IOC Report
SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.23862.23788.exe

loading gif

Files

File Path
Type
Category
Malicious
SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.23862.23788.exe
PE32 executable (GUI) Intel 80386, for MS Windows
initial sample
 malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_63a32cbc58eca2f445502337681ea96cbf1e38a6_5c1322d7_17cc865d\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_f8b2f5d487f13ef078ee9e48b4dedc7a1e0c36a_5c1322d7_16d906f7\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER1E6.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Feb 8 04:00:32 2023, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER284.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E2.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER79AB.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Feb 8 03:59:57 2023, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7AA6.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER7B15.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
MS Windows registry file, NT/2000 or above
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_7a157073226634c33dd8e08437f6e586c2306e78_5c1322d7_140d63f1\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_SecuriteInfo.com_f8b2f5d487f13ef078ee9e48b4dedc7a1e0c36a_5c1322d7_12416ae6\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5A9A.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Feb 8 03:55:10 2023, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5B57.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER5BF4.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6604.tmp.dmp
Mini DuMP crash report, 14 streams, Wed Feb 8 03:55:12 2023, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER66A1.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER6700.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
There are 9 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.23862.23788.exe
C:\Users\user\Desktop\SecuriteInfo.com.Trojan.TR.Crypt.XPACK.Gen.23862.23788.exe
 malicious
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 220
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 220
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 212
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 212

