Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	6320
Target ID:	0
Parent PID:	804
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Size:	71680
MD5:	EF3179D498793BF4234F708D3BE28633
Time:	05:03:04
Date:	24/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff70d8f0000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Runs a DLL by calling functions	System Summary	Rundll32

Domains

Name

Malicious

bg.microsoft.map.fastly.net

199.232.210.172

Memdumps

Base Address

Regiontype

Protect

Malicious

18A18B00000

heap

page read and write

87F6E8C000

stack

page read and write

87F6F0E000

stack

page read and write

18A18900000

heap

page read and write

87F6F8E000

stack

page read and write

87F727F000

stack

page read and write

18A18C40000

heap

page read and write

18A18918000

heap

page read and write

18A1A580000

heap

page read and write

18A18AE0000

heap

page read and write

18A18C45000

heap

page read and write

18A18910000

heap

page read and write

18A1891E000

heap

page read and write

There are 3 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf.zip

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportMDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf.zip

Processes

Domains

Memdumps

IOC Report
MDE_File_Sample_d09ac12e80d793e2bb60f6dc17656721cb8751bf.zip