Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\file.dll"

Details

Is windows:	true
Is dropped:	false
PID:	6932
Target ID:	0
Parent PID:	4088
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\file.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	10:24:45
Date:	27/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x720000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	6940
Target ID:	1
Parent PID:	6932
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	10:24:45
Date:	27/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff704000000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	6984
Target ID:	2
Parent PID:	6932
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	10:24:45
Date:	27/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1f0000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\file.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7000
Target ID:	3
Parent PID:	6984
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\file.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	10:24:45
Date:	27/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xb20000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

30BA000

heap

page read and write

3290000

heap

page read and write

340A000

heap

page read and write

30F4000

heap

page read and write

66F000

stack

page read and write

334F000

stack

page read and write

30F3000

heap

page read and write

30D8000

heap

page read and write

1AD000

stack

page read and write

64C0000

heap

page read and write

30DC000

heap

page read and write

560000

heap

page read and write

3070000

heap

page read and write

64B0000

heap

page read and write

850000

heap

page read and write

9C0000

heap

page read and write

4F0000

heap

page read and write

30CF000

heap

page read and write

85B000

heap

page read and write

30CC000

heap

page read and write

30DD000

heap

page read and write

AD000

stack

page read and write

3400000

heap

page read and write

6564000

heap

page read and write

33CF000

stack

page read and write

6560000

heap

page read and write

30DC000

heap

page read and write

410000

heap

page read and write

30CF000

heap

page read and write

30D3000

heap

page read and write

338E000

stack

page read and write

3406000

heap

page read and write

30FC000

heap

page read and write

84F000

stack

page read and write

85F000

heap

page read and write

303C000

stack

page read and write

6AE000

stack

page read and write

2DF9000

stack

page read and write

30DE000

heap

page read and write

30DC000

heap

page read and write

30B0000

heap

page read and write

31B0000

heap

page read and write

53E000

stack

page read and write

30DF000

heap

page read and write

330E000

stack

page read and write

68E0000

trusted library allocation

page read and write

There are 36 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
file.dll

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reportfile.dll

Processes

Memdumps

IOC Report
file.dll