URLs

Name
IP
Malicious
http://www.clamav.net
unknown
http://upx.sf.net
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHivePermissionsCorrect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHiveOwnerCorrect
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
ProgramId
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
FileId
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
LowerCaseLongPath
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
LongPathHash
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
Name
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
Publisher
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
Version
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
BinFileVersion
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
BinaryType
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
ProductName
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
ProductVersion
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
LinkDate
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
BinProductVersion
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
Size
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
Language
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
IsPeFile
\REGISTRY\A\{93131b2d-1a6a-440d-72e0-9cc353075f27}\Root\InventoryApplicationFile\securiteinfo.com|ff1fbb3f
IsOsComponent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
0018C00829218659
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceTicket
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
DeviceId
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Token\{67082621-8D18-4333-9C64-10DE93676363}
ApplicationFlags
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
ProgramId
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
FileId
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
LowerCaseLongPath
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
LongPathHash
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
Name
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
Publisher
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
Version
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
BinFileVersion
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
BinaryType
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
ProductName
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
ProductVersion
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
LinkDate
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
BinProductVersion
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
Size
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
Language
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
IsPeFile
\REGISTRY\A\{3a52133f-bb59-6ced-5f1e-641ef122b3e2}\Root\InventoryApplicationFile\securiteinfo.com|f47bdf91
IsOsComponent
HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Immersive\production\Property
001840064172BCE4
There are 35 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
16084C7D000
heap
page read and write
2D768277000
heap
page read and write
1BB50C68000
heap
page read and write
2A0FC5E5000
heap
page read and write
2DB487E000
stack
page read and write
2DB48FC000
stack
page read and write
1BB50C69000
unkown
page read and write
23475E3E000
heap
page read and write
21F4A732000
heap
page read and write
2A0FC498000
heap
page read and write
1F0000
heap
page read and write
21F4A602000
heap
page read and write
2A0FC465000
heap
page read and write
23475C10000
heap
page read and write
1BB50C11000
unkown
page read and write
EBE1DFB000
stack
page read and write
27075613000
heap
page read and write
21F4A700000
heap
page read and write
1BB50F13000
heap
page read and write
21F49ECA000
heap
page read and write
23475E29000
heap
page read and write
21F49F13000
heap
page read and write
77EE67D000
stack
page read and write
16084C55000
heap
page read and write
2DB477F000
stack
page read and write
EBE257E000
stack
page read and write
2A0FC2D0000
heap
page read and write
2A0FC460000
heap
page read and write
2D768090000
heap
page read and write
2A0FC340000
heap
page read and write
EBE237E000
stack
page read and write
77EE27C000
stack
page read and write
16084C45000
heap
page read and write
16084C75000
heap
page read and write
1BB50C2F000
heap
page read and write
21F49E00000
heap
page read and write
B6802FA000
stack
page read and write
425000
unkown
page write copy
27075600000
heap
page read and write
2A0FC370000
trusted library allocation
page read and write
2A0FC5B9000
heap
page read and write
2A0FCF02000
heap
page read and write
16084C65000
heap
page read and write
23475E47000
heap
page read and write
1BB50C13000
unkown
page read and write
2A0FC49D000
heap
page read and write
2DB4A7B000
stack
page read and write
2D768190000
trusted library allocation
page read and write
2D768A02000
trusted library allocation
page read and write
16084C63000
heap
page read and write
21F49E13000
heap
page read and write
16084C46000
heap
page read and write
16084C30000
heap
page read and write
16084BA0000
trusted library allocation
page read and write
766BEF9000
stack
page read and write
B6FFB7F000
stack
page read and write
1BB50C30000
heap
page read and write
23475D70000
trusted library allocation
page read and write
16084C64000
heap
page read and write
1BB50D02000
trusted library allocation
page read and write
21F49EB9000
heap
page read and write
23475E52000
heap
page read and write
2A0FC400000
heap
page read and write
2A0FCE02000
heap
page read and write
2DB4D7C000
stack
page read and write
2A0FC4A2000
heap
page read and write
42B000
unkown
page write copy
2A0FCF43000
heap
page read and write
16084B00000
heap
page read and write
EBE207C000
stack
page read and write
27075658000
heap
page read and write
23475E44000
heap
page read and write
2A0FCFB0000
heap
page read and write
16084C7B000
heap
page read and write
610000
heap
page read and write
16084C44000
heap
page read and write
2D76825B000
heap
page read and write
2DB45FC000
stack
page read and write
2A0FC454000
heap
page read and write
B6800FF000
stack
page read and write
2D768213000
heap
page read and write
16084C4F000
heap
page read and write
CF4917E000
stack
page read and write
21F49F02000
heap
page read and write
1BB50C0D000
unkown
page read and write
B6FFDFC000
stack
page read and write
270755E0000
remote allocation
page read and write
2A0FC4A2000
heap
page read and write
1BB50C3C000
heap
page read and write
2A0FCF54000
