Analysis

  • max time kernel
    66s
  • max time network
    68s
  • platform
    windows10_x64
  • resource
    win10v200430
  • submitted
    09-06-2020 22:53

General

  • Target

    file.exe.dll

  • Size

    289KB

  • MD5

    cb82bf060afe5a4e862cbe246e69ab7d

  • SHA1

    68c4bd00bacebbf08e3d5e7af2e7f4e4379366de

  • SHA256

    b9bea7b9328edd5b391c66e634ab42bb5d9a05c76d76fbebac8e81f36c3b333b

  • SHA512

    a9a8c9bc08a10533ffee3e6ff39c750d2222dc4ca3b619c2c96bf24ef6b218a1918e3166847d8f53132f26fb2ad5f061549fff99c08c01b823c6625e200fd66c

Score
10/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 6 IoCs
  • Valak JavaScript Loader 1 IoCs
  • Valak

    Valak is a JavaScript loader, a link in a chain of distribution of other malware families.

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3692
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\file.exe.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3128
      • C:\Windows\SysWOW64\wscript.exe
        wscript.exe //E:jscript "C:\Users\Public\CCGYPWTwr.iySAE
        3⤵
          PID:2388
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:4092

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads