Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll64.exe

loaddll64.exe "C:\Users\user\Desktop\x318002.dll"

Details

Is windows:	true
Is dropped:	false
PID:	3400
Target ID:	0
Parent PID:	1244
Name:	loaddll64.exe
Path:	C:\Windows\System32\loaddll64.exe
Commandline:	loaddll64.exe "C:\Users\user\Desktop\x318002.dll"
Size:	165888
MD5:	763455F9DCB24DFEECC2B9D9F8D46D52
Time:	20:45:58
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x13fda0000
Modulesize:	188416
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\x318002.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	3424
Target ID:	2
Parent PID:	3400
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\x318002.dll",#1
Size:	345088
MD5:	5746BD7E255DD6A8AFA06F7C42C1BA41
Time:	20:45:58
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x4a910000
Modulesize:	364544
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32.exe C:\Users\user\Desktop\x318002.dll,ServiceMain

Details

Is windows:	true
Is dropped:	false
PID:	3432
Target ID:	3
Parent PID:	3400
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32.exe C:\Users\user\Desktop\x318002.dll,ServiceMain
Size:	45568
MD5:	DD81D91FF3B0763C392422865C9AC12E
Time:	20:45:58
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff1a0000
Modulesize:	61440
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\x318002.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	3440
Target ID:	4
Parent PID:	3424
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\x318002.dll",#1
Size:	45568
MD5:	DD81D91FF3B0763C392422865C9AC12E
Time:	20:45:58
Date:	01/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xff1a0000
Modulesize:	61440
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

https://ipinfo.io/json

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

3E0000

heap

page read and write

41E000

heap

page read and write

1E89000

heap

page read and write

20B000

stack

page read and write

AB000

stack

page read and write

1D15000

heap

page read and write

280000

heap

page read and write

430000

heap

page read and write

10000

heap

page read and write

287000

heap

page read and write

230000

heap

page read and write

1E80000

heap

page read and write

3B6000

heap

page read and write

1CF0000

heap

page read and write

10000

heap

page read and write

380000

heap

page read and write

20000

heap

page read and write

2BE000

heap

page read and write

1E19000

heap

page read and write

2F0000

heap

page read and write

32E000

heap

page read and write

124000

heap

page read and write

2840000

heap

page read and write

10000

heap

page read and write

287B000

heap

page read and write

234000

heap

page read and write

1C70000

heap

page read and write

120000

heap

page read and write

2845000

heap

page read and write

1FD000

stack

page read and write

1E15000

heap

page read and write

2F8000

heap

page read and write

1E10000

heap

page read and write

1D10000

heap

page read and write

246000

heap

page read and write

1D4B000

heap

page read and write

1E85000

heap

page read and write

210000

heap

page read and write

3E7000

heap

page read and write

There are 29 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
x318002.dat

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportx318002.dat

Processes

URLs

Memdumps

IOC Report
x318002.dat