Overview

overview

10

Static

static

50503f7e01...ab.exe

windows7-x64

10

50503f7e01...ab.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220718-en
  • resource tags

    arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system
  • submitted
    19-07-2022 03:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50503f7e01611abca4ecbf80c098b35aeb038ace47be1605b0392910e71976ab.exe

  • Size

    912KB

  • MD5

    c78e9c3e594be30a54f437e58cedfc59

  • SHA1

    d16d18cdd974899c654fce95dd3427299e737735

  • SHA256

    50503f7e01611abca4ecbf80c098b35aeb038ace47be1605b0392910e71976ab

  • SHA512

    d96cdfcffe84aaa9128225149ad5961477b2c10407ec885126dcb3ca340955b8b4dbd6a9e5c72f0453242bfcb504993fa013e90daca8233c8a0ac335e1f5fca3

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50503f7e01611abca4ecbf80c098b35aeb038ace47be1605b0392910e71976ab.exe
    "C:\Users\Admin\AppData\Local\Temp\50503f7e01611abca4ecbf80c098b35aeb038ace47be1605b0392910e71976ab.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Users\Admin\AppData\Local\Temp\50503f7e01611abca4ecbf80c098b35aeb038ace47be1605b0392910e71976ab.exe
      "C:\Users\Admin\AppData\Local\Temp\50503f7e01611abca4ecbf80c098b35aeb038ace47be1605b0392910e71976ab.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:1272
  • C:\Windows\SysWOW64\waniwamreg.exe
    "C:\Windows\SysWOW64\waniwamreg.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1500
    • C:\Windows\SysWOW64\waniwamreg.exe
      "C:\Windows\SysWOW64\waniwamreg.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:520

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/520-94-0x00000000000E0000-0x00000000000F7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/520-91-0x0000000000C50000-0x0000000000D35000-memory.dmp

    Filesize

    916KB

    Download

  • memory/520-92-0x00000000000E0000-0x00000000000F7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/520-93-0x0000000000340000-0x0000000000360000-memory.dmp

    Filesize

    128KB

    Download

  • memory/520-86-0x00000000002A0000-0x00000000002B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/520-82-0x00000000002A0000-0x00000000002B7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1272-66-0x0000000000430000-0x0000000000447000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1272-70-0x0000000000C50000-0x0000000000D35000-memory.dmp

    Filesize

    916KB

    Download

  • memory/1272-71-0x0000000000410000-0x0000000000427000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1272-72-0x0000000000450000-0x0000000000470000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1272-90-0x0000000000410000-0x0000000000427000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1272-62-0x0000000000430000-0x0000000000447000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1392-54-0x0000000075C41000-0x0000000075C43000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1392-68-0x0000000000420000-0x0000000000437000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1392-69-0x0000000000460000-0x0000000000480000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1392-67-0x0000000000C50000-0x0000000000D35000-memory.dmp

    Filesize

    916KB

    Download

  • memory/1392-59-0x0000000000440000-0x0000000000457000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1392-55-0x0000000000440000-0x0000000000457000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1500-74-0x00000000002F0000-0x0000000000307000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1500-89-0x0000000000380000-0x00000000003A0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/1500-88-0x0000000000250000-0x0000000000267000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1500-87-0x0000000000C50000-0x0000000000D35000-memory.dmp

    Filesize

    916KB

    Download

  • memory/1500-78-0x00000000002F0000-0x0000000000307000-memory.dmp

    Filesize

    92KB

    Download