Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	May 17, 2023, 9:31 a.m.	May 17, 2023, 9:33 a.m.

Size	8.1MB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`513eecac1e602be2a404f1d70719dffb`
SHA256	`80ef5b531e2e8cb19403a8f06cfa1d6743900957ebf24d84f63211ae04d6bc1f`
CRC32	`9077D1B7`
ssdeep	`196608:gqtd+hY7xGKq9SsHd9rm2niE6RK/Io+IDZT0Lx:Lt7Q97HX/n76RK/394`
Yara	IsDLL - (no description) IsPE64 - (no description) PE_Header_Zero - PE File Signature

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AtomLdr.dll,AtomHelper
2068
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AtomLdr.dll,AtomHelper
  2424
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AtomLdr.dll,AtomSystemInstaller
2160
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AtomLdr.dll,AtomSystemInstaller
  2416
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AtomLdr.dll,Atom
1460
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AtomLdr.dll,Atom
  2468
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AtomLdr.dll,InitializeAtomSystem
2252
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AtomLdr.dll,InitializeAtomSystem
  2408
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\AtomLdr.dll,
2344

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (4 events)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent May 17, 2023, 9:24 a.m.			0	0
IsDebuggerPresent May 17, 2023, 9:24 a.m.			0	0
IsDebuggerPresent May 17, 2023, 9:24 a.m.			0	0
IsDebuggerPresent May 17, 2023, 9:24 a.m.			0	0

The binary likely contains encrypted or compressed data indicative of a packer (2 events)

section

{u'size_of_data': u'0x00812200', u'virtual_address': u'0x00007000', u'entropy': 7.9999790704606975, u'name': u'.rsrc', u'virtual_size': u'0x00812190'}

entropy

7.99997907046

description

A section with a high entropy has been found

entropy

0.998188296395

description

Overall entropy of this PE file is high

File has been identified by 17 AntiVirus engines on VirusTotal as malicious (17 events)

MicroWorld-eScan	Gen:Variant.Lazy.336850
FireEye	Generic.mg.513eecac1e602be2
CrowdStrike	win/malicious_confidence_90% (D)
Arcabit	Trojan.Lazy.D523D2
ESET-NOD32	a variant of Win64/Runner_AGen.A
APEX	Malicious
Cynet	Malicious (score: 100)
BitDefender	Gen:Variant.Lazy.336850
Avast	Win64:Evo-gen [Trj]
Emsisoft	Gen:Variant.Lazy.336850 (B)
VIPRE	Gen:Variant.Lazy.336850
Trapmine	malicious.moderate.ml.score
GData	Gen:Variant.Lazy.336850
ALYac	Gen:Variant.Lazy.336850
MAX	malware (ai score=84)
Rising	Trojan.Runner!8.93 (TFE:6:ivNoXlcNGlJ)
AVG	Win64:Evo-gen [Trj]

AtomLdr.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All