Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-11-2024 17:29

General

  • Target

    e87eaa3cb9e0f242af506759b633b672925bb8b63f61e87946cd5fa41d9cfdbc.dll

  • Size

    626KB

  • MD5

    82d44147556cbe4eb1ac8da1f6c65c6d

  • SHA1

    a196a616a48e03777d2d03585f6d53ad894aeccc

  • SHA256

    e87eaa3cb9e0f242af506759b633b672925bb8b63f61e87946cd5fa41d9cfdbc

  • SHA512

    1df4fbaffe1cad24f1852cbc0d748ee43305f13aa6640b905fc2aa38278acaa65fd887998ab49346415b5950735bf0c90cef5b9367f152fd2af0fb2e20f2d6f8

  • SSDEEP

    12288:C1FIcocJwMTHzXO7N2eBHiyzskF1CubVnmn:tco9MTHzXO7NL/115mn

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

138.201.142.73:8080

138.197.147.101:443

134.195.212.50:7080

104.168.154.79:8080

149.56.131.28:8080

129.232.188.93:443

212.24.98.99:8080

119.193.124.41:7080

45.118.115.99:8080

188.44.20.25:443

103.132.242.26:8080

201.94.166.162:443

1.234.21.73:7080

206.189.28.199:8080

185.8.212.130:7080

82.165.152.127:8080

176.104.106.96:8080

173.212.193.249:8080

167.99.115.35:8080

209.126.98.206:8080

eck1.plain
ecs1.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

  • Emotet family
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e87eaa3cb9e0f242af506759b633b672925bb8b63f61e87946cd5fa41d9cfdbc.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3880-0-0x0000000000840000-0x0000000000841000-memory.dmp

    Filesize

    4KB

  • memory/3880-1-0x0000000180000000-0x000000018002A000-memory.dmp

    Filesize

    168KB

  • memory/3880-5-0x0000000180000000-0x000000018002A000-memory.dmp

    Filesize

    168KB