heap
page read and write
23475C70000
heap
page read and write
16084B70000
heap
page read and write
400000
unkown
page readonly
2A0FCF00000
heap
page read and write
425000
unkown
page write copy
77EE57E000
stack
page read and write
270755E0000
remote allocation
page read and write
16084C48000
heap
page read and write
27075510000
heap
page read and write
2D768202000
heap
page read and write
23475C20000
heap
page read and write
77EE2FE000
stack
page read and write
77EDDFB000
stack
page read and write
30000
heap
page read and write
2A0FC43C000
heap
page read and write
16084B10000
heap
page read and write
2D768200000
heap
page read and write
11590FE000
stack
page read and write
23475E13000
heap
page read and write
1BB50C3E000
heap
page read and write
2DB4B7D000
stack
page read and write
2A0FC468000
heap
page read and write
11591FE000
stack
page read and write
16084C56000
heap
page read and write
16084C50000
heap
page read and write
16084C02000
heap
page read and write
2A0FD027000
heap
page read and write
16084C68000
heap
page read and write
2D768289000
heap
page read and write
2D768241000
heap
page read and write
2DB41CB000
stack
page read and write
16084C39000
heap
page read and write
1BB50C3E000
heap
page read and write
21F49E29000
heap
page read and write
42B000
unkown
page write copy
2A0FC513000
heap
page read and write
21F49E67000
heap
page read and write
21F49C50000
heap
page read and write
1BB50C31000
heap
page read and write
2A0FC42A000
heap
page read and write
B6FFCFE000
stack
page read and write
23475E2F000
heap
page read and write
27075629000
heap
page read and write
1BB50F00000
heap
page read and write
16084C40000
heap
page read and write
16084C6D000
heap
page read and write
16084C6F000
heap
page read and write
270755B0000
trusted library allocation
page read and write
2A0FD030000
heap
page read and write
16084C31000
heap
page read and write
2A0FD013000
heap
page read and write
766BBFB000
stack
page read and write
1158EFE000
stack
page read and write
16084C4E000
heap
page read and write
21F49DB0000
trusted library allocation
page read and write
1BB50E02000
heap
page read and write
2DB4C7E000
stack
page read and write
16084C42000
heap
page read and write
23475E00000
heap
page read and write
EBE267F000
stack
page read and write
27076002000
trusted library allocation
page read and write
270755E0000
remote allocation
page read and write
9D000
stack
page read and write
EBE227E000
stack
page read and write
16084C13000
heap
page read and write
1BB50B10000
heap
page read and write
23476602000
trusted library allocation
page read and write
23475E02000
heap
page read and write
2A0FD002000
heap
page read and write
1BB50C3F000
heap
page read and write
2A0FCF6D000
heap
page read and write
16084C74000
heap
page read and write
19D000
stack
page read and write
401000
unkown
page execute read
423000
unkown
page readonly
16084C84000
heap
page read and write
1BB50F17000
heap
page read and write
2D768258000
heap
page read and write
16084C3D000
heap
page read and write
1158C7B000
stack
page read and write
2D768313000
heap
page read and write
16084C7E000
heap
page read and write
2A0FC43C000
heap
page read and write
CF48E7B000
stack
page read and write
16084C61000
heap
page read and write
423000
unkown
page readonly
400000
unkown
page readonly
2A0FCF22000
heap
page read and write
2A0FC42C000
heap
page read and write
16084C00000
heap
page read and write
2A0FCF8F000
heap
page read and write
B6FFFFF000
stack
page read and write
2D768030000
heap
page read and write
2A0FC413000
heap
page read and write
1BB50D15000
trusted library allocation
page read and write
2A0FD000000
heap
page read and write
1BB50C3D000
heap
page read and write
490000
heap
page read and write
2DB4E7F000
stack
page read and write
27075702000
heap
page read and write
B6FFE79000
stack
page read and write
1BB50C28000
heap
page read and write
21F49E64000
heap
page read and write
EBE247F000
stack
page read and write
2A0FC473000
heap
page read and write
16084C6B000
heap
page read and write
B6801FE000
stack
page read and write
16084C47000
heap
page read and write
77EE17E000
stack
page read and write
2A0FC2E0000
heap
page read and write
16084C4B000
heap
page read and write
1BB50E13000
heap
page read and write
23475E36000
heap
page read and write
1BB50D23000
heap
page read and write
B6FF7DB000
stack
page read and write
2D768302000
heap
page read and write
766B7FD000
stack
page read and write
2A0FC476000
heap
page read and write
23475F02000
heap
page read and write
49A000
heap
page read and write
EBE1F7F000
stack
page read and write
16084D02000
heap
page read and write
2707563C000
heap
page read and write
CF4937F000
stack
page read and write
27075580000
heap
page read and write
21F49E6F000
heap
page read and write
16084C60000
heap
page read and write
16084C49000
heap
page read and write
2A0FD023000
heap
page read and write
EBE19BC000
stack
page read and write
2DB49FE000
stack
page read and write
401000
unkown
page execute read
2A0FC49A000
heap
page read and write
21F49CB0000
heap
page read and write
EBE277F000
stack
page read and write
1BB50C3D000
unkown
page read and write
1158FFF000
stack
page read and write
1BB50AA0000
heap
page read and write
16084C6A000
heap
page read and write
27075520000
heap
page read and write
21F49EE2000
heap
page read and write
2D768020000
heap
page read and write
2A0FCF08000
heap
page read and write
1BB50AB0000
trusted library allocation
page read and write
16084C62000
heap
page read and write
B6FFF7A000
stack
page read and write
16084C29000
heap
page read and write
21F49C40000
heap
page read and write
1BB50C02000
unkown
page read and write
77EE3FE000
stack
page read and write
CF49279000
stack
page read and write
1BB50C00000
unkown
page read and write
1158CFE000
stack
page read and write
27075602000
heap
page read and write
16084C41000
heap
page read and write
1158D7E000
stack
page read and write
1BB50F02000
heap
page read and write
2D768271000
heap
page read and write
16085602000
trusted library allocation
page read and write
2A0FCF22000
heap
page read and write
77EE4FD000
stack
page read and write
21F49E44000
heap
page read and write
2D768229000
heap
page read and write
2A0FC390000
trusted library allocation
page read and write
21F49E87000
heap
page read and write
1BB50F02000
heap
page read and write
1BB50D00000
trusted library allocation
page read and write
2A0FC58E000
heap
page read and write
There are 248 hidden memdumps, click here to show them.