Analysis
-
max time kernel
141s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2023 14:04
Static task
static1
Behavioral task
behavioral1
Sample
07975799.exe
Resource
win7-20230220-en
General
-
Target
07975799.exe
-
Size
356KB
-
MD5
5910c0ac2d1b7c21213150dc2e0ebee1
-
SHA1
b7c3cef988b8cbaef92586bc3ccc91235f45db48
-
SHA256
6f6e12567d41011e11473ee569ac32e3abdf0f0f3738caacd806db4e7ab88cca
-
SHA512
c4d6a8961a0e6f41b05503f4edc369e08a1b82db5dad27a6a127139764b846eef4d679758ee75bdbef9a4f2ab722501a78d2e0b19613d84b6bc47024cb4c8e72
-
SSDEEP
6144:hx+8x3zntFj3OB0LPJQOZGhcvSSj2x+TGLNs3EtU7L:htLFTOAQIacvSS6oqLFtsL
Malware Config
Extracted
emotet
Epoch2
102.182.145.130:80
173.173.254.105:80
64.207.182.168:8080
51.89.199.141:8080
167.114.153.111:8080
173.63.222.65:80
218.147.193.146:80
59.125.219.109:443
172.104.97.173:8080
190.162.215.233:80
68.115.186.26:80
78.188.106.53:443
190.240.194.77:443
24.133.106.23:80
80.227.52.78:80
79.137.83.50:443
120.150.218.241:443
62.171.142.179:8080
194.4.58.192:7080
62.30.7.67:443
134.209.144.106:443
24.230.141.169:80
194.190.67.75:80
172.91.208.86:80
201.241.127.190:80
185.94.252.104:443
104.131.11.150:443
71.15.245.148:8080
176.111.60.55:8080
172.86.188.251:8080
194.187.133.160:443
113.61.66.94:80
91.211.88.52:7080
202.134.4.216:8080
154.91.33.137:443
74.40.205.197:443
87.106.139.101:8080
66.76.12.94:8080
139.59.60.244:8080
112.185.64.233:80
85.105.111.166:80
74.208.45.104:8080
94.230.70.6:80
49.3.224.99:8080
119.59.116.21:8080
182.208.30.18:443
184.180.181.202:80
47.36.140.164:80
186.70.56.94:443
187.161.206.24:80
102.182.93.220:80
201.171.244.130:80
190.12.119.180:443
89.121.205.18:80
110.145.77.103:80
172.105.13.66:443
190.29.166.0:80
108.46.29.236:80
49.50.209.131:80
75.143.247.51:80
137.59.187.107:8080
188.219.31.12:80
61.33.119.226:443
209.141.54.221:7080
95.213.236.64:8080
120.150.60.189:80
190.164.104.62:80
186.74.215.34:80
139.99.158.11:443
76.27.179.47:80
142.112.10.95:20
61.19.246.238:443
121.7.31.214:80
88.153.35.32:80
5.39.91.110:7080
123.142.37.166:80
50.245.107.73:443
95.9.5.93:80
37.139.21.175:8080
157.245.99.39:8080
217.123.207.149:80
72.186.136.247:443
115.94.207.99:443
202.141.243.254:443
78.24.219.147:8080
97.82.79.83:80
217.20.166.178:7080
203.153.216.189:7080
220.245.198.194:80
168.235.67.138:7080
110.142.236.207:80
162.241.140.129:8080
76.175.162.101:80
27.114.9.93:80
24.178.90.49:80
202.134.4.211:8080
123.176.25.234:80
61.76.222.210:80
109.116.245.80:80
139.162.60.124:8080
190.108.228.27:443
94.23.237.171:443
2.58.16.89:8080
37.179.204.33:80
96.245.227.43:80
216.139.123.119:80
89.216.122.92:80
37.187.72.193:8080
74.214.230.200:80
93.147.212.206:80
103.86.49.11:8080
174.106.122.139:80
138.68.87.218:443
118.83.154.64:443
200.116.145.225:443
94.200.114.161:80
62.75.141.82:80
121.124.124.40:7080
176.113.52.6:443
24.137.76.62:80
41.185.28.84:8080
50.91.114.38:80
46.105.131.79:8080
109.74.5.95:8080
67.170.250.203:443
100.37.240.62:80
Signatures
-
Processes:
resource yara_rule behavioral2/memory/3344-134-0x0000000002A20000-0x0000000002A54000-memory.dmp emotet behavioral2/memory/3344-138-0x0000000002A60000-0x0000000002A93000-memory.dmp emotet behavioral2/memory/3344-143-0x00000000029E0000-0x0000000002A11000-memory.dmp emotet -
Suspicious behavior: EnumeratesProcesses 18 IoCs
Processes:
07975799.exepid process 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe 3344 07975799.exe