Overview

overview

10

Static

static

3

eeb56d359c...c3.dll

windows7-x64

10

eeb56d359c...c3.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2024 04:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eeb56d359c6ae7c34d9b7cd0241155ddc84aaeecf7aeb338e6c1bfa5e47868c3.dll

  • Size

    648KB

  • MD5

    801b81e7e9f9518eefffd23394c76b6c

  • SHA1

    652a79ae8c1e34150cc80b2c7fbd8d31071fddf7

  • SHA256

    eeb56d359c6ae7c34d9b7cd0241155ddc84aaeecf7aeb338e6c1bfa5e47868c3

  • SHA512

    69e8a436ba6f56db8f9c1c29afa4d45bcb48ab93a04972620011802bd8c8420e47ff4d9fdef195b693a6dcb5cb8a0b2c7e27dc7e8c011a9ccaf4e860851d46c3

  • SSDEEP

    12288:knPmLtqW5lhR5p/gCshHmtERp9kWEPEyuzXNSErQUIKfzAh73:kP0E2hpgCshHmts9dNSILIKbAh73

Score
10/10
emotetepoch4bankertrojan

Malware Config

Extracted

Family

emotet

Botnet

Epoch4

C2

138.201.142.73:8080

138.197.147.101:443

134.195.212.50:7080

104.168.154.79:8080

149.56.131.28:8080

129.232.188.93:443

212.24.98.99:8080

119.193.124.41:7080

45.118.115.99:8080

188.44.20.25:443

103.132.242.26:8080

201.94.166.162:443

1.234.21.73:7080

206.189.28.199:8080

185.8.212.130:7080

82.165.152.127:8080

176.104.106.96:8080

173.212.193.249:8080

167.99.115.35:8080

209.126.98.206:8080
eck1.plain
ecs1.plain

Signatures

  • Emotet

    Emotet is a trojan that is primarily spread through spam emails.

    trojanbankeremotet
  • Emotet family
    emotet
  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\eeb56d359c6ae7c34d9b7cd0241155ddc84aaeecf7aeb338e6c1bfa5e47868c3.dll
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2368-0-0x0000000180000000-0x000000018002A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2368-5-0x0000000180000000-0x000000018002A000-memory.dmp

    Filesize

    168KB

    Download

  • memory/2368-4-0x00000000002C0000-0x00000000002C1000-memory.dmp

    Filesize

    4KB

    Download