Overview

overview

10

Static

static

3

E1-2020082...16.exe

windows7-x64

10

E1-2020082...16.exe

windows10-2004-x64

10

E1-2020082...15.exe

windows7-x64

10

E1-2020082...15.exe

windows10-2004-x64

10

E1-2020082...10.exe

windows7-x64

10

E1-2020082...10.exe

windows10-2004-x64

10

E1-2020082...27.exe

windows7-x64

10

E1-2020082...27.exe

windows10-2004-x64

10

E1-2020082...48.exe

windows7-x64

10

E1-2020082...48.exe

windows10-2004-x64

10

E1-2020082...10.exe

windows7-x64

10

E1-2020082...10.exe

windows10-2004-x64

10

E1-2020082...48.exe

windows7-x64

10

E1-2020082...48.exe

windows10-2004-x64

10

E2-2020082...28.exe

windows7-x64

10

E2-2020082...28.exe

windows10-2004-x64

10

E2-2020082...15.exe

windows7-x64

10

E2-2020082...15.exe

windows10-2004-x64

10

E2-2020082...02.exe

windows7-x64

10

E2-2020082...02.exe

windows10-2004-x64

10

E2-2020082...54.exe

windows7-x64

10

E2-2020082...54.exe

windows10-2004-x64

10

E2-2020082...48.exe

windows7-x64

10

E2-2020082...48.exe

windows10-2004-x64

10

E2-2020082...21.exe

windows7-x64

10

E2-2020082...21.exe

windows10-2004-x64

10

E3-2020082...31.exe

windows7-x64

10

E3-2020082...31.exe

windows10-2004-x64

10

E3-2020082...28.exe

windows7-x64

10

E3-2020082...28.exe

windows10-2004-x64

10

E3-2020082...56.exe

windows7-x64

10

E3-2020082...56.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    E1-20200827_162348.exe

  • Size

    536KB

  • MD5

    f18886e16f28aea70822fa78b37052e1

  • SHA1

    2e8743a09d5e3ec458e82cc3e7d351507c1337cb

  • SHA256

    cb783af6a11e0b00963375cdc2077ca48a7e6a5931643598c5490c8fc0432422

  • SHA512

    c7cfe49fc13faca66499475982b99e8fa014ca0db583e8106827998d7aa417b2bbb3eb8c8c0977c21541123dfac4b2777b062642323dd750b01c1cb62f7080d6

  • SSDEEP

    6144:L+a3QXAVvjF+MHy0wyqjOQOjuoP67GEGsGV:FgXAVhQ4qSPP6adVV

Score
10/10
emotetepoch1bankerdiscoverytrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch1

C2

98.13.75.196:80

91.121.54.71:8080

209.236.123.42:8080

89.32.150.160:8080

212.71.237.140:8080

51.255.165.160:8080

188.135.15.49:80

189.2.177.210:443

45.161.242.102:80

72.167.223.217:8080

77.238.212.227:80

186.70.127.199:8090

45.33.77.42:8080

87.106.46.107:8080

172.104.169.32:8080

187.162.248.237:80

190.163.31.26:80

95.9.180.128:80

71.197.211.156:80

91.219.169.180:80
rsa_pubkey.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\E1-20200827_162348.exe
    "C:\Users\Admin\AppData\Local\Temp\E1-20200827_162348.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Windows\SysWOW64\KBDNE\mfc120jpn.exe
      "C:\Windows\SysWOW64\KBDNE\mfc120jpn.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:2332

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\KBDNE\mfc120jpn.exe
    Filesize

    536KB

    MD5

    f18886e16f28aea70822fa78b37052e1

    SHA1

    2e8743a09d5e3ec458e82cc3e7d351507c1337cb

    SHA256

    cb783af6a11e0b00963375cdc2077ca48a7e6a5931643598c5490c8fc0432422

    SHA512

    c7cfe49fc13faca66499475982b99e8fa014ca0db583e8106827998d7aa417b2bbb3eb8c8c0977c21541123dfac4b2777b062642323dd750b01c1cb62f7080d6

    Download Submit

  • memory/1860-4-0x00000000003B0000-0x00000000003B9000-memory.dmp

    Filesize

    36KB

    Download

  • memory/1860-0-0x00000000003C0000-0x00000000003CC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1860-6-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2332-7-0x0000000000340000-0x000000000034C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2332-11-0x0000000000340000-0x000000000034C000-memory.dmp

    Filesize

    48KB

    Download