Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
SecuriteInfo.com.Trojan.Packed.16045.13418.dll
|
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
|
initial sample
|
 |
|
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_40dfe4f969cbf4fc5de74dcb1b6270e6cee73c1c_7522e4b5_2f2b4a1c-35c5-4358-b8f2-1e2fbbb9e370\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_40dfe4f969cbf4fc5de74dcb1b6270e6cee73c1c_7522e4b5_3445b430-5404-4f1d-ab9e-1623049dd6e3\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_40dfe4f969cbf4fc5de74dcb1b6270e6cee73c1c_7522e4b5_d1103713-8ae5-4de5-a329-aea6d2e3fe56\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8b99f381882e05a5abb1913aaf1cb4446d926b3_7522e4b5_0a457b11-ee37-4a85-8ac3-689d30f730fc\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8b99f381882e05a5abb1913aaf1cb4446d926b3_7522e4b5_71784623-12fc-4600-a3bb-ceea5991a9f6\Report.wer
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B37.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:17 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2B66.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:17 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C42.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C51.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C62.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2C72.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3691.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:20 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER372F.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER376E.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4249.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:23 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER42A7.tmp.dmp
|
Mini DuMP crash report, 14 streams, Sat Sep 28 18:36:23 2024, 0x1205a4 type
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4306.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4336.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER43E1.tmp.WERInternalMetadata.xml
|
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
|
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4411.tmp.xml
|
XML 1.0 document, ASCII text, with CRLF line terminators
|
dropped
|
||
|
C:\Windows\appcompat\Programs\Amcache.hve
|
MS Windows registry file, NT/2000 or above
|
dropped
|
There are 12 hidden files, click here to show them.
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
C:\Windows\System32\loaddll32.exe
|
loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll"
|
||
|
C:\Windows\System32\conhost.exe
|
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
|
||
|
C:\Windows\SysWOW64\cmd.exe
|
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll",#1
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll,SetDllPathA
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll",#1
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 620
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 612
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll,SetDllPathW
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 612
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll",SetDllPathA
|
||
|
C:\Windows\SysWOW64\rundll32.exe
|
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Packed.16045.13418.dll",SetDllPathW
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 612
|
||
|
C:\Windows\SysWOW64\WerFault.exe
|
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 612
|
There are 3 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://upx.sf.net
|
unknown
|
Registry
|
Path
|
Value
|
Malicious
|
|
|---|---|---|---|
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProgramId
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
FileId
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LowerCaseLongPath
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LongPathHash
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Name
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
OriginalFileName
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Publisher
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Version
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinFileVersion
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinaryType
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductName
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
ProductVersion
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
LinkDate
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
BinProductVersion
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageFullName
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
AppxPackageRelativeId
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Size
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Language
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
IsOsComponent
|
||
|
\REGISTRY\A\{005d138d-0388-0074-471d-217ae1464999}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
|
Usn
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceId
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
ApplicationFlags
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
ClockTimeSeconds
|
||
|
