top title background image
flash

SecuriteInfo.com.Trojan.GenericKDZ.73124.19170.exe

Status: finished
Submission Time: 2021-02-23 09:46:08 +01:00
Malicious
Trojan
Spyware
Evader
Raccoon

Comments

Tags

Details

  • Analysis ID:
    356541
  • API (Web) ID:
    615066
  • Analysis Started:
    2021-02-23 09:49:09 +01:00
  • Analysis Finished:
    2021-02-23 10:16:00 +01:00
  • MD5:
    060bd14ae501d8dae94cc73672ab195b
  • SHA1:
    e16be2044b73bfb717d92d13968eac473d64b8fc
  • SHA256:
    757c6ccb2021bb12cb15fafcd4d748ef2d347ed4cb51076162563cbfe1ea01e0
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 92
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
malicious
Score: 92
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Run Condition: Run with higher sleep bypass

Third Party Analysis Engines

malicious
Score: 28/71
malicious
Score: 22/48

IPs

IP Country Detection
172.67.199.58
United States
95.216.186.40
Germany
104.21.50.15
United States

Domains

Name IP Detection
yearofthepig.top
172.67.199.58
tttttt.me
95.216.186.40

URLs

Name Detection
https://ac.ecosia.org/autocomplete?q=
https://duckduckgo.com/chrome_newtab
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Click to see the 6 hidden entries
https://duckduckgo.com/ac/?q=
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
https://contextual.media.net/checksync.php?&vsSync=1&cs=1&hb=1&cv=37&ndec=1&cid=8HBI57XIG&prvid=77%2
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
http://www.sqlite.org/copyright.html.
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=

Dropped files

Name File Type Hashes Detection
C:\ProgramData\Microsoft\Windows\WER\Temp\WERB6.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER60FD.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER62BC.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
Click to see the 43 hidden entries
C:\ProgramData\Microsoft\Windows\WER\Temp\WER66A5.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER789A.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:50:36 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7D0.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER87AE.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER8B2A.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER967.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERA23A.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:50:45 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERABD0.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERAF2C.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5E0E.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERCF16.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:50:57 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDAA0.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERDE2C.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WERF5C8.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:51:07 2021, 0x1205a4 type
#
C:\Users\user\AppData\LocalLow\1xVPfvJcrg
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\LocalLow\3v08oN27yL
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\LocalLow\RYwTiizs2t
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\LocalLow\frAQBc8Wsa
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\LocalLow\rQF69AzBla
SQLite 3.x database, last written using SQLite version 3032001
#
C:\Users\user\AppData\LocalLow\sqlite3.dll
PE32 executable (DLL) (console) Intel 80386, for MS Windows
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2376.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_0546b276\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_10a2490e\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_132e8fac\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_14676a5c\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_152ee212\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_169664b4\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_17020d1e\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_176f0ba2\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_17e228f3\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1F00.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:50:10 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER231.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:50:03 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_9fe727ffec23a1e62b3316da7384a08015d607f_bd6d4f40_04e738ec\Report.wer
Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER24D7.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:51:19 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER257A.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER30EE.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER34D7.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3EDC.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:50:19 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER442D.tmp.WERInternalMetadata.xml
XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER45F3.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4CE.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER4F72.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:51:32 2021, 0x1205a4 type
#
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5737.tmp.dmp
Mini DuMP crash report, 15 streams, Tue Feb 23 17:50:25 2021, 0x1205a4 type
#