Resubmissions
15/02/2023, 22:38
230215-2ke23aee76 10Analysis
-
max time kernel
1s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
15/02/2023, 22:38
Static task
static1
Behavioral task
behavioral1
Sample
2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe
Resource
win7-20220901-en
3 signatures
150 seconds
General
-
Target
2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe
-
Size
168KB
-
MD5
84d164fbfe0982a00404cb3d7b164bf5
-
SHA1
e068cd94e06c1f592a2d16ac2adc52c2ce506fa5
-
SHA256
2032acdf04511314d53f51d1fef7f9e62e69abbe3db0b31a0302a8545ab1bd82
-
SHA512
be33a2f96c68ff640a1f59241969fb27971305ecf251c2f8422d3e5a6b0bf609580a7360db3fa3c0355c956f19efec5f7d2f69e947e8f3c979f930ee1761da04
-
SSDEEP
3072:tzFEhjHHIUjCgArLEZXApH3UHE360ESYUzp8t:1FWHIU2Y9KEHE36FS5p8t
Malware Config
Signatures
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 1272 2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe 1332 2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1272 wrote to memory of 1332 1272 2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe 27 PID 1272 wrote to memory of 1332 1272 2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe 27 PID 1272 wrote to memory of 1332 1272 2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe 27 PID 1272 wrote to memory of 1332 1272 2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe"C:\Users\Admin\AppData\Local\Temp\2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe"1⤵
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1272 -
C:\Users\Admin\AppData\Local\Temp\2019-05-01-Emotet-binary-retrieved-by-Word-macro.exe--6dea92982⤵
- Suspicious use of UnmapMainImage
PID:1332
-