Analysis
-
max time kernel
128s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
27-10-2022 14:49
General
-
Target
file.exe
-
Size
608KB
-
MD5
242dbfb71d9542ea21bffe814b8ffffb
-
SHA1
6caffd90a124d927c11c00b12e64305d23f0d4dc
-
SHA256
663691f9df3d17dde6330cff50e30c63ec795ac0b6969986c6c31414231cadbb
-
SHA512
c099a6c7f43fbe42c730de8d34cb49bc031c13c7d87059aeaaa9f51c8498c37a9cf2913748e9f8c2f6a61f41ed9811d68bade8bc0078fd5fec5ea07c2a22d9ab
-
SSDEEP
6144:Z25vnlVjWYhbZ0Q23WLqLdiP3VhlR7+5kvHf+rSC/7BIOg2WrFr3Hhjxf:Z25vlVjndj23/LcPnlkmvHf+F4VF
Malware Config
Extracted
emotet
Epoch1
74.136.144.133:80
51.38.124.206:80
178.79.163.131:8080
82.196.15.205:8080
212.71.237.140:8080
67.247.242.247:80
87.106.46.107:8080
104.131.103.37:8080
83.169.21.32:7080
45.161.242.102:80
110.142.219.51:80
45.173.88.33:80
187.162.248.237:80
5.196.35.138:7080
72.47.248.48:7080
186.103.141.250:443
98.13.75.196:80
77.90.136.129:8080
186.70.127.199:8090
152.169.22.67:80
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Emotet payload 3 IoCs
Detects Emotet payload in memory.
-
Dave packer 1 IoCs
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
-
Suspicious behavior: EnumeratesProcesses 18 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3420-132-0x0000000002200000-0x0000000002212000-memory.dmpFilesize
72KB
-
memory/3420-136-0x00000000022C0000-0x00000000022D0000-memory.dmpFilesize
64KB
-
memory/3420-139-0x00000000021F0000-0x00000000021FF000-memory.dmpFilesize
60KB