Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Overview

General Information

Sample Name:	SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll
Analysis ID:	1310478
MD5:	c652f37c2d124cb6dd1c1fdee6726d25
SHA1:	93516458df474d812a32a5023c3b4b69f08f6bb8
SHA256:	f4ce5c29477f0485a3103aec803be24560ed5afff09e81c74f665f85c534f745
Tags:	dll
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Sample execution stops while process was sleeping (likely an evasion)

Uses 32bit PE files

Program does not show much activity (idle)

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 6340 cmdline: loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll" MD5: 51E6071F9CBA48E79F10C84515AAE618)

conhost.exe (PID: 6892 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 86191D9E0E30631DB3E78E4645804358)

cmd.exe (PID: 2252 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

rundll32.exe (PID: 6504 cmdline: rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1 MD5: 889B99C52A60DD49227C5E485A016679)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

⊘No yara matches

Sigma Signatures

⊘No Sigma rule has matched

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: C:\Windows\System32\loaddll32.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: D:\DATA\Documents\Visual Studio 2008\Projects\QonohaIcons\Release\QonohaIcons.pdb source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL

Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: classification engine

Classification label: clean2.winDLL@6/0@0/0

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll"
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6892:120:WilError_03

Source: C:\Windows\System32\loaddll32.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9625_none_508ef7e4bcbbe589\MSVCR90.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: D:\DATA\Documents\Visual Studio 2008\Projects\QonohaIcons\Release\QonohaIcons.pdb source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Windows\System32\loaddll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\System32\loaddll32.exe

Thread delayed: delay time: 120000

Jump to behavior

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	11 Process Injection	1 Rundll32	OS Credential Dumping	1 Virtualization/Sandbox Evasion	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Virtualization/Sandbox Evasion	LSASS Memory	1 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	11 Process Injection	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	3%	ReversingLabs
SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll	1%	Virustotal		Browse

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1310478
Start date and time:	2023-09-19 04:42:41 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10, Office Professional Plus 2016, Chrome 115, Firefox 115, Adobe Reader 23, Java 8 Update 381
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll
Detection:	CLEAN
Classification:	clean2.winDLL@6/0@0/0
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .dll Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, svchost.exe
Excluded domains from analysis (whitelisted): geover.prod.do.dsp.mp.microsoft.com, fs.microsoft.com, geo.prod.do.dsp.mp.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information

File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.940773429933873
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll
File size:	707'072 bytes
MD5:	c652f37c2d124cb6dd1c1fdee6726d25
SHA1:	93516458df474d812a32a5023c3b4b69f08f6bb8
SHA256:	f4ce5c29477f0485a3103aec803be24560ed5afff09e81c74f665f85c534f745
SHA512:	490e72855c78284e6208489a93d00e993c6f1e3bef5bcd1767a1eaa6026c74c54862c0f4fd29320d34958c658179535ea95b0dd7108808e4ec608db55d782d93
SSDEEP:	12288:k2gbcYLHc0/hHyaaowsCeb7N5LGVJhcADn700JSs:k2gjLHRyaa0Ceb7/LAvDn700Jd
TLSH:	08E45B8FE311D0AAC3C48A71C525DD38A2A6FC69892A6F26F1DC7F773935313295A413
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T..............$.......".......4.......3......W................=.......#.......&.....Rich............................PE..L..

File Icon


Icon Hash:	62c9b4e4a7b680c7

Static PE Info

General

Entrypoint:	0x100013a6
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x10000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x4D3AD977 [Sat Jan 22 13:19:51 2011 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	d056332cf3b8d6b9c5dfda1fdbccf8ca

Entrypoint Preview

Instruction
mov edi, edi
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007FD9148B7897h
call 00007FD9148B7CB5h
push dword ptr [ebp+08h]
mov ecx, dword ptr [ebp+10h]
mov edx, dword ptr [ebp+0Ch]
call 00007FD9148B7761h
pop ecx
pop ebp
retn 000Ch
mov edi, edi
push ebp
mov ebp, esp
sub esp, 00000328h
mov dword ptr [10003120h], eax
mov dword ptr [1000311Ch], ecx
mov dword ptr [10003118h], edx
mov dword ptr [10003114h], ebx
mov dword ptr [10003110h], esi
mov dword ptr [1000310Ch], edi
mov word ptr [10003138h], ss
mov word ptr [1000312Ch], cs
mov word ptr [10003108h], ds
mov word ptr [10003104h], es
mov word ptr [10003100h], fs
mov word ptr [100030FCh], gs
pushfd
pop dword ptr [10003130h]
mov eax, dword ptr [ebp+00h]
mov dword ptr [10003124h], eax
mov eax, dword ptr [ebp+04h]
mov dword ptr [10003128h], eax
lea eax, dword ptr [ebp+08h]
mov dword ptr [10003134h], eax
mov eax, dword ptr [ebp-00000320h]
mov dword ptr [10003070h], 00010001h
mov eax, dword ptr [10003128h]
mov dword ptr [10003024h], eax
mov dword ptr [10003018h], C0000409h
mov dword ptr [1000301Ch], 00000001h

