Windows Analysis Report
SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Overview

General Information

Sample name:	SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe
Analysis ID:	1543314
MD5:	334400ebc61e0daf9c061d834fa2af6d
SHA1:	3a2af2dc7aa326e64a6f12e0785ad9cb79c3836e
SHA256:	cfdcd84dff934e67a5ff96ccb5911bbaff27191f96685d28a0f966972e7ad1b2
Tags:	exe
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Adds / modifies Windows certificates

Allocates memory with a write watch (potentially for evading sandboxes)

Contains long sleeps (>= 3 min)

Detected potential crypto function

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Sample file is different than original file name gathered from version info

Classification

Signatures

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:

Binary string: c:\users\snake061\source\repos\test1\test1\obj\Debug\test1.pdb source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe, 00000000.00000002.2339882248.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe, 00000000.00000002.2339882248.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	String found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	String found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe, 00000000.00000002.2339882248.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe, 00000000.00000002.2339882248.000000000119C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabme1
Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe, 00000000.00000002.2339882248.00000000011CD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	String found in binary or memory: http://ocsp.sectigo.com0
Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	String found in binary or memory: https://sectigo.com/CPS0

Detected potential crypto function

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Code function: 0_2_00007FFD33E4000A

0_2_00007FFD33E4000A

PE / OLE file has an invalid certificate

Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Static PE information: invalid certificate

Sample file is different than original file name gathered from version info

Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe, 00000000.00000000.2287180212.0000000000C54000.00000002.00000001.01000000.00000003.sdmp	Binary or memory string: OriginalFilenametest1.exe, vs SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe
Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Binary or memory string: OriginalFilenametest1.exe, vs SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Source: classification engine

Classification label: clean3.winEXE@1/1@0/0

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v2.0

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Mutant created: NULL

Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

File read: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Section loaded: wintypes.dll	Jump to behavior

Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

File opened: C:\Windows\WinSxS\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_88e266cb2fac7c0d\MSVCR80.dll

Jump to behavior

Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: c:\users\snake061\source\repos\test1\test1\obj\Debug\test1.pdb source: SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Allocates memory with a write watch (potentially for evading sandboxes)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Memory allocated: 1390000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Memory allocated: 3390000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe	Memory allocated: 1B390000 memory commit \| memory reserve \| memory write watch	Jump to behavior

Contains long sleeps (>= 3 min)

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe TID: 2968

Thread sleep time: -922337203685477s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Adds / modifies Windows certificates

Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Blob

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1543314
Product:	CloudBasic
Start time:	16:56:16
Start date:	27.10.2024
Sample:	SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	334400ebc61e0daf9c061d834fa2af6d
SHA1:	3a2af2dc7aa326e64a6f12e0785ad9cb79c3836e
SHA256:	cfdcd84dff934e67a5ff96ccb5911bbaff27191f96685d28a0f966972e7ad1b2
Filetype:	Win32 Executable (generic) Net Framework (10011505/4) 50.01%

Windows Analysis Report
SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

Networking

System Summary

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
SecuriteInfo.com.Trojan.GenericKD.74343100.23730.20084.exe