Overview

overview

10

Static

static

4dd92acaba...af.exe

windows7-x64

10

4dd92acaba...af.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2022 19:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4dd92acabaf20c9749713447692a0f91dc672b960cb7e2fcdc6e018960d90caf.exe

  • Size

    211KB

  • MD5

    35e92fe30af505779b26a7b877eb0f70

  • SHA1

    9936ba4740f138abb49f07d282ee18b5997ba648

  • SHA256

    4dd92acabaf20c9749713447692a0f91dc672b960cb7e2fcdc6e018960d90caf

  • SHA512

    a8342cf4bd5f7b1bcc72687df083017672c0421f45d2973f48bafa03f7a07a19e6aef07777b93d41b27f59b738ae12126d0a351b07b8b82ad6bd5d2eb48a5ef9

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 22 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4dd92acabaf20c9749713447692a0f91dc672b960cb7e2fcdc6e018960d90caf.exe
    "C:\Users\Admin\AppData\Local\Temp\4dd92acabaf20c9749713447692a0f91dc672b960cb7e2fcdc6e018960d90caf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:860
    • C:\Users\Admin\AppData\Local\Temp\4dd92acabaf20c9749713447692a0f91dc672b960cb7e2fcdc6e018960d90caf.exe
      "C:\Users\Admin\AppData\Local\Temp\4dd92acabaf20c9749713447692a0f91dc672b960cb7e2fcdc6e018960d90caf.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:2032
  • C:\Windows\SysWOW64\subsdasmrc.exe
    "C:\Windows\SysWOW64\subsdasmrc.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1508
    • C:\Windows\SysWOW64\subsdasmrc.exe
      "C:\Windows\SysWOW64\subsdasmrc.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:1724

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/860-67-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/860-55-0x0000000000600000-0x000000000061A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/860-59-0x0000000000600000-0x000000000061A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/860-69-0x0000000000620000-0x0000000000630000-memory.dmp

    Filesize

    64KB

    Download

  • memory/860-68-0x00000000003E0000-0x00000000003FA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/860-54-0x0000000075321000-0x0000000075323000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1508-77-0x0000000000440000-0x000000000045A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1508-86-0x0000000000310000-0x0000000000320000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1508-73-0x0000000000440000-0x000000000045A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1508-85-0x00000000002F0000-0x000000000030A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1724-89-0x00000000003E0000-0x00000000003F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1724-90-0x00000000003C0000-0x00000000003DA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1724-88-0x00000000003C0000-0x00000000003DA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1724-78-0x0000000000000000-mapping.dmp

    Download

  • memory/1724-80-0x0000000000440000-0x000000000045A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1724-84-0x0000000000440000-0x000000000045A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2032-66-0x0000000000470000-0x000000000048A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2032-71-0x0000000000490000-0x00000000004A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2032-87-0x0000000000280000-0x000000000029A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2032-70-0x0000000000280000-0x000000000029A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2032-62-0x0000000000470000-0x000000000048A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2032-60-0x0000000000000000-mapping.dmp

    Download