Analysis
-
max time kernel
150s -
max time network
11s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 20:34
Static task
static1
Behavioral task
behavioral1
Sample
haao15.cab.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
haao15.cab.dll
-
Size
242KB
-
MD5
7e040ce0f485ca329566e5b91b4644d2
-
SHA1
1e9c18f525811890a4c1547e6a66d96becea3820
-
SHA256
73926cf57488263db6454fecf95436c25aa581ad1c353c135dc3d8e258be2f8d
-
SHA512
29c28c898c81a1d5ee6c9149fee9c9efc45e7418b0c49aea391ce5991b15ffd488a4fd1110bee9a1cb304a43ccdb1fb7daa86cfa2648d15b4ff7ad93845812fb
Malware Config
Signatures
-
Valak JavaScript Loader 2 IoCs
Processes:
resource yara_rule C:\Users\Public\anFJjtYxH.eB_c_ valak C:\Users\Public\anFJjtYxH.eB_c_ valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\anFJjtYxH.eB_c_ js -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1032 wrote to memory of 1144 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 1144 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 1144 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 1144 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 1144 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 1144 1032 rundll32.exe rundll32.exe PID 1032 wrote to memory of 1144 1032 rundll32.exe rundll32.exe PID 1144 wrote to memory of 1668 1144 rundll32.exe wscript.exe PID 1144 wrote to memory of 1668 1144 rundll32.exe wscript.exe PID 1144 wrote to memory of 1668 1144 rundll32.exe wscript.exe PID 1144 wrote to memory of 1668 1144 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\haao15.cab.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1032 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\haao15.cab.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1144 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\anFJjtYxH.eB_c_3⤵PID:1668
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:620
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
bf9cfe46e69997b0d8ac4ffb528ab0df
SHA1399337ad73221675067a85f3251e31042886d536
SHA256395df3a563bc865221738b938998e6a45094f5c396302e4f151631e78aeb9d2d
SHA512f432a42d355d5ac058dd68660b9d0a7bd901eaf3b55fd184b3fb2c7b075523eca7e1262bc757fc2600934112fde781823d721a32754f87f6501f487b36b10fa9