Analysis
-
max time kernel
144s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
11-07-2022 08:13
General
-
Target
1b4f98529066175c4276a6742310fd53bb6b87e8.exe
-
Size
848KB
-
MD5
4443a18bffc3e43b07946b4d46c430e0
-
SHA1
1b4f98529066175c4276a6742310fd53bb6b87e8
-
SHA256
a64b8a1209a229c458dd3689aa96c142076318690996835afa68425cd809cfc8
-
SHA512
855ac37d1bc5b0b8c66968647e8f220501e38174ad484b07b3942da4f9c1ee1c07060136aa40ed0b9210d931dee595830bacb5375c421ff1a69d7e21c6eaf73c
Malware Config
Extracted
emotet
Epoch1
45.16.226.117:443
91.121.54.71:8080
209.236.123.42:8080
89.32.150.160:8080
45.161.242.102:80
37.52.87.0:80
137.74.106.111:7080
71.197.211.156:80
217.199.160.224:7080
186.70.127.199:8090
50.28.51.143:8080
190.115.18.139:8080
85.105.140.135:443
24.148.98.177:80
181.30.61.163:443
192.241.146.84:8080
185.94.252.27:443
77.238.212.227:80
185.94.252.12:80
190.147.137.153:443
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b4f98529066175c4276a6742310fd53bb6b87e8.exe"C:\Users\Admin\AppData\Local\Temp\1b4f98529066175c4276a6742310fd53bb6b87e8.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3420-130-0x0000000002300000-0x000000000230C000-memory.dmpFilesize
48KB
-
memory/3420-134-0x00000000022F0000-0x00000000022F9000-memory.dmpFilesize
36KB