Windows Analysis Report
SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll

Overview

General Information

Sample name: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll
(renamed file extension from exe to dll)
Original sample name: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.exe
Analysis ID: 1426608
MD5: 27e1ba124dca078b7c11401f9467b1d8
SHA1: 5549c30cc5f36ef2ed3d796e6f16309e7f274c60
SHA256: 1862b29b4e7d6d936345b6dd89216cd677f82410761de7a192af822663ecdecf
Tags: exe
Infos:

Detection

Score: 48
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for submitted file
Creates a process in suspended mode (likely to inject code)
May sleep (evasive loops) to hinder dynamic analysis
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Conhost Spawned By Uncommon Parent Process

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll ReversingLabs: Detection: 25%
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Virustotal: Detection: 29% Perma Link
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: Binary string: A:\Srcs\Pad\Build\Release\Hyper3.pdb??'GCTL source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll
Source: Binary string: A:\Srcs\Pad\Build\Release\Hyper3.pdb source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll String found in binary or memory: https://cdn.discordapp.com/attachments/1135629801705709640/1170156279776411779/Hyper.ytd
Source: classification engine Classification label: mal48.winDLL@7/3@0/0
Source: C:\Windows\System32\loaddll64.exe File created: C:\Users\user\AppData\Roaming\Hyper Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5272:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5764:120:WilError_03
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Windows\System32\loaddll64.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll ReversingLabs: Detection: 25%
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Virustotal: Detection: 29%
Source: unknown Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll"
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1
Source: C:\Windows\System32\rundll32.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\loaddll64.exe Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1 Jump to behavior
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1 Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: msvcp140.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: vcruntime140_1.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: vcruntime140.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\loaddll64.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\rundll32.exe Automated click: OK
Source: C:\Windows\System32\rundll32.exe Automated click: OK
Source: Window Recorder Window detected: More than 3 window changes detected
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: Image base 0x180000000 > 0x60000000
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static file information: File size 1581056 > 1048576
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: A:\Srcs\Pad\Build\Release\Hyper3.pdb??'GCTL source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll
Source: Binary string: A:\Srcs\Pad\Build\Release\Hyper3.pdb source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Windows\System32\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\conhost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\System32\loaddll64.exe TID: 5948 Thread sleep time: -120000s >= -30000s Jump to behavior
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\loaddll64.exe Thread delayed: delay time: 120000 Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1 Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1426608 Sample: SecuriteInfo.com.Trojan.Gen... Startdate: 16/04/2024 Architecture: WINDOWS Score: 48 18 Multi AV Scanner detection for submitted file 2->18 8 loaddll64.exe 3 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 conhost.exe 8->12         started        process5 14 rundll32.exe 1 10->14         started        process6 16 conhost.exe 14->16         started       
No contacted IP infos