Analysis
-
max time kernel
49s -
max time network
105s -
platform
windows10-1703_x64 -
resource
win10-20220901-en -
resource tags
-
submitted
03/11/2022, 07:00
General
-
Target
2ec314e86a22da2cc3dbf9314c07b74c046cca2ec8c09e21e457fcea89c9e782.dll
-
Size
727KB
-
MD5
68144852f3901edb8fae28ec558d5f37
-
SHA1
51a26f9def4c4c2726a151090fa937154e4b583b
-
SHA256
2ec314e86a22da2cc3dbf9314c07b74c046cca2ec8c09e21e457fcea89c9e782
-
SHA512
b471587e3bf3f0f11294edbb3276caf75d7b4b0cd7f3e81c6ad758c500181f7845724291d764ffb351fcb49456d1c1f233c0abd538e4c2e217b134574775eb50
-
SSDEEP
12288:ezhsu7PWe6Fth9tmzQS+37pzGIz/mXpo1z+7Sjq+DsCJqzfo:ktR6rhjmzhsT/Yg6+jtJqzf
Score
10/10
Malware Config
Signatures
-
Emotet
Emotet is a trojan that is primarily spread through spam emails.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\2ec314e86a22da2cc3dbf9314c07b74c046cca2ec8c09e21e457fcea89c9e782.dll1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe "C:\Windows\system32\AVAEZYDkIoVZ\ZJEiUembKHckuBiQ.dll"2⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
192KB