IOC Report
SecuriteInfo.com.Win32.Banker-KIY.4860.1529.dll

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Win32.Banker-KIY.4860.1529.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_loaddll32.exe_ade2b41f16419841b7681477367dc14c3ee5ff6_952b8cde_78f6c6c3-ce07-45d0-bbd3-28b584ec73b1\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_12d8b24ba337c4ffbc38bf67051b9f5e887f0_7522e4b5_200081de-f619-4ff5-a760-c1c16c82cd18\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_12d8b24ba337c4ffbc38bf67051b9f5e887f0_7522e4b5_32b9c012-95e5-4329-97a3-e8b7df62eeb0\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_12d8b24ba337c4ffbc38bf67051b9f5e887f0_7522e4b5_4e2f0bdc-2317-4671-b0a7-c3f9366c0101\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_12d8b24ba337c4ffbc38bf67051b9f5e887f0_7522e4b5_f33b0487-2229-4e94-9fab-311b80f1fa3e\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB352.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Apr 25 03:35:45 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB518.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB548.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERBF77.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Apr 25 03:35:48 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC014.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERC054.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCAC2.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Apr 25 03:35:51 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCB9D.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCBCD.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERE956.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Apr 25 03:35:59 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA03.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WEREA32.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF377.tmp.dmp
Mini DuMP crash report, 15 streams, Thu Apr 25 03:36:02 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF3F5.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF435.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 12 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Banker-KIY.4860.1529.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Banker-KIY.4860.1529.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Banker-KIY.4860.1529.dll,_??? 3 D
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.Banker-KIY.4860.1529.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Banker-KIY.4860.1529.dll,tyjyxethae
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 704
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.Banker-KIY.4860.1529.dll, 3 D 2
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 700
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 704
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 696
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 632
There are 2 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://i.sohu.com/p/=v2=NcBj5kbxSDk2zNM3Q20=/blog/view/252468084.htm
unknown
http://www.baidu.com/s?wd=CF%E7%B2%89%E7%BA%A2%E8%BE%85%E5%8A%A9&rsv_bp=0&ch=&tn=baidu&bar=&rsv_spt=
unknown
http://upx.sf.net
unknown
http://www.kmy0823.com
unknown
http://i.sohu.com/p/=v2=NcBj5kbxSDk2zNM3Q20=/blog/view/252468084.htm)
unknown
http://www.baidu.com/s?ie=utf-8&bs=CF%E7%B2%89%E7%BA%A2%E8%BE%85%E5%8A%A9&f=8&rsv_bp=1&rsv_spt=3&wd=
unknown
http://www.baidu.com/s?wd=cf%E7%B2%89%E7%BA%A2&rsv_bp=0&ch=&tn=baidu&bar=&rsv_spt=3&ie=utf-8&rsv_sug
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{430185AB-D8FA-E8A0-AB85-0143FAD8A0E8}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{430185AB-D8FA-E8A0-AB85-0143FAD8A0E8}
NULL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{430185AB-D8FA-E8A0-AB85-0143FAD8A0E8}
NULL
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProgramId
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
FileId
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LowerCaseLongPath
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LongPathHash
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Name
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
OriginalFileName
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Publisher
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Version
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinFileVersion
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinaryType
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProductName
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProductVersion
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LinkDate
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinProductVersion
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
AppxPackageFullName
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
AppxPackageRelativeId
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Size
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Language
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
IsOsComponent
\REGISTRY\A\{e80d0f99-4502-a8ae-8178-23af111d4a12}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{430185AB-D8FA-E8A0-AB85-0143FAD8A0E8}
