Analysis
-
max time kernel
141s -
max time network
142s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
09-11-2020 20:44
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.Agent.ESBE.23449.18415.dll
Resource
win7v20201028
General
-
Target
SecuriteInfo.com.Trojan.Agent.ESBE.23449.18415.dll
-
Size
289KB
-
MD5
4af3f6f0303d959d2c07f4587f2eceb4
-
SHA1
5a5bc947a8828f2b2bf201c2368804435c531f3a
-
SHA256
215ec7342accb0d3a77762e6911fdeb44cc919190cbc508432eef467f5b93986
-
SHA512
1f765103cb77d4c17f7cc33a2c991b27bbc087c0d3ca9a90b237d5c18d9bec1eebb6fc7596d1ac4e286d502e4d1e0defcd0347f77ba9b851a5f00dd3f5df4f32
Malware Config
Signatures
-
Valak JavaScript Loader 2 IoCs
Processes:
resource yara_rule C:\Users\Public\CCGYPWTwr.iySAE valak C:\Users\Public\CCGYPWTwr.iySAE valak_js -
JavaScript code in executable 1 IoCs
Processes:
resource yara_rule C:\Users\Public\CCGYPWTwr.iySAE js -
Suspicious use of WriteProcessMemory 6 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 3304 wrote to memory of 620 3304 rundll32.exe rundll32.exe PID 3304 wrote to memory of 620 3304 rundll32.exe rundll32.exe PID 3304 wrote to memory of 620 3304 rundll32.exe rundll32.exe PID 620 wrote to memory of 3256 620 rundll32.exe wscript.exe PID 620 wrote to memory of 3256 620 rundll32.exe wscript.exe PID 620 wrote to memory of 3256 620 rundll32.exe wscript.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.ESBE.23449.18415.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3304 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Agent.ESBE.23449.18415.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:620 -
C:\Windows\SysWOW64\wscript.exewscript.exe //E:jscript "C:\Users\Public\CCGYPWTwr.iySAE3⤵PID:3256
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵PID:344
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
6df4cb0a89bdabcf858e7e407e3975f5
SHA1f41a9efe9f3cdce394893d90f564bb26e3cdd494
SHA256c65b67bfe6a5acf6ebfb7f327a6ce8f93bfe5ec579fe783f611a73ce031f7232
SHA512a49817c5b27a75263a57398a17f838e935660d554e6b36d8e11ec20817fd08b532851b527c7255d50556d85e1fa985ed0d766d7103f6178ab8ef8bab561b1a41