9d521333a79d744ede01a133eded8bf562e739bc93af8695acf2342d96f80d99

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-02-2024 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.1699.dll
Size

18.8MB
MD5

74b1ec2e0d8ab31256096c674a26b5f1
SHA1

847b63e433e23e51e0fdfd12f5ad00cd0c41609c
SHA256

9d521333a79d744ede01a133eded8bf562e739bc93af8695acf2342d96f80d99
SHA512

129f7eed579bdc959cf43016d98d8de11b0c97aad2f657e84e8b441ff816cf0b57eadf7872f85435130aa98f7016ff4f41374f3e8653deea945b9bf69ab77c4d
SSDEEP

393216:P1qGMMtyaJYWrILsMA8xdp+1hmQ8OHwtBbEE9jb4Y:P1nttH38LsMA8xd1Dl4Y

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\LOG\rundll32.exe.DEBUG.log	rundll32.exe
File created	C:\Windows\SysWOW64\LOG\rundll32.exe.DEBUG.log	rundll32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2564	2324	WerFault.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2324	rundll32.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2324	2912	rundll32.exe	28
PID 2912 wrote to memory of 2324	2912	rundll32.exe	28
PID 2912 wrote to memory of 2324	2912	rundll32.exe	28
PID 2912 wrote to memory of 2324	2912	rundll32.exe	28
PID 2912 wrote to memory of 2324	2912	rundll32.exe	28
PID 2912 wrote to memory of 2324	2912	rundll32.exe	28
PID 2912 wrote to memory of 2324	2912	rundll32.exe	28
PID 2324 wrote to memory of 2564	2324	rundll32.exe	29
PID 2324 wrote to memory of 2564	2324	rundll32.exe	29
PID 2324 wrote to memory of 2564	2324	rundll32.exe	29
PID 2324 wrote to memory of 2564	2324	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.1699.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.TR.ATRAPS.Gen.1699.dll,#1
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 300
    3⤵
    - Program crash
    PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\LOG\rundll32.exe.DEBUG.log

Filesize
245B

MD5
97ebf3a3447cae35381bc9cbb1501c0d

SHA1
da38ef7848368cce0c8af6adbba39e822ab6366b

SHA256
37c356e832ca4e9b226d7f76942bcc4e7cabfc47854c7896c2b860452bc16f43

SHA512
cef3f1cb06997bbd248fc237747283cc7277de23efe70b69cd0e9975e0b1763eca48ca86e36c66835234f2ea2f354ba700400cc06fc940b02af56385b49f813c

Download Submit
memory/2324-11-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2324-5-0x0000000002290000-0x0000000003412000-memory.dmp

Filesize
17.5MB

Download
memory/2324-19-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2324-16-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2324-8-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2324-10-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2324-9-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/2324-0-0x0000000002290000-0x0000000003412000-memory.dmp

Filesize
17.5MB

Download
memory/2324-39-0x0000000002290000-0x0000000003412000-memory.dmp

Filesize
17.5MB

Download
memory/2324-3-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2324-6-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2324-14-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2324-31-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2324-29-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2324-26-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2324-24-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2324-2-0x0000000002290000-0x0000000003412000-memory.dmp

Filesize
17.5MB

Download
memory/2324-21-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download