Analysis
-
max time kernel
139s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
-
submitted
25-07-2022 03:36
General
-
Target
6e8c0a21a723bf61fe5fd90005b4f38b61e8390341d34c51154d4861e4043905.exe
-
Size
65KB
-
MD5
91e8195bd71c046a45f994b786e257a7
-
SHA1
6b9f8e04de0a349a65773c19c15a727eaa5b5244
-
SHA256
6e8c0a21a723bf61fe5fd90005b4f38b61e8390341d34c51154d4861e4043905
-
SHA512
98ea3dad053159b2a01de9724a55bfa58b5d844a9e8e1484e7eaa492a13c05ebf6824f184c988b3a52180a912d34685a418ec7a05efa81739c7941d63c677cb1
Score
10/10
Malware Config
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Drops file in System32 directory 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies data under HKEY_USERS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6e8c0a21a723bf61fe5fd90005b4f38b61e8390341d34c51154d4861e4043905.exe"C:\Users\Admin\AppData\Local\Temp\6e8c0a21a723bf61fe5fd90005b4f38b61e8390341d34c51154d4861e4043905.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\6e8c0a21a723bf61fe5fd90005b4f38b61e8390341d34c51154d4861e4043905.exe--e56fb7562⤵
- Suspicious behavior: RenamesItself
-
C:\Windows\SysWOW64\grouppublish.exe"C:\Windows\SysWOW64\grouppublish.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\grouppublish.exe--340ec7822⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4396-130-0x0000000000000000-mapping.dmp
-
memory/4752-131-0x0000000000000000-mapping.dmp