Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
20-04-2024 16:55
Behavioral task
behavioral1
Sample
SpecialForce.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
SpecialForce.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
xtrap/XTrap.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
xtrap/XTrap.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
xtrap/XTrapVa.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
xtrap/XTrapVa.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
xtrap/psapi.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
xtrap/psapi.dll
Resource
win10v2004-20240412-en
General
-
Target
xtrap/psapi.dll
-
Size
22KB
-
MD5
b79041843539564904144ff5b5c5cffa
-
SHA1
d16481f01b920145158ca7ba3c8cdcea33969478
-
SHA256
bdf88f03d8f609ba316adbabccf10494859e56c0686a1724e0fb04a90a672d36
-
SHA512
663b9b243b0e66483ab8859db239f9165e653890b7ed52ceca5b923d46c7454a0fd9ee269b2a3f5746d96578bc18e312bce42df862d586247a3fc358dc1ca9d6
-
SSDEEP
384:19gOsCTN8ZLCsGE5t+7+gimIk5LNKn4mVWSS6KHJx7OzO6LayspdzWZb8fAW3nOg:19gqOwAmIOLMS3HqC6m7fd
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 3016 wrote to memory of 2508 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2508 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2508 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2508 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2508 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2508 3016 rundll32.exe rundll32.exe PID 3016 wrote to memory of 2508 3016 rundll32.exe rundll32.exe