Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll64.exe

loaddll64.exe "C:\Users\user\Desktop\FastMath.dll.dll"

Details

Is windows:	true
Is dropped:	false
PID:	3556
Target ID:	0
Parent PID:	1028
Name:	loaddll64.exe
Path:	C:\Windows\System32\loaddll64.exe
Commandline:	loaddll64.exe "C:\Users\user\Desktop\FastMath.dll.dll"
Size:	165888
MD5:	763455F9DCB24DFEECC2B9D9F8D46D52
Time:	07:41:52
Date:	01/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff74b6c0000
Modulesize:	188416
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	1776
Target ID:	1
Parent PID:	3556
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	07:41:53
Date:	01/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\FastMath.dll.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	2076
Target ID:	2
Parent PID:	3556
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\FastMath.dll.dll",#1
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	07:41:53
Date:	01/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6f7b90000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\FastMath.dll.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	2956
Target ID:	3
Parent PID:	2076
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\FastMath.dll.dll",#1
Size:	71680
MD5:	EF3179D498793BF4234F708D3BE28633
Time:	07:41:53
Date:	01/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6b20b0000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

8403BEE000

stack

page read and write

8403E7F000

stack

page read and write

210EA19C000

heap

page read and write

CA646FF000

stack

page read and write

8403EFE000

stack

page read and write

210EA195000

heap

page read and write

25BDDF20000

heap

page read and write

210ED840000

trusted library allocation

page read and write

210ED6E0000

heap

page read and write

210EA0E0000

heap

page read and write

25BDE000000

heap

page read and write

210EA385000

heap

page read and write

25BDE040000

heap

page read and write

210ED6C0000

heap

page read and write

25BDE080000

heap

page read and write

25BDFD90000

heap

page read and write

8403B6F000

stack

page read and write

210EA150000

heap

page read and write

CA645FF000

stack

page read and write

210EA38B000

heap

page read and write

210EA18F000

heap

page read and write

210EA1A4000

heap

page read and write

210EA18F000

heap

page read and write

25BDE0E9000

heap

page read and write

210EA0F0000

heap

page read and write

210EA198000

heap

page read and write

25BDE040000

heap

page read and write

210EA18C000

heap

page read and write

210ED6C3000

heap

page read and write

25BDE11E000

heap

page read and write

25BDE0F8000

heap

page read and write

25BDE106000

heap

page read and write

25BDE0E0000

heap

page read and write

25BDE120000

heap

page read and write

210EA198000

heap

page read and write

8403AD6000

stack

page read and write

210EA16D000

heap

page read and write

210EA19D000

heap

page read and write

210EA1A1000

heap

page read and write

210EA18F000

heap

page read and write

CA644E6000

stack

page read and write

210EA18F000

heap

page read and write

25BDE0ED000

heap

page read and write

210EA1A1000

heap

page read and write

210EBE70000

heap

page read and write

210EA380000

heap

page read and write

210EA198000

heap

page read and write

210EA110000

heap

page read and write

210EA184000

heap

page read and write

210EA185000

heap

page read and write

210EA198000

heap

page read and write

210EA198000

heap

page read and write

210EA158000

heap

page read and write

There are 43 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
FastMath.dll.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportFastMath.dll.exe

Processes

Memdumps

IOC Report
FastMath.dll.exe