Rich Headers

Programming Language:

[IMP] VS2008 SP1 build 30729
[ASM] VS2008 SP1 build 30729
[ C ] VS2008 SP1 build 30729
[C++] VS2008 SP1 build 30729
[IMP] VS2005 build 50727
[RES] VS2008 build 21022
[LNK] VS2008 SP1 build 30729

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x21fc	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x4000	0xaabf4	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xaf000	0x120	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x20a0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x20c8	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x80	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x890	0xa00	False	0.575	data	5.504497471502635	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x2000	0x506	0x600	False	0.44140625	data	4.2950236174327285	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x3000	0x364	0x200	False	0.046875	data	0.27874732431271465	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x4000	0xaabf4	0xaac00	False	0.45115471724011713	data	5.955573099332391	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xaf000	0x738	0x800	False	0.14501953125	data	1.340259189965986	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x6248	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.357409381663113
RT_ICON	0x70f0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.4842057761732852
RT_ICON	0x7998	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5627880184331797
RT_ICON	0x8060	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.6257225433526011
RT_ICON	0x85c8	0x27b1	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9517763999606338
RT_ICON	0xad7c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.14512448132780084
RT_ICON	0xd324	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.22818949343339587
RT_ICON	0xe3cc	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.27909836065573773
RT_ICON	0xed54	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.4219858156028369
RT_ICON	0xf1bc	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.3427505330490405
RT_ICON	0x10064	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.47021660649819497
RT_ICON	0x1090c	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5535714285714286
RT_ICON	0x10fd4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.5953757225433526
RT_ICON	0x1153c	0x264f	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.960028551034975
RT_ICON	0x13b8c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.13755186721991702
RT_ICON	0x16134	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.20708255159474673
RT_ICON	0x171dc	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.2721311475409836
RT_ICON	0x17b64	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.3980496453900709
RT_ICON	0x17fcc	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.38912579957356075
RT_ICON	0x18e74	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5027075812274369
RT_ICON	0x1971c	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5506912442396313
RT_ICON	0x19de4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.5960982658959537
RT_ICON	0x1a34c	0x2c59	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.955694530080155
RT_ICON	0x1cfa8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.1662863070539419
RT_ICON	0x1f550	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.2401500938086304
RT_ICON	0x205f8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.31434426229508194
RT_ICON	0x20f80	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.34131205673758863
RT_ICON	0x213e8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.40031982942430705
RT_ICON	0x22290	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.509927797833935
RT_ICON	0x22b38	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.554147465437788
RT_ICON	0x23200	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.6062138728323699
RT_ICON	0x23768	0x2dee	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9516074162272495
RT_ICON	0x26558	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.17178423236514523
RT_ICON	0x28b00	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.24437148217636023
RT_ICON	0x29ba8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.31311475409836065
RT_ICON	0x2a530	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.39361702127659576
RT_ICON	0x2a998	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.4064498933901919
RT_ICON	0x2b840	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5148916967509025
RT_ICON	0x2c0e8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5610599078341014
RT_ICON	0x2c7b0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.6206647398843931
RT_ICON	0x2cd18	0x2fab	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9557485864131771
RT_ICON	0x2fcc4	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.17116182572614108
RT_ICON	0x3226c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.2584427767354597
RT_ICON	0x33314	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.32991803278688525
RT_ICON	0x33c9c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.4423758865248227
RT_ICON	0x34104	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.39632196162046907
RT_ICON	0x34fac	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5036101083032491
RT_ICON	0x35854	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5483870967741935
RT_ICON	0x35f1c	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.5888728323699421
RT_ICON	0x36484	0x2cd1	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9512769110084547
RT_ICON	0x39158	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.1662863070539419
RT_ICON	0x3b700	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.24366791744840524
RT_ICON	0x3c7a8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.31434426229508194
RT_ICON	0x3d130	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.32978723404255317
RT_ICON	0x3d598	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.39925373134328357
RT_ICON	0x3e440	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5072202166064982
RT_ICON	0x3ece8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5529953917050692
RT_ICON	0x3f3b0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.6242774566473989
RT_ICON	0x3f918	0x2d9d	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9528988610088207
RT_ICON	0x426b8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.1671161825726141
RT_ICON	0x44c60	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.24413696060037524
RT_ICON	0x45d08	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.31926229508196724
RT_ICON	0x46690	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.4148936170212766
RT_ICON	0x46af8	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.4155117270788913
RT_ICON	0x479a0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5433212996389891
RT_ICON	0x48248	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5933179723502304
RT_ICON	0x48910	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.6264450867052023
RT_ICON	0x48e78	0x2c43	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9528726502515223
RT_ICON	0x4babc	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.17188796680497925
RT_ICON	0x4e064	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.26102251407129456
RT_ICON	0x4f10c	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.34590163934426227
RT_ICON	0x4fa94	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.40691489361702127
RT_ICON	0x4fefc	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.40191897654584224
RT_ICON	0x50da4	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5112815884476535
RT_ICON	0x5164c	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5570276497695853
RT_ICON	0x51d14	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.5989884393063584
RT_ICON	0x5227c	0x2d79	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9533545228073189
RT_ICON	0x54ff8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.16846473029045644
RT_ICON	0x575a0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.2448405253283302
RT_ICON	0x58648	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.32172131147540983
RT_ICON	0x58fd0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.3723404255319149
RT_ICON	0x59438	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.40325159914712155
RT_ICON	0x5a2e0	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5126353790613718
