Analysis
-
max time kernel
128s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
27-10-2022 14:49
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20220812-en
General
-
Target
file.exe
-
Size
608KB
-
MD5
242dbfb71d9542ea21bffe814b8ffffb
-
SHA1
6caffd90a124d927c11c00b12e64305d23f0d4dc
-
SHA256
663691f9df3d17dde6330cff50e30c63ec795ac0b6969986c6c31414231cadbb
-
SHA512
c099a6c7f43fbe42c730de8d34cb49bc031c13c7d87059aeaaa9f51c8498c37a9cf2913748e9f8c2f6a61f41ed9811d68bade8bc0078fd5fec5ea07c2a22d9ab
-
SSDEEP
6144:Z25vnlVjWYhbZ0Q23WLqLdiP3VhlR7+5kvHf+rSC/7BIOg2WrFr3Hhjxf:Z25vlVjndj23/LcPnlkmvHf+F4VF
Malware Config
Extracted
emotet
Epoch1
74.136.144.133:80
51.38.124.206:80
178.79.163.131:8080
82.196.15.205:8080
212.71.237.140:8080
67.247.242.247:80
87.106.46.107:8080
104.131.103.37:8080
83.169.21.32:7080
45.161.242.102:80
110.142.219.51:80
45.173.88.33:80
187.162.248.237:80
5.196.35.138:7080
72.47.248.48:7080
186.103.141.250:443
98.13.75.196:80
77.90.136.129:8080
186.70.127.199:8090
152.169.22.67:80
72.167.223.217:8080
45.33.77.42:8080
64.201.88.132:80
184.66.18.83:80
177.73.0.98:443
70.32.115.157:8080
137.74.106.111:7080
188.2.217.94:80
77.238.212.227:80
111.67.12.221:8080
50.121.220.50:80
153.162.105.97:80
38.88.126.202:8080
50.28.51.143:8080
51.255.165.160:8080
190.115.18.139:8080
172.104.169.32:8080
206.15.68.237:443
199.203.62.165:80
104.131.41.185:8080
217.13.106.14:8080
73.213.208.163:80
68.183.170.114:8080
170.81.48.2:80
111.67.77.202:8080
190.6.193.152:8080
74.58.215.226:80
95.9.180.128:80
51.159.23.217:443
71.197.211.156:80
68.183.190.199:8080
138.97.60.141:7080
185.94.252.27:443
94.176.234.118:443
12.162.84.2:8080
209.236.123.42:8080
45.16.226.117:443
190.190.148.27:8080
181.30.61.163:443
190.147.137.153:443
190.195.129.227:8090
189.2.177.210:443
5.189.178.202:8080
192.241.143.52:8080
181.129.96.162:8080
216.47.196.104:80
192.241.146.84:8080
70.32.84.74:8080
103.106.236.83:8080
190.2.31.172:80
219.92.13.25:80
2.47.112.152:80
190.24.243.186:80
190.163.31.26:80
213.197.182.158:8080
185.215.227.107:443
217.199.160.224:7080
191.182.6.118:80
61.92.159.208:8080
188.135.15.49:80
72.135.200.124:80
178.250.54.208:8080
54.37.42.48:8080
204.225.249.100:7080
82.76.111.249:443
177.74.228.34:80
65.36.62.20:80
185.94.252.12:80
185.178.10.77:80
68.69.155.181:80
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3420-132-0x0000000002200000-0x0000000002212000-memory.dmp emotet behavioral2/memory/3420-136-0x00000000022C0000-0x00000000022D0000-memory.dmp emotet behavioral2/memory/3420-139-0x00000000021F0000-0x00000000021FF000-memory.dmp emotet -
Dave packer 1 IoCs
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
Processes:
resource yara_rule behavioral2/memory/3420-139-0x00000000021F0000-0x00000000021FF000-memory.dmp dave -
Suspicious behavior: EnumeratesProcesses 18 IoCs
Processes:
file.exepid process 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe 3420 file.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
file.exepid process 3420 file.exe