Analysis
-
max time kernel
49s -
max time network
20s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
26-06-2020 08:11
Static task
static1
Behavioral task
behavioral1
Sample
49988373.dat.dll
Resource
win7v200430
0 signatures
0 seconds
General
-
Target
49988373.dat.dll
-
Size
267KB
-
MD5
c13fa265ff56bed339c54e428f144f80
-
SHA1
6029e8cb1a5167d2e886e3aea2922d997e3cf11c
-
SHA256
659812b78542044d9ebb46743ecda037762a71a49f05322d5fa9bd8b3337d0d4
-
SHA512
51b7bfba56c625148e74477e9138534fc9bbdfb71ad2ac94416b79507a327dbe69532f2d5bedbd5dd19e608a16f2aa136b8b3198d8352c07f5083cb0f4e7fe1b
Malware Config
Signatures
-
Valak JavaScript Loader 2 IoCs
Processes:
resource yara_rule C:\Users\Public\mUDSqcHQn.pAnNR valak C:\Users\Public\mUDSqcHQn.pAnNR valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\mUDSqcHQn.pAnNR js -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1440 wrote to memory of 1500 1440 rundll32.exe rundll32.exe PID 1440 wrote to memory of 1500 1440 rundll32.exe rundll32.exe PID 1440 wrote to memory of 1500 1440 rundll32.exe rundll32.exe PID 1440 wrote to memory of 1500 1440 rundll32.exe rundll32.exe PID 1440 wrote to memory of 1500 1440 rundll32.exe rundll32.exe PID 1440 wrote to memory of 1500 1440 rundll32.exe rundll32.exe PID 1440 wrote to memory of 1500 1440 rundll32.exe rundll32.exe PID 1500 wrote to memory of 1764 1500 rundll32.exe wscript.exe PID 1500 wrote to memory of 1764 1500 rundll32.exe wscript.exe PID 1500 wrote to memory of 1764 1500 rundll32.exe wscript.exe PID 1500 wrote to memory of 1764 1500 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\49988373.dat.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1440 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\49988373.dat.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1500 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\mUDSqcHQn.pAnNR3⤵PID:1764
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1856
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
cbeff86974572b0a4e4f47a571b0298e
SHA1e16d9a2bb4040fcb815980f9b2cd36b65c9f346e
SHA25688f34842ffadf864ff44e4f3b28fc2a3e4614d0e2e4f836f140d12d3121568c2
SHA5121c5408467d437fb4e2040b4aa504d3d9fcc16bdafb020063b9004847ccb05cd122439d2974a0be0cd59fb3c458117c79ec69513d9b3a56803192671688501af0