Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\file.dll"

Details

Is windows:	true
Is dropped:	false
PID:	7688
Target ID:	0
Parent PID:	2592
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\file.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	10:24:43
Date:	27/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xb20000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7708
Target ID:	2
Parent PID:	7688
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	10:24:43
Date:	27/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff68cce0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7780
Target ID:	3
Parent PID:	7688
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	10:24:43
Date:	27/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xc30000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\file.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7796
Target ID:	4
Parent PID:	7780
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	10:24:43
Date:	27/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x3d0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

2CB0000

heap

page read and write

2AC0000

heap

page read and write

61D0000

trusted library allocation

page read and write

134E000

stack

page read and write

2C4F000

stack

page read and write

FA0000

heap

page read and write

2CCF000

heap

page read and write

FD0000

heap

page read and write

2CDC000

heap

page read and write

2CCF000

heap

page read and write

2CFC000

heap

page read and write

2CBA000

heap

page read and write

2CDC000

heap

page read and write

27F0000

heap

page read and write

2CDD000

heap

page read and write

E5D000

stack

page read and write

104B000

heap

page read and write

2CDC000

heap

page read and write

2CF3000

heap

page read and write

14F0000

heap

page read and write

2CD8000

heap

page read and write

104F000

heap

page read and write

278C000

stack

page read and write

5E04000

heap

page read and write

274A000

stack

page read and write

2F5A000

heap

page read and write

2ABF000

stack

page read and write

2A00000

heap

page read and write

2CF4000

heap

page read and write

FC0000

heap

page read and write

2F56000

heap

page read and write

2CCC000

heap

page read and write

2F50000

heap

page read and write

101E000

stack

page read and write

130F000

stack

page read and write

2CDF000

heap

page read and write

2CDE000

heap

page read and write

2C90000

heap

page read and write

2CD3000

heap

page read and write

2C80000

heap

page read and write

F5D000

stack

page read and write

144F000

stack

page read and write

2BFE000

stack

page read and write

2A7E000

stack

page read and write

5E00000

heap

page read and write

1040000

heap

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.dll

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.dll

Processes

Memdumps

IOC Report
file.dll