Overview

overview

10

Static

static

54bc56e089...32.exe

windows7-x64

10

54bc56e089...32.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220715-en
  • resource tags

    arch:x64arch:x86image:win7-20220715-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2022 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54bc56e089ad144f902f0a478365628e3c7b0a1739abb56200c3e1a724fd5232.exe

  • Size

    136KB

  • MD5

    7ebfdaade79a9176976fa08d700204ac

  • SHA1

    58cb57bd8b5dbd1d85ba931f20522e93666141e6

  • SHA256

    54bc56e089ad144f902f0a478365628e3c7b0a1739abb56200c3e1a724fd5232

  • SHA512

    ecc1501a1e547d853d8e14a284b68235c2c26871a4aa5e46bb3bfe78278ca64ee99f07d0a828ee795312348796be3f4aaf0c331d70417f98dbe558c151bc33b9

Score
10/10
emotetbankertrojan

Malware Config

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54bc56e089ad144f902f0a478365628e3c7b0a1739abb56200c3e1a724fd5232.exe
    "C:\Users\Admin\AppData\Local\Temp\54bc56e089ad144f902f0a478365628e3c7b0a1739abb56200c3e1a724fd5232.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1092
    • C:\Users\Admin\AppData\Local\Temp\54bc56e089ad144f902f0a478365628e3c7b0a1739abb56200c3e1a724fd5232.exe
      "C:\Users\Admin\AppData\Local\Temp\54bc56e089ad144f902f0a478365628e3c7b0a1739abb56200c3e1a724fd5232.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: RenamesItself
      PID:1924
  • C:\Windows\SysWOW64\dasmrcnot.exe
    "C:\Windows\SysWOW64\dasmrcnot.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\SysWOW64\dasmrcnot.exe
      "C:\Windows\SysWOW64\dasmrcnot.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious behavior: EnumeratesProcesses
      PID:2028

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1092-63-0x0000000000100000-0x000000000011A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1092-54-0x0000000000170000-0x000000000018A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1092-64-0x0000000000190000-0x00000000001A8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1924-66-0x00000000005C0000-0x00000000005D8000-memory.dmp

    Filesize

    96KB

    Download

  • memory/1924-59-0x0000000000180000-0x000000000019A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1924-65-0x0000000000090000-0x00000000000AA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1924-67-0x0000000075481000-0x0000000075483000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1924-79-0x0000000000090000-0x00000000000AA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2028-80-0x00000000000D0000-0x00000000000EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2028-73-0x0000000000260000-0x000000000027A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2028-83-0x00000000000D0000-0x00000000000EA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2028-81-0x0000000000280000-0x0000000000298000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2044-68-0x0000000000190000-0x00000000001AA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2044-78-0x0000000000240000-0x0000000000258000-memory.dmp

    Filesize

    96KB

    Download

  • memory/2044-77-0x0000000000150000-0x000000000016A000-memory.dmp

    Filesize

    104KB

    Download