Analysis
-
max time kernel
109s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
02-04-2023 04:31
Behavioral task
behavioral1
Sample
test_unpacked_emotet.dll
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
test_unpacked_emotet.dll
Resource
win10v2004-20230220-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
test_unpacked_emotet.dll
-
Size
161KB
-
MD5
a8c3f116cf9c9f7fd1cb8d5a96fc747d
-
SHA1
ca184c5385c9833f7ee97cd6f4af70b7404a5d76
-
SHA256
debad0131060d5dd9c4642bd6aed186c4a57b46b0f4c69f1af16b1ff9c0a77b1
-
SHA512
cf57b647cc5ce3546da0bbc42015910ae837494e0060834b85c51fc8b2c3690c9c36e757abb94095b2dda4d36337743a10552f6a7b7cbe2dfc14a3dbd5f843f5
-
SSDEEP
3072:R6bDR4tUro+opTdespdfXfnZo1eJhh4QnwnyJJGv:KcsUeSt/Zo1eJh+WG
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
regsvr32.exeregsvr32.exepid process 1684 regsvr32.exe 1684 regsvr32.exe 1552 regsvr32.exe 1552 regsvr32.exe 1552 regsvr32.exe 1552 regsvr32.exe -
Suspicious behavior: RenamesItself 1 IoCs
Processes:
regsvr32.exepid process 1684 regsvr32.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
regsvr32.exedescription pid process target process PID 1684 wrote to memory of 1552 1684 regsvr32.exe regsvr32.exe PID 1684 wrote to memory of 1552 1684 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\test_unpacked_emotet.dll1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\regsvr32.exeC:\Windows\system32\regsvr32.exe "C:\Windows\system32\MSBYNvnKpx\lCATM.dll"2⤵
- Suspicious behavior: EnumeratesProcesses