Analysis
-
max time kernel
128s -
max time network
16s -
platform
windows7_x64 -
resource
win7 -
submitted
07-10-2020 21:16
Static task
static1
Behavioral task
behavioral1
Sample
wymuq1.cab.dll
Resource
win7
0 signatures
0 seconds
General
-
Target
wymuq1.cab.dll
-
Size
193KB
-
MD5
b1ae8b877682337eda1107fdda092a5f
-
SHA1
0acd9dfcc8d82e53e6c31ad7af2fe1eeb2ba7836
-
SHA256
3fd4fb0b21f1d754bd0a1457c76d194a5723e21900bfe6aef75c376079391e98
-
SHA512
a2ca64c153e81d1da51d45628ceeb94d8d96206757b51ef6afa5019622d5dac037d40fc98843b47127c275239fecd31416b66f7e9f883177b921a0a3aad4dbed
Malware Config
Signatures
-
Valak JavaScript Loader 1 IoCs
Processes:
resource yara_rule C:\Users\Public\IdfscyvPV.N_Dya valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\IdfscyvPV.N_Dya js -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 832 wrote to memory of 276 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 276 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 276 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 276 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 276 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 276 832 rundll32.exe rundll32.exe PID 832 wrote to memory of 276 832 rundll32.exe rundll32.exe PID 276 wrote to memory of 768 276 rundll32.exe wscript.exe PID 276 wrote to memory of 768 276 rundll32.exe wscript.exe PID 276 wrote to memory of 768 276 rundll32.exe wscript.exe PID 276 wrote to memory of 768 276 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\wymuq1.cab.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:832 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\wymuq1.cab.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:276 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\IdfscyvPV.N_Dya3⤵PID:768
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1940
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1708
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
fd0af86fd3e8a72fd440e93083aa089a
SHA10b3cd092f3e9f0aed4cbd43b9794d90507f1522f
SHA256af1077125ad15df0edbdb95f478547e37ba34854509f8f3ac9c7576ab4728884
SHA51245922109013ad3c9d962946608e442e2d33c60f9d2c2d047f5e2942fbac1f48946002ee659da1afffcee06650c7d09fe81dd632ae134d53c87da11f7119a7fd7