NULL
There are 14 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2990000
heap
page read and write
3090000
heap
page read and write
5080000
heap
page read and write
2A40000
heap
page read and write
4A3B000
direct allocation
page read and write
4955000
direct allocation
page read and write
44E9000
direct allocation
page read and write
2F65000
heap
page read and write
3120000
heap
page read and write
301E000
stack
page read and write
4975000
direct allocation
page read and write
D7A000
heap
page read and write
2DE0000
heap
page read and write
BD0000
heap
page read and write
2E84000
heap
page read and write
306E000
heap
page read and write
2EB0000
heap
page read and write
4AD8000
direct allocation
page read and write
3075000
heap
page read and write
2C59000
stack
page read and write
5054000
heap
page read and write
44A5000
direct allocation
page read and write
2902000
direct allocation
page read and write
496F000
stack
page read and write
4AFD000
direct allocation
page read and write
4F24000
heap
page read and write
309E000
stack
page read and write
2ABF000
heap
page read and write
5084000
heap
page read and write
4930000
direct allocation
page read and write
4A90000
direct allocation
page read and write
2AB7000
heap
page read and write
B5C000
stack
page read and write
44E2000
direct allocation
page read and write
330E000
stack
page read and write
30EE000
heap
page read and write
2A00000
heap
page read and write
2F60000
heap
page read and write
457F000
stack
page read and write
44BC000
direct allocation
page read and write
4AD2000
direct allocation
page read and write
3076000
heap
page read and write
2F2E000
heap
page read and write
49B2000
direct allocation
page read and write
30A0000
heap
page read and write
2E59000
stack
page read and write
2AC4000
heap
page read and write
2F31000
heap
page read and write
4A97000
direct allocation
page read and write
3110000
heap
page read and write
2917000
direct allocation
page read and write
2A90000
heap
page read and write
49EC000
direct allocation
page read and write
D20000
heap
page read and write
107F000
stack
page read and write
2F28000
heap
page read and write
C40000
heap
page read and write
6110000
heap
page read and write
4B28000
direct allocation
page read and write
4A3E000
direct allocation
page read and write
4AEF000
direct allocation
page read and write
2ABB000
heap
page read and write
2E7C000
stack
page read and write
308E000
heap
page read and write
2E80000
heap
page read and write
49AE000
stack
page read and write
29BE000
stack
page read and write
2ABC000
heap
page read and write
496E000
direct allocation
page read and write
499F000
stack
page read and write
303E000
stack
page read and write
6154000
heap
page read and write
4B1A000
direct allocation
page read and write
44FF000
direct allocation
page read and write
30F6000
heap
page read and write
49DD000
direct allocation
page read and write
3310000
heap
page read and write
D4F000
heap
page read and write
6620000
trusted library allocation
page read and write
2943000
direct allocation
page read and write
4A9C000
direct allocation
page read and write
4A08000
direct allocation
page read and write
449E000
direct allocation
page read and write
3109000
heap
page read and write
3317000
heap
page read and write
4AD9000
direct allocation
page read and write
308E000
heap
page read and write
4A8B000
direct allocation
page read and write
2F35000
heap
page read and write
4F10000
heap
page read and write
D93000
heap
page read and write
28C5000
direct allocation
page read and write
2D00000
heap
page read and write
30CA000
heap
page read and write
2974000
heap
page read and write
4940000
heap
page read and write
D76000
heap
page read and write
29F0000
heap
page read and write
4ABC000
direct allocation
page read and write
8F0000
heap
page read and write
2970000
heap
page read and write
304A000
heap
page read and write
BC0000
heap
page read and write
D4B000
heap
page read and write
A59000
stack
page read and write
61E0000
trusted library allocation
page read and write
2909000
direct allocation
page read and write
2F31000
heap
page read and write
2F35000
heap
page read and write
F3F000
stack
page read and write
4B30000
heap
page read and write
2E39000
stack
page read and write
49FA000
direct allocation
page read and write
452A000
direct allocation
page read and write
6700000
heap
page read and write
3040000
heap
page read and write
3110000
heap
page read and write
2F00000
heap
page read and write
4F20000
heap
page read and write
D40000
heap
page read and write
49B9000
direct allocation
page read and write
4514000
direct allocation
page read and write
2F28000
heap
page read and write
2ABF000
heap
page read and write
2880000
direct allocation
page read and write
2E5E000
stack
page read and write
451C000
direct allocation
page read and write
449B000
direct allocation
page read and write
293C000
direct allocation
page read and write
2F00000
heap
page read and write
2F31000
heap
page read and write
2CF0000
heap
page read and write
2A9A000
heap
page read and write
