Analysis
-
max time kernel
150s -
max time network
30s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
09-11-2020 20:13
Static task
static1
Behavioral task
behavioral1
Sample
cennc284.exe_.dll
Resource
win7v20201028
0 signatures
0 seconds
General
-
Target
cennc284.exe_.dll
-
Size
242KB
-
MD5
1464222bfbb222169def2e7a165e48d4
-
SHA1
5731405d109454c1d055a183f4d2f37f6808efc5
-
SHA256
4bbf19f2ad9ac3f5a816b918e5a2523f40f182b4847ef5ac6daca66094eb36e5
-
SHA512
18e84cfda3e75f0093cae2d44da8325dc3872602d91caaf17742c24ac5574a78ddb2df6d405bc3d9ef5125415014a3595427943d5537f91c14339a5de881d617
Malware Config
Signatures
-
Valak JavaScript Loader 2 IoCs
Processes:
resource yara_rule C:\Users\Public\anFJjtYxH.eB_c_ valak C:\Users\Public\anFJjtYxH.eB_c_ valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\anFJjtYxH.eB_c_ js -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1056 wrote to memory of 1964 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1964 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1964 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1964 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1964 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1964 1056 rundll32.exe rundll32.exe PID 1056 wrote to memory of 1964 1056 rundll32.exe rundll32.exe PID 1964 wrote to memory of 1152 1964 rundll32.exe wscript.exe PID 1964 wrote to memory of 1152 1964 rundll32.exe wscript.exe PID 1964 wrote to memory of 1152 1964 rundll32.exe wscript.exe PID 1964 wrote to memory of 1152 1964 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cennc284.exe_.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\cennc284.exe_.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\anFJjtYxH.eB_c_3⤵PID:1152
-
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:636
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:1524
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
bf9cfe46e69997b0d8ac4ffb528ab0df
SHA1399337ad73221675067a85f3251e31042886d536
SHA256395df3a563bc865221738b938998e6a45094f5c396302e4f151631e78aeb9d2d
SHA512f432a42d355d5ac058dd68660b9d0a7bd901eaf3b55fd184b3fb2c7b075523eca7e1262bc757fc2600934112fde781823d721a32754f87f6501f487b36b10fa9