Analysis
-
max time kernel
107s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 20:44
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Agent.ESBE.31939.4765.dll
Resource
win7v20201028
General
-
Target
SecuriteInfo.com.Trojan.Agent.ESBE.31939.4765.dll
-
Size
289KB
-
MD5
e37cc6d0bde308f9246482c7abec85e1
-
SHA1
dbbc94c546b3d341568ac7ab846e98983735de6d
-
SHA256
e12b6f01fcb11b26875c325bc928a86f89c0f184d19917a3a4fc65fa6ec4a588
-
SHA512
0acd6eee87343b59459e80f4a6e749c668616acb5657fca17f84296e17116b9d75e6ab2ffcbb70b154c2c4ca41ad5c392ec7f7c9b2d1e4888be3c8f63e7294ec
Malware Config
Signatures
-
Valak JavaScript Loader 2 IoCs
Processes:
resource yara_rule C:\Users\Public\CCGYPWTwr.iySAE valak C:\Users\Public\CCGYPWTwr.iySAE valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\CCGYPWTwr.iySAE js -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 412 wrote to memory of 1316 412 rundll32.exe rundll32.exe PID 412 wrote to memory of 1316 412 rundll32.exe rundll32.exe PID 412 wrote to memory of 1316 412 rundll32.exe rundll32.exe PID 1316 wrote to memory of 3792 1316 rundll32.exe wscript.exe PID 1316 wrote to memory of 3792 1316 rundll32.exe wscript.exe PID 1316 wrote to memory of 3792 1316 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.ESBE.31939.4765.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:412 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.ESBE.31939.4765.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1316 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\CCGYPWTwr.iySAE3⤵PID:3792
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:2620
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
6df4cb0a89bdabcf858e7e407e3975f5
SHA1f41a9efe9f3cdce394893d90f564bb26e3cdd494
SHA256c65b67bfe6a5acf6ebfb7f327a6ce8f93bfe5ec579fe783f611a73ce031f7232
SHA512a49817c5b27a75263a57398a17f838e935660d554e6b36d8e11ec20817fd08b532851b527c7255d50556d85e1fa985ed0d766d7103f6178ab8ef8bab561b1a41