Analysis
-
max time kernel
142s -
max time network
145s -
platform
windows10_x64 -
resource
win10 -
submitted
26-06-2020 08:11
Static task
static1
Behavioral task
behavioral1
Sample
49988373.dat.dll
Resource
win7v200430
0 signatures
0 seconds
General
-
Target
49988373.dat.dll
-
Size
267KB
-
MD5
c13fa265ff56bed339c54e428f144f80
-
SHA1
6029e8cb1a5167d2e886e3aea2922d997e3cf11c
-
SHA256
659812b78542044d9ebb46743ecda037762a71a49f05322d5fa9bd8b3337d0d4
-
SHA512
51b7bfba56c625148e74477e9138534fc9bbdfb71ad2ac94416b79507a327dbe69532f2d5bedbd5dd19e608a16f2aa136b8b3198d8352c07f5083cb0f4e7fe1b
Malware Config
Signatures
-
Valak JavaScript Loader 2 IoCs
Processes:
resource yara_rule C:\Users\Public\mUDSqcHQn.pAnNR valak C:\Users\Public\mUDSqcHQn.pAnNR valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\mUDSqcHQn.pAnNR js -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 3104 wrote to memory of 3636 3104 rundll32.exe rundll32.exe PID 3104 wrote to memory of 3636 3104 rundll32.exe rundll32.exe PID 3104 wrote to memory of 3636 3104 rundll32.exe rundll32.exe PID 3636 wrote to memory of 3824 3636 rundll32.exe wscript.exe PID 3636 wrote to memory of 3824 3636 rundll32.exe wscript.exe PID 3636 wrote to memory of 3824 3636 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\49988373.dat.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\49988373.dat.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:3636 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\mUDSqcHQn.pAnNR3⤵PID:3824
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:3192
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
cbeff86974572b0a4e4f47a571b0298e
SHA1e16d9a2bb4040fcb815980f9b2cd36b65c9f346e
SHA25688f34842ffadf864ff44e4f3b28fc2a3e4614d0e2e4f836f140d12d3121568c2
SHA5121c5408467d437fb4e2040b4aa504d3d9fcc16bdafb020063b9004847ccb05cd122439d2974a0be0cd59fb3c458117c79ec69513d9b3a56803192671688501af0