Overview

overview

5

Static

static

3

emogod.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    2s
  • max time network
    45s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/06/2024, 09:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    emogod.exe

  • Size

    12.3MB

  • MD5

    83920bf1d630fb9075c1ba0357368296

  • SHA1

    38633f9249724bf1667a80c1c494e6e63a0b8930

  • SHA256

    344e31f422adef7c563215c0d2e92ddd53f859f9a9cb0244543f19013a72de67

  • SHA512

    426458008c9eb9072927408840c9c7d88fd436c94d5613a4980fd936610aeaff3b6049c83f722398a6fc12999d04ea3007cfd1094e9ee047484a7263975fda2e

  • SSDEEP

    196608:dRkufRNuDpmmjZ/9KmklLfDl7nCvBaR44PsnSmB01GryS6587Q3Ov3am:daSufdwFRQsRHfmxN65IQez

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\emogod.exe
    "C:\Users\Admin\AppData\Local\Temp\emogod.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c mode 60,20
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4128
      • C:\Windows\system32\mode.com
        mode 60,20
        3⤵
          PID:4300
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\emogod.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:3628
        • C:\Windows\system32\certutil.exe
          certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\emogod.exe" MD5
          3⤵
            PID:1648
          • C:\Windows\system32\find.exe
            find /i /v "md5"
            3⤵
              PID:1420
            • C:\Windows\system32\find.exe
              find /i /v "certutil"
              3⤵
                PID:3940

          Network

                MITRE ATT&CK Matrix

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • memory/1124-0-0x0000000140168000-0x0000000140866000-memory.dmp

                  Filesize

                  7.0MB

                  Download

                • memory/1124-1-0x00007FF8D01B0000-0x00007FF8D01B2000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/1124-2-0x00007FF8D01C0000-0x00007FF8D01C2000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/1124-7-0x0000000140000000-0x00000001414AE000-memory.dmp

                  Filesize

                  20.7MB

                  Download

                • memory/1124-8-0x0000000140168000-0x0000000140866000-memory.dmp

                  Filesize

                  7.0MB

                  Download

                • memory/1124-9-0x0000000140000000-0x00000001414AE000-memory.dmp

                  Filesize

                  20.7MB

                  Download