RT_ICON	0x5ab88	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5587557603686636
RT_ICON	0x5b250	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.6004335260115607
RT_ICON	0x5b7b8	0x2fbb	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9590801211228415
RT_ICON	0x5e774	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.17188796680497925
RT_ICON	0x60d1c	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.2530487804878049
RT_ICON	0x61dc4	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.3336065573770492
RT_ICON	0x6274c	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.39273049645390073
RT_ICON	0x62bb4	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.4099147121535181
RT_ICON	0x63a5c	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5135379061371841
RT_ICON	0x64304	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5610599078341014
RT_ICON	0x649cc	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.6271676300578035
RT_ICON	0x64f34	0x2ee5	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.95676801332778
RT_ICON	0x67e1c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.17064315352697096
RT_ICON	0x6a3c4	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.2521106941838649
RT_ICON	0x6b46c	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.33114754098360655
RT_ICON	0x6bdf4	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.424645390070922
RT_ICON	0x6c25c	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.4144456289978678
RT_ICON	0x6d104	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5139891696750902
RT_ICON	0x6d9ac	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5720046082949308
RT_ICON	0x6e074	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.596820809248555
RT_ICON	0x6e5dc	0x2e5b	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9528103143170136
RT_ICON	0x71438	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.17769709543568465
RT_ICON	0x739e0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.2572701688555347
RT_ICON	0x74a88	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.3344262295081967
RT_ICON	0x75410	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.3625886524822695
RT_ICON	0x75878	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.3976545842217484
RT_ICON	0x76720	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5058664259927798
RT_ICON	0x76fc8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5483870967741935
RT_ICON	0x77690	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.5888728323699421
RT_ICON	0x77bf8	0x2da4	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9548099965765149
RT_ICON	0x7a99c	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.1682572614107884
RT_ICON	0x7cf44	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.24601313320825516
RT_ICON	0x7dfec	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.3086065573770492
RT_ICON	0x7e974	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.3271276595744681
RT_ICON	0x7eddc	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.43630063965884863
RT_ICON	0x7fc84	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5207581227436823
RT_ICON	0x8052c	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5668202764976958
RT_ICON	0x80bf4	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.6004335260115607
RT_ICON	0x8115c	0x2f4d	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9537534065571063
RT_ICON	0x840ac	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.18485477178423237
RT_ICON	0x86654	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.27157598499061913
RT_ICON	0x876fc	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.32581967213114754
RT_ICON	0x88084	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.38120567375886527
RT_ICON	0x884ec	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.40671641791044777
RT_ICON	0x89394	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5117328519855595
RT_ICON	0x89c3c	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5547235023041475
RT_ICON	0x8a304	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.5960982658959537
RT_ICON	0x8a86c	0x2eab	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9549677743366536
RT_ICON	0x8d718	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.17095435684647303
RT_ICON	0x8fcc0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.2375703564727955
RT_ICON	0x90d68	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.305327868852459
RT_ICON	0x916f0	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.3333333333333333
RT_ICON	0x91b58	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.4157782515991471
RT_ICON	0x92a00	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5270758122743683
RT_ICON	0x932a8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5789170506912442
RT_ICON	0x93970	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.630057803468208
RT_ICON	0x93ed8	0x2f7f	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9558351838144584
RT_ICON	0x96e58	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.1808091286307054
RT_ICON	0x99400	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.26360225140712945
RT_ICON	0x9a4a8	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.34057377049180326
RT_ICON	0x9ae30	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.425531914893617
RT_ICON	0x9b298	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.43523454157782515
RT_ICON	0x9c140	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.5311371841155235
RT_ICON	0x9c9e8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5835253456221198
RT_ICON	0x9d0b0	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.6372832369942196
RT_ICON	0x9d618	0x2f0e	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9548397808401129
RT_ICON	0xa0528	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.18848547717842323
RT_ICON	0xa2ad0	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.2704033771106942
RT_ICON	0xa3b78	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.3590163934426229
RT_ICON	0xa4500	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.45656028368794327
RT_ICON	0xa4968	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 0	Japanese	Japan	0.43603411513859275
RT_ICON	0xa5810	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 0	Japanese	Japan	0.523014440433213
RT_ICON	0xa60b8	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 0	Japanese	Japan	0.5702764976958525
RT_ICON	0xa6780	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 0	Japanese	Japan	0.615606936416185
RT_ICON	0xa6ce8	0x2f29	PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced	Japanese	Japan	0.9515447693199702
RT_ICON	0xa9c14	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 0	Japanese	Japan	0.17593360995850624
RT_ICON	0xac1bc	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 0	Japanese	Japan	0.2558630393996248
RT_ICON	0xad264	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 0	Japanese	Japan	0.32459016393442625
RT_ICON	0xadbec	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 0	Japanese	Japan	0.37943262411347517
RT_GROUP_ICON	0xae054	0x84	data	Japanese	Japan	0.6666666666666666
RT_GROUP_ICON	0xae0d8	0x84	data	Japanese	Japan	0.6818181818181818
RT_GROUP_ICON	0xae15c	0x84	data	Japanese	Japan	0.7045454545454546
RT_GROUP_ICON	0xae1e0	0x84	data	Japanese	Japan	0.6893939393939394
RT_GROUP_ICON	0xae264	0x84	data	Japanese	Japan	0.6818181818181818
RT_GROUP_ICON	0xae2e8	0x84	data	Japanese	Japan	0.696969696969697
RT_GROUP_ICON	0xae36c	0x84	data	Japanese	Japan	0.696969696969697
RT_GROUP_ICON	0xae3f0	0x84	data	Japanese	Japan	0.696969696969697
RT_GROUP_ICON	0xae474	0x84	data	Japanese	Japan	0.7045454545454546
RT_GROUP_ICON	0xae4f8	0x84	data	Japanese	Japan	0.696969696969697
RT_GROUP_ICON	0xae57c	0x84	data	Japanese	Japan	0.696969696969697
RT_GROUP_ICON	0xae600	0x84	data	Japanese	Japan	0.696969696969697
RT_GROUP_ICON	0xae684	0x84	data	Japanese	Japan	0.696969696969697
RT_GROUP_ICON	0xae708	0x84	data	Japanese	Japan	0.696969696969697
RT_GROUP_ICON	0xae78c	0x84	data	Japanese	Japan	0.6893939393939394
RT_GROUP_ICON	0xae810	0x84	data	Japanese	Japan	0.6818181818181818
RT_GROUP_ICON	0xae894	0x84	data	Japanese	Japan	0.6818181818181818
RT_GROUP_ICON	0xae918	0x84	data	Japanese	Japan	0.696969696969697
RT_MANIFEST	0xae99c	0x256	ASCII text, with CRLF line terminators	English	United States	0.5100334448160535

