Analysis
-
max time kernel
131s -
max time network
43s -
platform
windows10_x64 -
resource
win10v200430 -
submitted
04-07-2020 08:42
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Johnnie.260029.31647.5696.dll
Resource
win7
General
-
Target
SecuriteInfo.com.Variant.Johnnie.260029.31647.5696.dll
-
Size
317KB
-
MD5
938b8214395f3dde41c1646af5558dcf
-
SHA1
05fa40fd0f443d5f591cdc024a344f0eb10c5d46
-
SHA256
fd44086fe5fd433c14f4fc1e03f318353add50ac77dee6da3f64c4d2c5414c1c
-
SHA512
5d3c5e5107f96edbb7806d276594fe3619a13f4f6b0e8d03978ee63a436c709a0ea944abbb39f7f6b915fab11ed9437bb835278431acf68050ecc5fc6206c084
Malware Config
Signatures
-
Valak JavaScript Loader 2 IoCs
Processes:
resource yara_rule C:\Users\Public\zNrFlsljF.h_uKX valak C:\Users\Public\zNrFlsljF.h_uKX valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\zNrFlsljF.h_uKX js -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 3176 wrote to memory of 1132 3176 rundll32.exe rundll32.exe PID 3176 wrote to memory of 1132 3176 rundll32.exe rundll32.exe PID 3176 wrote to memory of 1132 3176 rundll32.exe rundll32.exe PID 1132 wrote to memory of 2124 1132 rundll32.exe wscript.exe PID 1132 wrote to memory of 2124 1132 rundll32.exe wscript.exe PID 1132 wrote to memory of 2124 1132 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.260029.31647.5696.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3176 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Johnnie.260029.31647.5696.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1132 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\zNrFlsljF.h_uKX3⤵PID:2124
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:3744
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
165f495f44662a65cb38e9e8edf2586c
SHA16fcced879570b3ea31f57298a6fc149c3080c9d7
SHA256ea159717f2033df8a9a16db45bad250346296ed188ffc735abd3ff463b710589
SHA512039dc55aab10a883d22c5363b85ef76f4b657a6bad10ee28484644a619e31a5bc01e91e29362ebba1b121e0aba3d3a953897b7caa72b1539eacd217de8d629ae