Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\BouncyCastle.Crypto.dll"

Details

Is windows:	true
Is dropped:	false
PID:	7040
Target ID:	0
Parent PID:	2580
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\BouncyCastle.Crypto.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	12:21:47
Date:	30/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x3a0000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7076
Target ID:	1
Parent PID:	7040
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:21:47
Date:	30/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\BouncyCastle.Crypto.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	6308
Target ID:	2
Parent PID:	7040
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\BouncyCastle.Crypto.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	12:21:47
Date:	30/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x240000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\BouncyCastle.Crypto.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	6400
Target ID:	3
Parent PID:	6308
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\BouncyCastle.Crypto.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	12:21:47
Date:	30/08/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xee0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

FED000

stack

page read and write

1590000

heap

page read and write

759000

stack

page read and write

B41000

heap

page read and write

14BE000

stack

page read and write

AB0000

heap

page read and write

474F000

stack

page read and write

B33000

heap

page read and write

1430000

heap

page read and write

B2C000

heap

page read and write

B38000

heap

page read and write

B39000

heap

page read and write

A9A000

heap

page read and write

A90000

heap

page read and write

B1A000

heap

page read and write

B56000

heap

page read and write

159B000

heap

page read and write

188F000

stack

page read and write

A8E000

stack

page read and write

5EE4000

heap

page read and write

B38000

heap

page read and write

5FE0000

heap

page read and write

19D0000

heap

page read and write

12FD000

stack

page read and write

1470000

heap

page read and write

B56000

heap

page read and write

1350000

heap

page read and write

159F000

heap

page read and write

A00000

heap

page read and write

B41000

heap

page read and write

A96000

heap

page read and write

14FE000

stack

page read and write

5EE0000

heap

page read and write

6400000

trusted library allocation

page read and write

B10000

heap

page read and write

B38000

heap

page read and write

B35000

heap

page read and write

B42000

heap

page read and write

178F000

stack

page read and write

B56000

heap

page read and write

AFF000

stack

page read and write

A10000

heap

page read and write

B53000

heap

page read and write

470E000

stack

page read and write

5FF0000

heap

page read and write

B2F000

heap

page read and write

79C000

stack

page read and write

There are 37 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
BouncyCastle.Crypto.dll

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportBouncyCastle.Crypto.dll

Processes

Memdumps

IOC Report
BouncyCastle.Crypto.dll