/1288-144-0x00000000020A0000-0x00000000020C0000-memory.dmp

    Filesize

    128KB

  • memory/1288-158-0x0000000002060000-0x0000000002077000-memory.dmp

    Filesize

    92KB

  • memory/2148-150-0x0000000000000000-mapping.dmp

  • memory/2148-161-0x00000000004D0000-0x00000000004E7000-memory.dmp

    Filesize

    92KB

  • memory/2148-160-0x00000000008F0000-0x0000000000910000-memory.dmp

    Filesize

    128KB

  • memory/2148-159-0x00000000004D0000-0x00000000004E7000-memory.dmp

    Filesize

    92KB

  • memory/4044-156-0x00000000008B0000-0x00000000008C7000-memory.dmp

    Filesize

    92KB

  • memory/4044-149-0x00000000008D0000-0x00000000008E7000-memory.dmp

    Filesize

    92KB

  • memory/4044-157-0x00000000008F0000-0x0000000000910000-memory.dmp

    Filesize

    128KB

  • memory/4044-145-0x00000000008D0000-0x00000000008E7000-memory.dmp

    Filesize

    92KB

  • memory/4900-130-0x00000000021B0000-0x00000000021C7000-memory.dmp

    Filesize

    92KB

  • memory/4900-136-0x0000000000B70000-0x0000000000B87000-memory.dmp

    Filesize

    92KB

  • memory/4900-139-0x00000000021D0000-0x00000000021F0000-memory.dmp

    Filesize

    128KB

  • memory/4900-134-0x00000000021B0000-0x00000000021C7000-memory.dmp

    Filesize

    92KB