Analysis Overview
SHA256
06c6442d5bb110140ac1cdbcf1be52388441b9a0750d59b743acc6b52d19582b
Threat Level: Known bad
The file InputInjectionBroker.exe was found to be: Known bad.
Malicious Activity Summary
Emotet
Emotet payload
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-03-06 09:24
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-06 09:24
Reported
2024-03-06 09:27
Platform
win10-20240221-en
Max time kernel
140s
Max time network
154s
Command Line
Signatures
Emotet
Emotet payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InputInjectionBroker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InputInjectionBroker.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\InputInjectionBroker.exe
"C:\Users\Admin\AppData\Local\Temp\InputInjectionBroker.exe"
Network
| Country | Destination | Domain | Proto |
| US | 74.219.172.26:80 | tcp | |
| US | 134.209.36.254:8080 | tcp | |
| US | 104.156.59.7:8080 | 104.156.59.7 | tcp |
| US | 8.8.8.8:53 | 7.59.156.104.in-addr.arpa | udp |
| NZ | 120.138.30.150:8080 | tcp | |
| BG | 194.187.133.160:443 | tcp | |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 104.236.246.93:8080 | tcp | |
| US | 74.208.45.104:8080 | tcp | |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| TR | 78.187.156.31:80 | tcp |
Files
memory/3796-1-0x0000000000560000-0x000000000056F000-memory.dmp
memory/3796-0-0x0000000002200000-0x0000000002212000-memory.dmp
memory/3796-5-0x0000000002230000-0x0000000002240000-memory.dmp