Analysis
-
max time kernel
132s -
max time network
110s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
07-10-2020 21:14
Static task
static1
Behavioral task
behavioral1
Sample
iccPw.pdf.dll
Resource
win7
0 signatures
0 seconds
General
-
Target
iccPw.pdf.dll
-
Size
193KB
-
MD5
494773f2ed6b12038e1d68bc90be1b3a
-
SHA1
4772197811e66633980c0493d04486fadbefc492
-
SHA256
107be51f21173306fa99e6468bdf5b0d49b58036296c5091e7f3b8a1b5250132
-
SHA512
6f6046fd062c1ce7878af469f1f1c979ee997b6eb2b18ac4e3b542b077ba43712a79f91b6e9d64a30d9a01b5ba587376104fb2910f0d9e8a32ced4db3cfe27da
Malware Config
Signatures
-
Valak JavaScript Loader 1 IoCs
Processes:
resource yara_rule C:\Users\Public\IdfscyvPV.N_Dya valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\IdfscyvPV.N_Dya js -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 3992 wrote to memory of 420 3992 rundll32.exe rundll32.exe PID 3992 wrote to memory of 420 3992 rundll32.exe rundll32.exe PID 3992 wrote to memory of 420 3992 rundll32.exe rundll32.exe PID 420 wrote to memory of 2544 420 rundll32.exe wscript.exe PID 420 wrote to memory of 2544 420 rundll32.exe wscript.exe PID 420 wrote to memory of 2544 420 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\iccPw.pdf.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3992 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\iccPw.pdf.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:420 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\IdfscyvPV.N_Dya3⤵PID:2544
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:3908
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:3848
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2620
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
fd0af86fd3e8a72fd440e93083aa089a
SHA10b3cd092f3e9f0aed4cbd43b9794d90507f1522f
SHA256af1077125ad15df0edbdb95f478547e37ba34854509f8f3ac9c7576ab4728884
SHA51245922109013ad3c9d962946608e442e2d33c60f9d2c2d047f5e2942fbac1f48946002ee659da1afffcee06650c7d09fe81dd632ae134d53c87da11f7119a7fd7