Overview

overview

10

Static

static

572364a36a...54.exe

windows7-x64

10

572364a36a...54.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2022 00:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    572364a36ab856bf456d4bbe0c1e2727690bb7806a3311087e79e573cdb56854.exe

  • Size

    113KB

  • MD5

    7611776a4693c2b77957cc213036345d

  • SHA1

    6e176c3f6db12a08674633252085bd96eac3de17

  • SHA256

    572364a36ab856bf456d4bbe0c1e2727690bb7806a3311087e79e573cdb56854

  • SHA512

    61deddbb3444e48fec1b2dc3d87b3c3a2e7d566050e7be64670d3cda12e93b4373d59603755c59c7d77e7f3ea692396a0d55fca5b8d21f0498c9d84215b1248e

Score
10/10
emotetbankersuricatatrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • suricata: ET MALWARE Win32/Emotet CnC Checkin (POST)

    suricata: ET MALWARE Win32/Emotet CnC Checkin (POST)

    suricata
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 21 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\572364a36ab856bf456d4bbe0c1e2727690bb7806a3311087e79e573cdb56854.exe
    "C:\Users\Admin\AppData\Local\Temp\572364a36ab856bf456d4bbe0c1e2727690bb7806a3311087e79e573cdb56854.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1476
    • C:\Users\Admin\AppData\Local\Temp\572364a36ab856bf456d4bbe0c1e2727690bb7806a3311087e79e573cdb56854.exe
      "C:\Users\Admin\AppData\Local\Temp\572364a36ab856bf456d4bbe0c1e2727690bb7806a3311087e79e573cdb56854.exe"
      2⤵
      • Suspicious behavior: RenamesItself
      PID:1972
  • C:\Windows\SysWOW64\bitsdcom.exe
    C:\Windows\SysWOW64\bitsdcom.exe
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1072
    • C:\Windows\SysWOW64\bitsdcom.exe
      "C:\Windows\SysWOW64\bitsdcom.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1160
      • C:\Windows\SysWOW64\bitsdcom.exe
        "C:\Windows\SysWOW64\bitsdcom.exe"
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious behavior: EnumeratesProcesses
        PID:1756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1072-72-0x00000000003B0000-0x00000000003BE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1072-79-0x00000000003C0000-0x00000000003D0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1072-78-0x0000000000310000-0x000000000031E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1072-76-0x00000000003B0000-0x00000000003BE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1160-87-0x0000000000310000-0x000000000031E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1160-77-0x0000000000000000-mapping.dmp
    Download
  • memory/1160-88-0x00000000003B0000-0x00000000003C0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1160-85-0x0000000000320000-0x000000000032E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1160-81-0x0000000000320000-0x000000000032E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1476-54-0x00000000002E0000-0x00000000002EE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1476-62-0x00000000002E0000-0x00000000002EE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1476-55-0x00000000003F0000-0x00000000003FE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1476-61-0x0000000000430000-0x0000000000440000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1476-59-0x00000000003F0000-0x00000000003FE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1756-86-0x0000000000000000-mapping.dmp
    Download
  • memory/1756-89-0x0000000000250000-0x000000000025E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1756-97-0x00000000001C0000-0x00000000001CE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1756-96-0x00000000003F0000-0x0000000000400000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1756-95-0x00000000001C0000-0x00000000001CE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1756-93-0x0000000000250000-0x000000000025E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1972-70-0x00000000003F0000-0x0000000000400000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1972-67-0x00000000003E0000-0x00000000003EE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1972-63-0x00000000003E0000-0x00000000003EE000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1972-68-0x00000000768C1000-0x00000000768C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1972-69-0x0000000000250000-0x000000000025E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1972-60-0x0000000000000000-mapping.dmp
    Download
  • memory/1972-80-0x0000000000250000-0x000000000025E000-memory.dmp
    Filesize

    56KB

    Download
  • memory/1972-71-0x0000000000250000-0x000000000025E000-memory.dmp
    Filesize

    56KB

    Download