Imports

DLL	Import
MSVCR90.dll	_lock, __dllonexit, _except_handler4_common, _unlock, __clean_type_info_names_internal, _crt_debugger_hook, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _decode_pointer, _encoded_null, free, _malloc_crt, _onexit, _encode_pointer
KERNEL32.dll	GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedCompareExchange, Sleep, InterlockedExchange, GetSystemTimeAsFileTime

Possible Origin

Language of compilation system	Country where language is spoken	Map
Japanese	Japan
English	United States

• loaddll32.exe
• conhost.exe
• cmd.exe
• rundll32.exe

Click to jump to process

Memory Usage

• loaddll32.exe
• conhost.exe
• cmd.exe
• rundll32.exe

Click to jump to process

Click to jump to process

Target ID:	1
Start time:	04:43:32
Start date:	19/09/2023
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll"
Imagebase:	0x450000
File size:	126'464 bytes
MD5 hash:	51E6071F9CBA48E79F10C84515AAE618
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	04:43:32
Start date:	19/09/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff78b990000
File size:	873'472 bytes
MD5 hash:	86191D9E0E30631DB3E78E4645804358
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	04:43:33
Start date:	19/09/2023
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1
Imagebase:	0x120000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	04:43:33
Start date:	19/09/2023
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll",#1
Imagebase:	0xd00000
File size:	61'440 bytes
MD5 hash:	889B99C52A60DD49227C5E485A016679
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Compliance

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Rich Headers

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: loaddll32.exePID: 6340, Parent PID: 4884

General

File Activities

File Opened

File Created

File Attributes Queried

Volume Information Queried

Device IO

Section Activities

Sections loaded by Windows

Sections loaded by Program

Registry Activities

Key Opened

Windows Analysis Report
SecuriteInfo.com.Trojan-Ransom.Timer.20488.16309.dll