3127000
heap
page read and write
3069000
heap
page read and write
2F36000
heap
page read and write
49CF000
direct allocation
page read and write
3110000
heap
page read and write
4AAC000
direct allocation
page read and write
65C0000
trusted library allocation
page read and write
4A95000
direct allocation
page read and write
D93000
heap
page read and write
44AC000
direct allocation
page read and write
2ABF000
heap
page read and write
2F0A000
heap
page read and write
30F3000
heap
page read and write
30A0000
heap
page read and write
28CC000
direct allocation
page read and write
4B13000
direct allocation
page read and write
3080000
heap
page read and write
30C0000
heap
page read and write
28BE000
direct allocation
page read and write
2E9C000
stack
page read and write
28A5000
direct allocation
page read and write
30F2000
heap
page read and write
4A25000
direct allocation
page read and write
49C7000
direct allocation
page read and write
49E4000
direct allocation
page read and write
2F32000
heap
page read and write
30EA000
heap
page read and write
4F00000
heap
page read and write
2F24000
heap
page read and write
C1E000
stack
page read and write
306D000
heap
page read and write
4A45000
direct allocation
page read and write
2C9C000
stack
page read and write
4E70000
heap
page read and write
2A8E000
stack
page read and write
4B0C000
direct allocation
page read and write
48C0000
heap
page read and write
4A4C000
direct allocation
page read and write
2958000
direct allocation
page read and write
C45000
heap
page read and write
3071000
heap
page read and write
44F7000
direct allocation
page read and write
2AC3000
heap
page read and write
3110000
heap
page read and write
2A00000
heap
page read and write
48D0000
heap
page read and write
2E9E000
stack
page read and write
3071000
heap
page read and write
927000
heap
page read and write
92A000
heap
page read and write
29FF000
stack
page read and write
6704000
heap
page read and write
30C4000
heap
page read and write
30A7000
heap
page read and write
2F31000
heap
page read and write
4A82000
direct allocation
page read and write
4460000
direct allocation
page read and write
5050000
heap
page read and write
D6E000
heap
page read and write
4FE0000
heap
page read and write
D76000
heap
page read and write
4538000
direct allocation
page read and write
2ED0000
heap
page read and write
496B000
direct allocation
page read and write
4AE7000
direct allocation
page read and write
450D000
direct allocation
page read and write
4ACA000
direct allocation
page read and write
4AAD000
direct allocation
page read and write
305F000
stack
page read and write
3040000
heap
page read and write
30EF000
heap
page read and write
4E90000
heap
page read and write
308E000
heap
page read and write
2AD7000
heap
page read and write
4A00000
direct allocation
page read and write
2ED5000
heap
page read and write
4AC3000
direct allocation
page read and write
8E0000
heap
page read and write
6710000
heap
page read and write
2ABF000
heap
page read and write
2D05000
heap
page read and write
28DC000
direct allocation
page read and write
839000
stack
page read and write
49F3000
direct allocation
page read and write
2F2B000
heap
page read and write
294A000
direct allocation
page read and write
4523000
direct allocation
page read and write
920000
heap
page read and write
6150000
heap
page read and write
4AE0000
heap
page read and write
30F7000
heap
page read and write
2AD5000
heap
page read and write
2AB7000
heap
page read and write
2934000
direct allocation
page read and write
4A50000
direct allocation
page read and write
44F0000
direct allocation
page read and write
4485000
direct allocation
page read and write
497C000
direct allocation
page read and write
4AB4000
direct allocation
page read and write
2EC0000
heap
page read and write
30C0000
heap
page read and write
498C000
direct allocation
page read and write
30F2000
heap
page read and write
30F2000
heap
page read and write
4A8E000
direct allocation
page read and write
4944000
heap
page read and write
4A9F000
direct allocation
page read and write
2EF0000
heap
page read and write
3071000
heap
page read and write
2EED000
stack
page read and write
3114000
heap
page read and write
D93000
heap
page read and write
4AE0000
direct allocation
page read and write
291F000
direct allocation
page read and write
2910000
direct allocation
page read and write
30F2000
heap
page read and write
4A89000
direct allocation
page read and write
4A75000
direct allocation
page read and write
312A000
heap
page read and write
87C000
stack
page read and write
2A46000
heap
page read and write
4B04000
direct allocation
page read and write
49EF000
stack
page read and write
4A5C000
direct allocation
page read and write
67A0000
trusted library allocation
page read and write
30EA000
heap
page read and write
331A000
heap
page read and write
30AA000
heap
page read and write
F7E000
stack
page read and write
49C0000
direct allocation
page read and write
292D000
direct allocation
page read and write
28BB000
direct allocation
page read and write
There are 255 hidden memdumps, click here to show them.