Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2023 17:15
Static task
static1
Behavioral task
behavioral1
Sample
effects915.exe
Resource
win7-20230220-en
General
-
Target
effects915.exe
-
Size
288KB
-
MD5
28bfff6a2933781a3d23dac2d4ddbbf7
-
SHA1
e70bafa223c58212ffda30a652dde5fa0c108065
-
SHA256
0766329f73128257dcc645d12cca3896b524d170c4bc69fbc998952d9ee9b67d
-
SHA512
bf6f605d50e9f4273573f852851acefcb16b3a18c38ee014a0087861750291040edef7fdecafd472093fd0ccd489b1d8f160111479c14ab1f19a27dd40f7c5d5
-
SSDEEP
6144:kY70Z8kCSgjTT0iZjyHbUrruN2u5m2I4EbdX:kjgjX0iZO8rm5m5HF
Malware Config
Extracted
emotet
Epoch1
82.137.29.8:80
180.232.111.30:80
111.67.12.222:8080
94.23.62.116:8080
59.148.253.194:8080
212.71.237.140:8080
177.23.7.151:80
70.32.84.74:8080
94.176.234.118:443
185.183.16.47:80
12.162.84.2:8080
137.74.106.111:7080
5.89.33.136:80
37.187.161.206:8080
80.15.100.37:80
80.249.176.206:80
45.33.77.42:8080
62.84.75.50:80
68.183.170.114:8080
105.209.235.113:8080
179.222.115.170:80
111.67.12.221:8080
37.221.70.250:80
51.75.33.127:80
82.208.149.146:80
186.189.249.2:80
201.71.228.86:80
154.127.113.242:80
60.249.78.226:8080
103.13.224.53:80
138.97.60.140:8080
181.120.29.49:80
191.182.6.118:80
78.206.229.130:80
190.195.129.227:8090
177.144.130.105:8080
46.105.114.137:8080
190.64.88.186:443
177.85.167.10:80
178.250.54.208:8080
12.163.208.58:80
113.163.216.135:80
46.101.58.37:8080
83.103.179.156:80
110.39.162.2:443
104.131.41.185:8080
190.115.18.139:8080
190.92.122.226:80
219.92.13.25:80
138.97.60.141:7080
217.13.106.14:8080
50.28.51.143:8080
186.146.13.184:443
1.226.84.243:8080
85.214.26.7:8080
5.196.35.138:7080
46.43.2.95:8080
189.2.177.210:443
86.127.212.235:443
177.144.130.105:443
51.255.165.160:8080
188.135.15.49:80
186.188.212.201:80
185.94.252.27:443
149.202.72.142:7080
170.81.48.2:80
45.16.226.117:443
177.73.0.98:443
81.214.253.80:443
70.32.115.157:8080
178.211.45.66:8080
51.15.7.145:80
190.101.156.139:80
187.162.250.23:443
87.106.46.107:8080
193.251.77.110:80
45.46.37.97:80
190.24.243.186:80
152.169.22.67:80
82.76.111.249:443
187.162.248.237:80
192.241.143.52:8080
178.242.90.32:80
68.183.190.199:8080
81.215.230.173:443
74.58.215.226:80
213.197.182.158:8080
192.232.229.54:7080
213.52.74.198:80
201.213.177.139:80
192.175.111.212:7080
5.2.182.7:80
172.104.169.32:8080
191.223.36.170:80
175.145.248.25:80
128.92.203.42:80
155.186.9.160:80
209.236.123.42:8080
197.232.36.108:80
181.58.181.9:80
181.61.182.143:80
190.45.24.210:80
103.236.179.162:80
24.232.228.233:80
83.169.21.32:7080
60.93.23.51:80
202.134.4.210:7080
77.78.196.173:443
181.120.72.110:80
181.30.61.163:443
Signatures
-
Processes:
resource yara_rule behavioral2/memory/1616-133-0x0000000002280000-0x0000000002292000-memory.dmp emotet behavioral2/memory/1616-137-0x00000000022A0000-0x00000000022B0000-memory.dmp emotet behavioral2/memory/1616-140-0x0000000002270000-0x000000000227F000-memory.dmp emotet -
Drops file in Windows directory 1 IoCs
Processes:
effects915.exedescription ioc process File opened for modification C:\Windows\notepad.exe effects915.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
effects915.exepid process 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe 1616 effects915.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
effects915.exepid process 1616 effects915.exe 1616 effects915.exe