Analysis
-
max time kernel
135s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2023 13:53
Static task
static1
Behavioral task
behavioral1
Sample
04741799.exe
Resource
win7-20230220-en
General
-
Target
04741799.exe
-
Size
323KB
-
MD5
aed801875b3f880881fbef72d2ce6749
-
SHA1
307b527cbbdf2c167e45796a3b2242d0b01c2d32
-
SHA256
0002624da864ad83d0f1d9a2ef9bf83e5f31badb46b68bfed4d6150ce3789e15
-
SHA512
4d7f433576c956c6389b9535c1d15b4f8c8b080148c79f9cdf8f7cac7589952415434e8ce24d8dbb30c3541bf2654969dad11ebd4e05e8cc25fed8d54ba3131e
-
SSDEEP
6144:QsePWThcirxNiBR7sJdCFdoUzPi29bLbBYD5LIR5dJwW:QIrbGjIUzrKDdQ3
Malware Config
Extracted
emotet
Epoch2
47.36.140.164:80
169.50.76.149:8080
162.241.140.129:8080
104.131.123.136:443
95.213.236.64:8080
130.0.132.242:80
123.176.25.234:80
46.105.131.79:8080
157.245.99.39:8080
79.98.24.39:8080
49.50.209.131:80
72.143.73.234:443
50.91.114.38:80
89.216.122.92:80
5.39.91.110:7080
121.124.124.40:7080
71.72.196.159:80
5.196.74.210:8080
139.162.108.71:8080
61.19.246.238:443
91.211.88.52:7080
120.150.60.189:80
137.59.187.107:8080
139.59.60.244:8080
124.41.215.226:80
194.187.133.160:443
50.35.17.13:80
75.139.38.211:80
96.249.236.156:443
78.188.106.53:443
62.75.141.82:80
190.108.228.27:443
218.147.193.146:80
94.23.237.171:443
139.162.60.124:8080
96.245.227.43:80
174.106.122.139:80
113.61.66.94:80
93.147.212.206:80
203.153.216.189:7080
104.131.11.150:443
94.200.114.161:80
87.106.136.232:8080
69.206.132.149:80
172.91.208.86:80
110.145.77.103:80
188.219.31.12:80
71.15.245.148:8080
121.7.31.214:80
97.82.79.83:80
42.200.107.142:80
185.94.252.104:443
168.235.67.138:7080
91.146.156.228:80
24.137.76.62:80
87.106.139.101:8080
5.196.108.189:8080
194.4.58.192:7080
110.142.236.207:80
24.179.13.119:80
75.143.247.51:80
172.104.97.173:8080
216.139.123.119:80
118.83.154.64:443
74.208.45.104:8080
142.112.10.95:20
109.74.5.95:8080
104.131.44.150:8080
37.139.21.175:8080
139.99.158.11:443
220.245.198.194:80
140.186.212.146:80
78.24.219.147:8080
176.111.60.55:8080
37.187.72.193:8080
162.241.242.173:8080
209.141.54.221:8080
108.46.29.236:80
103.86.49.11:8080
174.45.13.118:80
68.252.26.78:80
62.30.7.67:443
134.209.36.254:8080
120.150.218.241:443
79.137.83.50:443
85.25.106.204:8080
186.74.215.34:80
80.241.255.202:8080
24.43.32.186:80
76.175.162.101:80
190.240.194.77:443
47.144.21.12:443
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3408-133-0x0000000002160000-0x000000000217F000-memory.dmp emotet behavioral2/memory/3408-137-0x0000000002180000-0x000000000219E000-memory.dmp emotet behavioral2/memory/3408-142-0x0000000002140000-0x000000000215D000-memory.dmp emotet -
Dave packer 1 IoCs
Detects executable using a packer named 'Dave' by the community, based on a string at the end.
Processes:
resource yara_rule behavioral2/memory/3408-142-0x0000000002140000-0x000000000215D000-memory.dmp dave -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
04741799.exepid process 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe 3408 04741799.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
04741799.exepid process 3408 04741799.exe