Overview

overview

10

Static

static

3

9c6783250d...fb.dll

windows7-x64

10

9c6783250d...fb.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-11-2024 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c6783250d851df7d21e27e265d5c783936e0a44420e34b0bff8c05ff5c369fb.dll

  • Size

    728KB

  • MD5

    dd7f5c1dc87455467b4734d23818e05a

  • SHA1

    8102c1b8bc964fc12f7018e3cec6e4fac5e7ef1b

  • SHA256

    9c6783250d851df7d21e27e265d5c783936e0a44420e34b0bff8c05ff5c369fb

  • SHA512

    e46d01efc6ae1add187e1a4fcd33bf0100abc3dfcd0587315b9c0e856e487a9caf973b4f7db57e81c5a026c3ee7337de3df7892b0b2db493c6a0ab1c7551f5a2

  • SSDEEP

    12288:aIabL1+x29hs+bDBLKhKmCKzTrj6i0I8PxiGhWzx+o8/NQfN7IT5p:XabLXhs7AZKzvjnT0hWzP8/yfRIT3

Score
10/10
emotetepoch5bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch5

C2

68.183.91.111:8080

164.52.194.45:8080

202.29.239.162:443

54.38.143.246:7080

54.37.106.167:8080

185.148.168.220:8080

196.44.98.190:8080

175.126.176.79:8080

207.148.81.119:8080

37.59.209.141:8080

103.42.58.120:7080

54.37.228.122:443

68.183.93.250:443

66.42.57.149:443

45.71.195.104:8080

78.47.204.80:443

128.199.192.135:8080

195.154.146.35:443

118.98.72.86:443

116.124.128.206:8080
eck1.plain
ecs1.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9c6783250d851df7d21e27e265d5c783936e0a44420e34b0bff8c05ff5c369fb.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2416-0-0x00000000002D0000-0x00000000002D1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2416-1-0x0000000180000000-0x0000000180029000-memory.dmp

    Filesize

    164KB

    Download

  • memory/2416-5-0x0000000180000000-0x0000000180029000-memory.dmp

    Filesize

    164KB

    Download