Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll

PE32+ executable (DLL) (GUI) x86-64, for MS Windows

initial sample

Details

Filetype:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy:	6.417090481074733
Filename:	SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll
Filesize:	1581056
MD5:	27e1ba124dca078b7c11401f9467b1d8
SHA1:	5549c30cc5f36ef2ed3d796e6f16309e7f274c60
SHA256:	1862b29b4e7d6d936345b6dd89216cd677f82410761de7a192af822663ecdecf
SHA512:	d248baee1d69424a16867ef5c6cd5ed789399d3eaedf5b8094781861ae632427ed3bc377825c14d2328d243ab6ad30cc8dcfc5667f9e486a4fab5fe979ef93b1
SSDEEP:	49152:FiaDCMQwfG+mLpit5ckD0bF6eq+yNGNbbgWWkPAdU+To:FRDJW3bR
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................L...............?.......i.......i.......i.......i.......Rich...........

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
URLs found in memory or binary data	Networking
PE file contains a valid data directory to section mapping	System Summary
PE file contains a debug data directory	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file contains a mix of data directories often seen in goodware	System Summary
PE file has a high image base, often used for DLLs	System Summary
Submission file is bigger than most known malware samples	System Summary

C:\Users\user\AppData\Roaming\Hyper\Hyper.log

ASCII text, with CRLF line terminators

dropped

Details

File:	C:\Users\user\AppData\Roaming\Hyper\Hyper.log
Category:	dropped
Dump:	Hyper.log.0.dr
ID:	dr_1
Target ID:	0
Process:	C:\Windows\System32\loaddll64.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.971573774254783
Encrypted:	false
Ssdeep:	6:D6Xgv2jU1RvDaR6Xgv2jU1RvDaR6XkdQjU/t05:D6Km6Km1Qo05
Size:	237
Whitelisted:	false
Reputation:	low

\Device\ConDrv

ASCII text, with CRLF line terminators

dropped

Details

File:	\Device\ConDrv
Category:	dropped
Dump:	ConDrv.3.dr
ID:	dr_2
Target ID:	3
Process:	C:\Windows\System32\rundll32.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.977577455763364
Encrypted:	false
Ssdeep:	3:DAfXg49i21608FReg2eRvDaRAfXk4gQ1608FReWt9je5:D6Xgv2jU1RvDaR6XkdQjU/t05
Size:	159
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll64.exe

loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll"

Details

Is windows:	true
Is dropped:	false
PID:	6688
Target ID:	0
Parent PID:	4004
Name:	loaddll64.exe
Path:	C:\Windows\System32\loaddll64.exe
Commandline:	loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll"
Size:	165888
MD5:	763455F9DCB24DFEECC2B9D9F8D46D52
Time:	11:25:51
Date:	16/04/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff65f580000
Modulesize:	188416
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5272
Target ID:	1
Parent PID:	6688
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	11:25:51
Date:	16/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Conhost Spawned By Uncommon Parent Process	System Summary
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	3928
Target ID:	2
Parent PID:	6688
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	11:25:51
Date:	16/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7bc690000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4232
Target ID:	3
Parent PID:	3928
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.dll",#1
Size:	71680
MD5:	EF3179D498793BF4234F708D3BE28633
Time:	11:25:51
Date:	16/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff728a40000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Sigma detected: Conhost Spawned By Uncommon Parent Process	System Summary
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5764
Target ID:	5
Parent PID:	4232
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	11:25:51
Date:	16/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Conhost Spawned By Uncommon Parent Process	System Summary
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://cdn.discordapp.com/attachments/1135629801705709640/1170156279776411779/Hyper.ytd

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

1FE69E5F000

heap

page read and write

A4700FE000

stack

page read and write

1FE69E5C000

heap

page read and write

1FE69E5F000

heap

page read and write

2119CFE000

stack

page read and write

2119B79000

stack

page read and write

25E812D9000

heap

page read and write

1FE6A120000

heap

page read and write

25E81313000

heap

page read and write

1FE6D820000

heap

page read and write

1FE69E66000

heap

page read and write

1FE6B840000

heap

page read and write

1FE69DC0000

heap

page read and write

1FE69E5F000

heap

page read and write

1FE69CC0000

heap

page read and write

1FE6B8B0000

heap

page read and write

25E81315000

heap

page read and write

2119C7E000

stack

page read and write

2119BFE000

stack

page read and write

25E81311000

heap

page read and write

25E81180000

heap

page read and write

25E81313000

heap

page read and write

1FE69E56000

heap

page read and write

2119A7E000

stack

page read and write

25E81308000

heap

page read and write

1FE69E7C000

heap

page read and write

25E82C40000

heap

page read and write

1FE69E30000

heap

page read and write

25E812DD000

heap

page read and write

1FE6A0F0000

heap

page read and write

25E81304000

heap

page read and write

1FE6A125000

heap

page read and write

25E82C45000

heap

page read and write

1FE69DA0000

heap

page read and write

25E812A0000

heap

page read and write

25E81260000

heap

page read and write

21197CB000

stack

page read and write

25E812FA000

heap

page read and write

1FE6A12C000

heap

page read and write

A4701FA000

stack

page read and write

1FE69E60000

heap

page read and write

1FE6D824000

heap

page read and write

A46FFFF000

stack

page read and write

1FE69E38000

heap

page read and write

25E8130D000

heap

page read and write

25E812E0000

heap

page read and write

A46FEFC000

stack

page read and write

1FE69E50000

heap

page read and write

1FE69E4F000

heap

page read and write

25E82DD0000

heap

page read and write

1FE69E67000

heap

page read and write

1FE6B843000

heap

page read and write

25E81301000

heap

page read and write

25E81304000

heap

page read and write

2119AFF000

stack

page read and write

25E812D0000

heap

page read and write

25E812DF000

heap

page read and write

1FE69E52000

heap

page read and write

1FE69E59000

heap

page read and write

25E81329000

heap

page read and write

1FE6D020000

trusted library allocation

page read and write

25E81314000

heap

page read and write

25E81313000

heap

page read and write

25E812F9000

heap

page read and write

There are 54 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.exe

Files

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.exe

Files

Processes

URLs

Memdumps

IOC Report
SecuriteInfo.com.Trojan.GenericKD.70591578.24974.31588.exe