Automated Malware Analysis IOC Report for

Files

File Path

Type

Category

Malicious

SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe

PE32+ executable (console) x86-64, for MS Windows

initial sample

Details

Filetype:	PE32+ executable (console) x86-64, for MS Windows
Entropy:	5.822891632607638
Filename:	SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe
Filesize:	262755
MD5:	a55b12fe926fe729cab1e8a49ef53dd7
SHA1:	b54c1d78895dbcf36ecb2c449fd5cddedfcda956
SHA256:	6945efb2872ae57d20573a8ad5e99a0b8ecfa6120435262f58d706caa61b2d84
SHA512:	5597268a45130be61f55b5131509d9592739bd262fba1bcda25b34b0988442ba6f1c85896f59ab5ca054598875f697af86af9147069461d89585fca49aaf6c5d
SSDEEP:	3072:zNtIm4G+xUBPfZY7BFkFifxSwmn1Om1sgIkDHQton1CWFZdr7uDxuz3TsOcrCtnA:8dfxk6gAf6nQS1jFB3TsOcreNBM
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....fe.N..d.....&....(.x.....................@............................. ............`... ............................

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
Contains functionality to inject threads in other processes	HIPS / PFW / Operating System Protection Evasion
Detected potential crypto function	System Summary	Process Discovery Archive Collected Data Encrypted Channel
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
Contains functionality to enum processes or threads	System Summary	Process Discovery
Contains functionality to modify the execution of threads in other processes
Contains functionality to register its own exception handler	Anti Debugging
PE file has an executable .text section and no other executable section	System Summary
Queries a list of all running processes	Malware Analysis System Evasion
Reads software policies	System Summary	System Information Discovery
Sample is known by Antivirus	System Summary
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary

\Device\ConDrv

ASCII text, with CRLF line terminators

dropped

Details

File:	\Device\ConDrv
Category:	dropped
Dump:	ConDrv.0.dr
ID:	dr_0
Target ID:	0
Process:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe
Type:	ASCII text, with CRLF line terminators
Entropy:	4.8686608475575435
Encrypted:	false
Ssdeep:	3:wPLsFgWMND9I2TG584Za7I9+SZMLDnNv:wPLsFgWOa2O8B7IPMnnNv
Size:	90
Whitelisted:	false
Reputation:	low

Processes

Path

Cmdline

Malicious

C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe

"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe"

Details

Is windows:	false
Is dropped:	false
PID:	5064
Target ID:	0
Parent PID:	1028
Name:	SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe
Path:	C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe
Commandline:	"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe"
Size:	262755
MD5:	A55B12FE926FE729CAB1E8A49EF53DD7
Time:	01:32:53
Date:	20/04/2024
Reason:	newprocess
Reputation:	low
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff71ae10000
Modulesize:	270336
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Multi AV Scanner detection for submitted file	AV Detection
PE file contains more sections than normal	System Summary
PE file contains sections with non-standard names	Data Obfuscation
PE file has an executable .text section and no other executable section	System Summary
Sample is known by Antivirus	System Summary
Spawns processes	System Summary	Process Injection
Contains modern PE file flags such as dynamic base (ASLR) or NX	Compliance, System Summary
PE file has a high image base, often used for DLLs	System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	4768
Target ID:	1
Parent PID:	5064
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	01:32:53
Date:	20/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

7FF71AE11000

unkown

page execute read

7FF71AE1A000

unkown

page readonly

7FF71AE1F000

unkown

page write copy

1B283840000

heap

page read and write

1B283590000

trusted library allocation

page read and write

7FF71AE11000

unkown

page execute read

1B283530000

heap

page read and write

7FF71AE22000

unkown

page write copy

1B2835C0000

heap

page read and write

1B283790000

trusted library allocation

page read and write

1B283540000

heap

page read and write

7FF71AE23000

unkown

page readonly

A545DFC000

stack

page read and write

7FF71AE1F000

unkown

page read and write

7FF71AE10000

unkown

page readonly

7FF71AE23000

unkown

page readonly

7FF71AE22000

unkown

page write copy

1B283560000

heap

page read and write

7FF71AE1A000

unkown

page readonly

7FF71AE10000

unkown

page readonly

1B2835C8000

heap

page read and write

There are 11 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe

Files

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe

Files

Processes

Memdumps

IOC Report
SecuriteInfo.com.Trojan.GenericKD.71649694.17364.11303.exe