Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
28-01-2024 23:44
Static task
static1
Behavioral task
behavioral1
Sample
7e514e8be48b0a1a597e7b2ca4e03d7e.dll
Resource
win7-20231215-en
General
-
Target
7e514e8be48b0a1a597e7b2ca4e03d7e.dll
-
Size
271KB
-
MD5
7e514e8be48b0a1a597e7b2ca4e03d7e
-
SHA1
3379dee67ee82f7bf7022e67bb72a3c0428e5036
-
SHA256
dcf227738d1c1d909553cd71ea2f058cdd0a867715dbe0cc4b974fad909a96cf
-
SHA512
7e29c8fcbe0efb3d8b9b26593e5f53b628988e137be7fd8bfdfcc6e39628677d27b3714e2a76b9cd4619ab3bea3cc18085c51a082e0b52347a666ffcf57651ba
-
SSDEEP
6144:+60EDP6uCLfGw/GpxXinM1BCo1PlumGx2mx2tXd0t115JGJ:X5DpBw/KViMTB1MnEWk0115JO
Malware Config
Extracted
emotet
Epoch1
200.75.39.254:80
201.185.69.28:443
206.189.232.2:8080
138.197.99.250:8080
167.71.148.58:443
190.45.24.210:80
110.39.162.2:443
201.75.62.86:80
46.105.114.137:8080
190.247.139.101:80
59.148.253.194:8080
137.74.106.111:7080
202.79.24.136:443
177.85.167.10:80
80.15.100.37:80
45.16.226.117:443
190.24.243.186:80
138.97.60.141:7080
2.80.112.146:80
81.214.253.80:443
87.106.46.107:8080
46.101.58.37:8080
111.67.12.221:8080
201.241.127.190:80
217.13.106.14:8080
177.23.7.151:80
95.76.153.115:80
70.32.84.74:8080
5.12.233.12:80
186.177.174.163:80
12.163.208.58:80
192.232.229.53:4143
170.81.48.2:80
70.32.115.157:8080
199.203.62.165:80
190.251.216.100:80
185.94.252.27:443
110.39.160.38:443
45.184.103.73:80
185.183.16.47:80
51.15.7.145:80
50.28.51.143:8080
187.162.250.23:443
191.223.36.170:80
213.52.74.198:80
122.201.23.45:443
78.206.229.130:80
31.27.59.105:80
190.210.246.253:80
60.93.23.51:80
178.250.54.208:8080
85.214.26.7:8080
94.176.234.118:443
202.134.4.210:7080
190.114.254.163:8080
188.225.32.231:7080
155.186.9.160:80
104.131.41.185:8080
188.135.15.49:80
184.66.18.83:80
192.175.111.212:7080
187.162.248.237:80
212.71.237.140:8080
81.215.230.173:443
68.183.170.114:8080
81.17.93.134:80
51.255.165.160:8080
62.84.75.50:80
190.136.176.89:80
181.30.61.163:443
154.127.113.242:80
5.2.136.90:80
1.226.84.243:8080
83.144.109.70:80
172.245.248.239:8080
191.241.233.198:80
190.162.232.138:80
152.170.79.100:80
5.196.35.138:7080
46.43.2.95:8080
197.232.36.108:80
186.147.237.3:8080
74.58.215.226:80
82.208.146.142:7080
138.97.60.140:8080
186.146.13.184:443
172.104.169.32:8080
211.215.18.93:8080
83.169.21.32:7080
152.169.22.67:80
149.202.72.142:7080
209.236.123.42:8080
12.162.84.2:8080
35.143.99.174:80
178.211.45.66:8080
190.64.88.186:443
82.48.39.246:80
93.149.120.214:80
68.183.190.199:8080
201.143.224.27:80
105.209.235.113:8080
Signatures
-
Blocklisted process makes network request 6 IoCs
Processes:
rundll32.exeflow pid process 15 1964 rundll32.exe 36 1964 rundll32.exe 39 1964 rundll32.exe 43 1964 rundll32.exe 44 1964 rundll32.exe 46 1964 rundll32.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
rundll32.exepid process 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe 1964 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2976 wrote to memory of 1964 2976 rundll32.exe rundll32.exe PID 2976 wrote to memory of 1964 2976 rundll32.exe rundll32.exe PID 2976 wrote to memory of 1964 2976 rundll32.exe rundll32.exe
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7e514e8be48b0a1a597e7b2ca4e03d7e.dll,#11⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7e514e8be48b0a1a597e7b2ca4e03d7e.dll,#11⤵
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1964-1-0x0000000010000000-0x000000001004A000-memory.dmpFilesize
296KB
-
memory/1964-0-0x0000000000A80000-0x0000000000A81000-memory.dmpFilesize
4KB
-
memory/1964-2-0x0000000010000000-0x000000001004A000-memory.dmpFilesize
296KB
-
memory/1964-4-0x0000000010000000-0x000000001004A000-memory.dmpFilesize
296KB