Analysis
-
max time kernel
144s -
max time network
146s -
platform
windows10-1703_x64 -
resource
win10-20220812-en -
resource tags
-
submitted
02-11-2022 12:52
General
-
Target
5bf0cb97593270c64c8b3921dec1358d20fc51bb022cbaea64af06c105b1f3c9.dll
-
Size
660KB
-
MD5
74b0f608b636e2962f18245603c1d233
-
SHA1
c9109dd1afb8c45ed30ba141ad308e9fa6c40693
-
SHA256
5bf0cb97593270c64c8b3921dec1358d20fc51bb022cbaea64af06c105b1f3c9
-
SHA512
60962c9f45d179bd020827b3275c3786b1042323f61e917d6d9ef6cf996a5106f98fae77c8b0b0dd0f635c70a239b802f5e0fb3d47a8076a3babd2e98b86c9b9
-
SSDEEP
12288:H6NFi+qz19gtAgY2tiZl4+/aukg78I8v4lSRi4gu2CTRD:aNY19gigZtiZyRukmQAlQEG
Score
10/10
Malware Config
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\5bf0cb97593270c64c8b3921dec1358d20fc51bb022cbaea64af06c105b1f3c9.dll1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe "C:\Windows\system32\SjMUFPvvkppUXqGDY\NhVjddbuKqzET.dll"2⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
188KB