Analysis Date2018-05-19 18:21:44
MD5faecdc946ded50490714dfea33edc7cf
SHA152858d41c12ac0df933d7ea0e5bcb9c5f5fa7174

Static Details:

AVArcabit (arcavir)Gen:Variant.Jaik.24643
AVAuthentiumNo Virus
AVGrisoft (avg)Error Scanning File
AVAvira (antivir)TR/Crypt.Xpack.cxkzu
AVAlwil (avast)Evo-gen [Susp]
AVAd-AwareGen:Variant.Jaik.24643
AVBitDefenderGen:Variant.Jaik.24643
AVBullGuardGen:Variant.Jaik.24643
AVClamAVNo Virus
AVDr. WebTrojan.KillProc.54838
AVEmsisoftGen:Variant.Jaik.24643
AVMicroWorld (escan)Gen:Variant.Jaik.24643
AVCA (E-Trust Ino)Gen:Heur.Conjar.9
AVFortinetW32/GenKryptik.BUUI!tr
AVFrisk (f-prot)No Virus
AVF-SecureGen:Variant.Jaik.24643
AVIkarusNo Virus
AVK7Error Scanning File
AVKasperskyTrojan.Win32.Generic
AVMalwareBytesTrojan.MalPack.DTA.Generic
AVMcafeePacked-FBV.b!FAECDC946DED
AVMicrosoft Security EssentialsNo Virus
AVNANOTrojan.Win32.Emotet.ezfmvo
AVEset (nod32)Win32/Tofsee.BJ
AVPadvishNo Virus
AVCAT (quickheal)No Virus
AVRisingNo Virus
AV360 SafeNo Virus
AVSUPERAntiSpywareNo Virus
AVSymantecPacked.Generic.493
AVTrend MicroMal_Tofsee
AVTwisterNo Virus
AVVirusBlokAda (vba32)TrojanBanker.Emotet
AVWindows DefenderNo Virus
AVZillya!Trojan.Emotet.Win32.1700

Runtime Details:

Screenshot

Process
↳ C:\Windows\System32\lsass.exe

Process
↳ C:\Users\Phil\AppData\Local\Temp\52858d41c12ac0df933d7ea0e5bcb9c5f5fa7174.exe

Creates File\\?\pipe\sfeeimjj
Creates FileC:\Users\Phil\AppData\Local\Temp\52858d41c12ac0df933d7ea0e5bcb9c5f5fa7174.exe
Creates FileC:\Users\Phil\AppData\Local\Temp\rmmtpbrj.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\cmd.exe

Process
↳ C:\Windows\SysWOW64\sc.exe

Creates FileC:\Windows\SysWOW64\en-US\sc.exe.mui

Process
↳ C:\Windows\SysWOW64\sc.exe

Creates FileC:\Windows\SysWOW64\en-US\sc.exe.mui

Process
↳ C:\Windows\SysWOW64\sc.exe

Creates FileC:\Windows\SysWOW64\en-US\sc.exe.mui

Process
↳ C:\Windows\SysWOW64\netsh.exe

Creates Mutex
Creates Mutex
Creates MutexGlobal\3a886eb8-fe40-4d0a-b78b-9e0bcb683fb7
Creates File\Device\Http\Communication

Network Details:


Raw Pcap

Strings