Analysis
-
max time kernel
135s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
04/05/2023, 09:59 UTC
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.S-909ca299.Eldorado.474.exe
Resource
win7-20230220-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.S-909ca299.Eldorado.474.exe
Resource
win10v2004-20230220-en
1 signatures
150 seconds
General
-
Target
SecuriteInfo.com.W32.S-909ca299.Eldorado.474.exe
-
Size
272KB
-
MD5
cbc7ee25d02d1ce2729da6a7b3fe0819
-
SHA1
88818b140676838fb3a0624bd712ce4d0fc05f27
-
SHA256
c10d435c9900de72690b75c011768e531863c09da1d497d2e36947857397e137
-
SHA512
158c2c92f921d9c56beae5b0d22d33bf81fc10d8d1685be5041138d4e33607e5b5c97eba7ca12b013439b12b84225e2bb7a283a91470f947dacfb729869967c9
-
SSDEEP
6144:3SaeLxmjZ80mHQrA6eXsn1kG5rrfyBjf+YyBepOgA:3+xmjZ8rHrkfISYyBepOg
Score
3/10
Malware Config
Signatures
-
Program crash 2 IoCs
pid pid_target Process procid_target 3036 3456 WerFault.exe 84 640 3456 WerFault.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.S-909ca299.Eldorado.474.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.W32.S-909ca299.Eldorado.474.exe"1⤵PID:3456
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 1922⤵
- Program crash
PID:3036
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 2442⤵
- Program crash
PID:640
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3456 -ip 34561⤵PID:4636
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 3456 -ip 34561⤵PID:1028
Network
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request1.208.79.178.in-addr.arpaIN PTRResponse1.208.79.178.in-addr.arpaIN PTRhttps-178-79-208-1amsllnwnet
-
Remote address:8.8.8.8:53Request0.159.190.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request86.8.109.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request58.55.71.13.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request134.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request196.249.167.52.in-addr.arpaIN PTRResponse
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
260 B 5
-
322 B 7
-
322 B 7
-
322 B 7
-
260 B 5
-
260 B 5
-
260 B 5
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
1.208.79.178.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
0.159.190.20.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
86.8.109.52.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
134.32.126.40.in-addr.arpa
-
70 B 144 B 1 1
DNS Request
58.55.71.13.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
196.249.167.52.in-addr.arpa