Analysis

  • max time kernel
    144s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    09-11-2020 20:04

General

  • Target

    frraw7.dll

  • Size

    874KB

  • MD5

    35d1ffad54d3d7129938762b47509b23

  • SHA1

    18e9626cce1bd753de6d3136b9c300aec9ebb210

  • SHA256

    58feb0e5a795cf5f8ab9f7478b4f26ce936be728e4fa89fa3408f05049d90f2a

  • SHA512

    9ae4dc177120dd3efa08f12b94cf1349b55caa705ee4bfb8e3600ecd05dbf2e07b658abd7d36cdd076fe2068c5f9df1715a3cc4c960a9e93456b3a9fb1aa441e

Score
10/10

Malware Config

Signatures

  • Valak

    Valak is a JavaScript loader, a link in a chain of distribution of other malware families.

  • Valak JavaScript Loader 2 IoCs
  • JavaScript code in executable 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\frraw7.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\frraw7.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1136
      • C:\Windows\SysWOW64\wscript.exe
        wscript.exe //E:jscript "C:\Users\Public\JjeEWeKob.Ut_Aw
        3⤵
          PID:624
    • C:\Windows\system32\wbem\WmiApSrv.exe
      C:\Windows\system32\wbem\WmiApSrv.exe
      1⤵
        PID:472
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:1912

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Public\JjeEWeKob.Ut_Aw

          MD5

          ba0750efd6315a327e9a5ef8d7cab931

          SHA1

          4f25989d89fc7bf80f6188c3d87dd7ff37783832

          SHA256

          af627a0c52df523397dac39897b03a413bad485cb9e7ed4ad94f4d75a3b018a7

          SHA512

          cf44e1a2a8a5e914745d3b08d4a4820bbce12e2ad19775d67cd86271a768c04f5e8dfee5a674c4eaf3ae35c6c2ea95d04af2b27723c2e115bdf320e50acfd94e

        • memory/624-1-0x0000000000000000-mapping.dmp

        • memory/624-3-0x00000000025A0000-0x00000000025A4000-memory.dmp

          Filesize

          16KB

        • memory/1136-0-0x0000000000000000-mapping.dmp