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
|
TickCount
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property
|
0018000DDABBE6B3
|
||
|
HKEY_CURRENT_USER\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
|
DeviceTicket
|
There are 18 hidden registries, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
3490000
|
heap
|
page read and write
|
||
|
4F40000
|
heap
|
page read and write
|
||
|
BCF000
|
stack
|
page read and write
|
||
|
8A0000
|
heap
|
page read and write
|
||
|
4BDF000
|
stack
|
page read and write
|
||
|
339E000
|
stack
|
page read and write
|
||
|
10009000
|
unkown
|
page read and write
|
||
|
3260000
|
heap
|
page read and write
|
||
|
2FBB000
|
stack
|
page read and write
|
||
|
10007000
|
unkown
|
page readonly
|
||
|
4D8E000
|
stack
|
page read and write
|
||
|
ACE000
|
heap
|
page read and write
|
||
|
35AA000
|
heap
|
page read and write
|
||
|
48E000
|
stack
|
page read and write
|
||
|
BEF000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
31F0000
|
heap
|
page read and write
|
||
|
15B000
|
stack
|
page read and write
|
||
|
BD0000
|
heap
|
page read and write
|
||
|
7B0000
|
heap
|
page read and write
|
||
|
4DCF000
|
stack
|
page read and write
|
||
|
3240000
|
heap
|
page read and write
|
||
|
355E000
|
stack
|
page read and write
|
||
|
10007000
|
unkown
|
page readonly
|
||
|
1030000
|
heap
|
page read and write
|
||
|
8D0000
|
heap
|
page read and write
|
||
|
67E000
|
heap
|
page read and write
|
||
|
32C0000
|
heap
|
page read and write
|
||
|
4C1E000
|
stack
|
page read and write
|
||
|
ABA000
|
heap
|
page read and write
|
||
|
A3E000
|
stack
|
page read and write
|
||
|
33B0000
|
heap
|
page read and write
|
||
|
890000
|
heap
|
page read and write
|
||
|
35A0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
2E60000
|
heap
|
page read and write
|
||
|
6ED000
|
stack
|
page read and write
|
||
|
349A000
|
heap
|
page read and write
|
||
|
1000E000
|
unkown
|
page readonly
|
||
|
400000
|
heap
|
page read and write
|
||
|
359F000
|
stack
|
page read and write
|
||
|
750000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
10007000
|
unkown
|
page readonly
|
||
|
4C5E000
|
stack
|
page read and write
|
||
|
33CE000
|
heap
|
page read and write
|
||
|
2FFC000
|
stack
|
page read and write
|
||
|
D90000
|
heap
|
page read and write
|
||
|
760000
|
heap
|
page read and write
|
||
|
10009000
|
unkown
|
page read and write
|
||
|
2FCC000
|
stack
|
page read and write
|
||
|
30AC000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3340000
|
heap
|
page read and write
|
||
|
10009000
|
unkown
|
page read and write
|
||
|
66A000
|
heap
|
page read and write
|
||
|
3280000
|
heap
|
page read and write
|
||
|
33BE000
|
stack
|
page read and write
|
||
|
7DE000
|
stack
|
page read and write
|
||
|
A7E000
|
stack
|
page read and write
|
||
|
DA7000
|
heap
|
page read and write
|
||
|
10007000
|
unkown
|
page readonly
|
||
|
D1D000
|
stack
|
page read and write
|
||
|
3230000
|
heap
|
page read and write
|
||
|
19C000
|
stack
|
page read and write
|
||
|
D9F000
|
heap
|
page read and write
|
||
|
3510000
|
heap
|
page read and write
|
||
|
C6F000
|
stack
|
page read and write
|
||
|
35BE000
|
heap
|
page read and write
|
||
|
5EB000
|
stack
|
page read and write
|
||
|
10009000
|
unkown
|
page read and write
|
||
|
340F000
|
stack
|
page read and write
|
||
|
DAD000
|
heap
|
page read and write
|
||
|
410000
|
heap
|
page read and write
|
||
|
34AE000
|
heap
|
page read and write
|
||
|
10007000
|
unkown
|
page readonly
|
||
|
4B0000
|
heap
|
page read and write
|
||
|
7FF000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
C1D000
|
stack
|
page read and write
|
||
|
5CF000
|
stack
|
page read and write
|
||
|
1000E000
|
unkown
|
page readonly
|
||
|
1000E000
|
unkown
|
page readonly
|
||
|
C2E000
|
stack
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
3580000
|
heap
|
page read and write
|
||
|
83C000
|
stack
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
9FE000
|
stack
|
page read and write
|
||
|
7AE000
|
stack
|
page read and write
|
||
|
1000E000
|
unkown
|
page readonly
|
||
|
4670000
|
heap
|
page read and write
|
||
|
D9B000
|
heap
|
page read and write
|
||
|
34EF000
|
stack
|
page read and write
|
||
|
33BA000
|
heap
|
page read and write
|
||
|
840000
|
heap
|
page read and write
|
||
|
1000E000
|
unkown
|
page readonly
|
||
|
AB0000
|
heap
|
page read and write
|
||
|
326E000
|
stack
|
page read and write
|
||
|
10007000
|
unkown
|
page readonly
|
||
|
10009000
|
unkown
|
page read and write
|
||
|
2F8B000
|
stack
|
page read and write
|
||
|
660000
|
heap
|
page read and write
|
||
|
306B000
|
stack
|
page read and write
|
||
|
10009000
|
unkown
|
page read and write
|
||
|
10001000
|
unkown
|
page execute read
|
||
|
3110000
|
heap
|
page read and write
|
||
|
3480000
|
heap
|
page read and write
|
||
|
1000E000
|
unkown
|
page readonly
|
||
|
33C0000
|
heap
|
page read and write
|
||
|
10000000
|
unkown
|
page readonly
|
||
|
5EC000
|
stack
|
page read and write
|
||
|
34D0000
|
heap
|
page read and write
|
||
|
32A0000
|
heap
|
page read and write
|
There are 107 hidden memdumps, click here to show them.