Analysis
-
max time kernel
140s -
max time network
110s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 20:13
Static task
static1
Behavioral task
behavioral1
Sample
haao11.cab.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
haao11.cab.dll
-
Size
180KB
-
MD5
b69c4c8220ae9ee5b450cc766834d5d7
-
SHA1
be7197172cbb3640c12d4890333ebbab347e6c08
-
SHA256
3c7c8fbdd41335948ff0b7e67b905c242865a59c55a4809bf6a5fe4beeee83d9
-
SHA512
039ff9187d93ce66a7e155846016c2c0c3e630e796ee7ba72f76ba86735962f72144b0c50947886a8a58b67557f5496475ea4ba75cb073760b3b291849982788
Malware Config
Signatures
-
Valak JavaScript Loader 2 IoCs
Processes:
resource yara_rule C:\Users\Public\anFJjtYxH.eB_c_ valak C:\Users\Public\anFJjtYxH.eB_c_ valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\anFJjtYxH.eB_c_ js -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 3968 wrote to memory of 3948 3968 regsvr32.exe regsvr32.exe PID 3968 wrote to memory of 3948 3968 regsvr32.exe regsvr32.exe PID 3968 wrote to memory of 3948 3968 regsvr32.exe regsvr32.exe PID 3948 wrote to memory of 4052 3948 regsvr32.exe wscript.exe PID 3948 wrote to memory of 4052 3948 regsvr32.exe wscript.exe PID 3948 wrote to memory of 4052 3948 regsvr32.exe wscript.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\haao11.cab.dll1⤵
- Suspicious use of WriteProcessMemory
PID:3968 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\haao11.cab.dll2⤵
- Suspicious use of WriteProcessMemory
PID:3948 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\anFJjtYxH.eB_c_3⤵PID:4052
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:3996
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2708
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1804
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
bf9cfe46e69997b0d8ac4ffb528ab0df
SHA1399337ad73221675067a85f3251e31042886d536
SHA256395df3a563bc865221738b938998e6a45094f5c396302e4f151631e78aeb9d2d
SHA512f432a42d355d5ac058dd68660b9d0a7bd901eaf3b55fd184b3fb2c7b075523eca7e1262bc757fc2600934112fde781823d721a32754f87f6501f487b36b10fa9