Analysis
-
max time kernel
123s -
max time network
119s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 20:42
Static task
static1
Behavioral task
behavioral1
Sample
0387ab464a28a94f88f1689a34c69924938b784c13af830b59af0efd6fbb2ea5.dll
Resource
win7v20201028
General
-
Target
0387ab464a28a94f88f1689a34c69924938b784c13af830b59af0efd6fbb2ea5.dll
-
Size
382KB
-
MD5
f8c131d55f8d6c2d1b9dba2b6d8def24
-
SHA1
435ec42fefc05eba0a8005256c815979877d430a
-
SHA256
0387ab464a28a94f88f1689a34c69924938b784c13af830b59af0efd6fbb2ea5
-
SHA512
b542436917b9c9409f1c0b6349bb744c40431ccb13e9295cc6aa9dcb6bc2867074f0de01b8f89b1d51d761a0dd869d171599d61ff8b4304bbe57fa2f46575dcd
Malware Config
Signatures
-
Valak JavaScript Loader 1 IoCs
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\s3ps.0 valak -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
regsvr32.exeregsvr32.exedescription pid process target process PID 4704 wrote to memory of 4816 4704 regsvr32.exe regsvr32.exe PID 4704 wrote to memory of 4816 4704 regsvr32.exe regsvr32.exe PID 4704 wrote to memory of 4816 4704 regsvr32.exe regsvr32.exe PID 4816 wrote to memory of 5060 4816 regsvr32.exe wscript.exe PID 4816 wrote to memory of 5060 4816 regsvr32.exe wscript.exe PID 4816 wrote to memory of 5060 4816 regsvr32.exe wscript.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\0387ab464a28a94f88f1689a34c69924938b784c13af830b59af0efd6fbb2ea5.dll1⤵
- Suspicious use of WriteProcessMemory
PID:4704 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\0387ab464a28a94f88f1689a34c69924938b784c13af830b59af0efd6fbb2ea5.dll2⤵
- Suspicious use of WriteProcessMemory
PID:4816 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Admin\AppData\Local\Temp\s3ps.0 "3⤵PID:5060
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:744
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1168
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1392
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
470d495e3be204a63d434cba9c2ad2d0
SHA193d22f0756e4dfb0c63973e78a20cef5c0144951
SHA256cf18ccb923e1963d6df938f7fdb9c70277d19a0069f83d1c17b66bac06d672a6
SHA51286983ccec99bb4cff1bbbb40b0bc74129b72d8e6a23e9e7e2cb5ae2b16d2743de62ac801616321791c3b7e444f17547d1a96f3bd17d91f50454ace8445fa3c74