Analysis
-
max time kernel
143s -
max time network
111s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 20:13
Static task
static1
Behavioral task
behavioral1
Sample
cennc189.exe_.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
cennc189.exe_.dll
-
Size
185KB
-
MD5
34321eeeb4e0d2f380647220a60dee89
-
SHA1
3401265237544acb0351acde657523601cbc0f39
-
SHA256
a362a9d9b6ca4c8d3c0056bd5c7aebb1d3d43ce4dbf9bb6a757949188d16ea5d
-
SHA512
adb7fdc3c957aa3c1a2ed9b611ef7c44dba81a03d8ffa3f81dae2dcd17b091a7ba1462a22e727522ef33d4e2ba5d2e08b6608c952de195b512d43f8ba9493e86
Malware Config
Signatures
-
Valak JavaScript Loader 2 IoCs
Processes:
resource yara_rule C:\Users\Public\anFJjtYxH.eB_c_ valak C:\Users\Public\anFJjtYxH.eB_c_ valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\anFJjtYxH.eB_c_ js -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 4020 wrote to memory of 3264 4020 regsvr32.exe regsvr32.exe PID 4020 wrote to memory of 3264 4020 regsvr32.exe regsvr32.exe PID 4020 wrote to memory of 3264 4020 regsvr32.exe regsvr32.exe PID 3264 wrote to memory of 3248 3264 regsvr32.exe wscript.exe PID 3264 wrote to memory of 3248 3264 regsvr32.exe wscript.exe PID 3264 wrote to memory of 3248 3264 regsvr32.exe wscript.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\cennc189.exe_.dll1⤵
- Suspicious use of WriteProcessMemory
PID:4020 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\cennc189.exe_.dll2⤵
- Suspicious use of WriteProcessMemory
PID:3264 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\anFJjtYxH.eB_c_3⤵PID:3248
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1476
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:744
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2356
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
bf9cfe46e69997b0d8ac4ffb528ab0df
SHA1399337ad73221675067a85f3251e31042886d536
SHA256395df3a563bc865221738b938998e6a45094f5c396302e4f151631e78aeb9d2d
SHA512f432a42d355d5ac058dd68660b9d0a7bd901eaf3b55fd184b3fb2c7b075523eca7e1262bc757fc2600934112fde781823d721a32754f87f6501f487b36b10fa9