Analysis
-
max time kernel
286s -
max time network
298s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
17-03-2023 14:58
Behavioral task
behavioral1
Sample
emotet.dll
Resource
win7-20230220-en
windows7-x64
4 signatures
300 seconds
Behavioral task
behavioral2
Sample
emotet.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
3 signatures
300 seconds
General
-
Target
emotet.dll
-
Size
144KB
-
MD5
939198ab85520f8fa042349eb83d64d1
-
SHA1
3e8c0f7e6e55f5fece2339ec9c4c52cf9270e582
-
SHA256
0c681fdfe86923929453a713de6b2bf30fabe979ca0130f8a0a75a77a5c015f6
-
SHA512
b478d4d2841a4ba0a4e021caf21fd7c07b75b51efe514d2c226313a45f89d2e3ff322f3bebfd53d97c0cb28c9383dbca5f3616dcabc1ac3f678d7de4f8e11272
-
SSDEEP
3072:t+DIgZx6B1Bx4Megsbd26KkltYBw91mH67rc8Xw4vQobyU:Gz6BW7bw6ZlKBwnmHaotpSyU
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 24 IoCs
Processes:
rundll32.exeflow pid process 32 4836 rundll32.exe 43 4836 rundll32.exe 44 4836 rundll32.exe 46 4836 rundll32.exe 56 4836 rundll32.exe 57 4836 rundll32.exe 58 4836 rundll32.exe 60 4836 rundll32.exe 65 4836 rundll32.exe 66 4836 rundll32.exe 68 4836 rundll32.exe 70 4836 rundll32.exe 72 4836 rundll32.exe 75 4836 rundll32.exe 86 4836 rundll32.exe 87 4836 rundll32.exe 88 4836 rundll32.exe 89 4836 rundll32.exe 90 4836 rundll32.exe 91 4836 rundll32.exe 93 4836 rundll32.exe 98 4836 rundll32.exe 99 4836 rundll32.exe 100 4836 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 4836 rundll32.exe 4836 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 644 wrote to memory of 4836 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 4836 644 rundll32.exe rundll32.exe PID 644 wrote to memory of 4836 644 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\emotet.dll,#12⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses