Analysis
-
max time kernel
144s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2023 13:54
Static task
static1
Behavioral task
behavioral1
Sample
04990099.exe
Resource
win7-20230220-en
General
-
Target
04990099.exe
-
Size
368KB
-
MD5
91da3c181ce80542e97bfacf8ed6ace3
-
SHA1
b05dcff45d6291cab045b428c2de6768fba3bcfa
-
SHA256
369b40c6463293a9dbe5fb8b5c812f4759131555608f7ef4b9279bb155345006
-
SHA512
ac188e23af6de41b95973b9d6628a6a66e7348618fa84097035b19739922132fb94e7fffce2d07c7658e61ec639ba19dfed406491d053d509b75f1fae73ef255
-
SSDEEP
6144:HzoTjUrx4KVHa9eUfTLHy2VrH0D+wieIJl7lT2IcO/wksAPJLzx:ToCHVcjZwiey7l6i/wi
Malware Config
Extracted
emotet
Epoch2
200.116.145.225:443
96.126.101.6:8080
5.196.108.185:8080
167.114.153.111:8080
194.187.133.160:443
98.174.164.72:80
103.86.49.11:8080
78.24.219.147:8080
50.245.107.73:443
110.145.77.103:80
94.200.114.161:80
61.19.246.238:443
194.4.58.192:7080
209.54.13.14:80
102.182.93.220:80
46.105.131.79:8080
142.112.10.95:20
186.70.56.94:443
203.153.216.189:7080
49.50.209.131:80
176.113.52.6:443
62.30.7.67:443
61.76.222.210:80
113.61.66.94:80
157.245.99.39:8080
216.139.123.119:80
184.180.181.202:80
123.142.37.166:80
124.41.215.226:80
119.59.116.21:8080
41.185.28.84:8080
5.39.91.110:7080
220.245.198.194:80
139.162.108.71:8080
75.143.247.51:80
74.214.230.200:80
185.94.252.104:443
208.180.207.205:80
49.3.224.99:8080
93.147.212.206:80
182.208.30.18:443
95.213.236.64:8080
37.187.72.193:8080
59.125.219.109:443
37.179.204.33:80
95.9.5.93:80
168.235.67.138:7080
118.83.154.64:443
121.7.31.214:80
74.208.45.104:8080
87.106.136.232:8080
138.68.87.218:443
62.75.141.82:80
66.76.12.94:8080
202.134.4.216:8080
47.36.140.164:80
110.142.236.207:80
134.209.144.106:443
89.216.122.92:80
75.188.96.231:80
24.179.13.119:80
218.147.193.146:80
174.106.122.139:80
71.15.245.148:8080
104.131.11.150:443
202.141.243.254:443
94.230.70.6:80
24.178.90.49:80
97.82.79.83:80
68.252.26.78:80
173.63.222.65:80
162.241.242.173:8080
79.137.83.50:443
80.241.255.202:8080
120.150.60.189:80
190.29.166.0:80
96.245.227.43:80
50.91.114.38:80
83.110.223.58:443
24.230.141.169:80
37.139.21.175:8080
202.134.4.211:8080
190.240.194.77:443
176.111.60.55:8080
123.176.25.234:80
209.141.54.221:7080
115.94.207.99:443
50.35.17.13:80
109.74.5.95:8080
120.150.218.241:443
121.124.124.40:7080
217.20.166.178:7080
108.46.29.236:80
2.58.16.89:8080
85.105.111.166:80
137.59.187.107:8080
139.162.60.124:8080
76.175.162.101:80
139.99.158.11:443
104.131.123.136:443
91.211.88.52:7080
91.146.156.228:80
172.104.97.173:8080
89.121.205.18:80
186.74.215.34:80
61.33.119.226:443
162.241.140.129:8080
130.0.132.242:80
190.108.228.27:443
201.241.127.190:80
87.106.139.101:8080
78.188.106.53:443
188.219.31.12:80
76.171.227.238:80
72.143.73.234:443
62.171.142.179:8080
139.59.60.244:8080
24.137.76.62:80
172.86.188.251:8080
172.91.208.86:80
94.23.237.171:443
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3108-133-0x0000000002280000-0x00000000022A2000-memory.dmp emotet behavioral2/memory/3108-137-0x00000000023C0000-0x00000000023E1000-memory.dmp emotet behavioral2/memory/3108-142-0x0000000000710000-0x0000000000730000-memory.dmp emotet -
Suspicious behavior: EnumeratesProcesses 22 IoCs
Processes:
04990099.exepid process 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe 3108 04990099.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
04990099.exepid process 3108 04990099.exe