Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll64.exe

loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.28688.30024.dll"

Details

Is windows:	true
Is dropped:	false
PID:	2852
Target ID:	0
Parent PID:	4084
Name:	loaddll64.exe
Path:	C:\Windows\System32\loaddll64.exe
Commandline:	loaddll64.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.28688.30024.dll"
Size:	165888
MD5:	763455F9DCB24DFEECC2B9D9F8D46D52
Time:	20:02:09
Date:	28/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff627200000
Modulesize:	188416
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	3428
Target ID:	1
Parent PID:	2852
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	20:02:09
Date:	28/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6ee680000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.28688.30024.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4136
Target ID:	2
Parent PID:	2852
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.28688.30024.dll",#1
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	20:02:09
Date:	28/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7d9250000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.28688.30024.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	6976
Target ID:	4
Parent PID:	4136
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.28688.30024.dll",#1
Size:	71680
MD5:	EF3179D498793BF4234F708D3BE28633
Time:	20:02:09
Date:	28/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6a0d10000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

248F9985000

heap

page read and write

248FCDE3000

heap

page read and write

248F9985000

heap

page read and write

B75B11A000

stack

page read and write

248F997C000

heap

page read and write

B75B4FE000

stack

page read and write

248FCDE0000

heap

page read and write

248FCCA0000

heap

page read and write

B75B19E000

stack

page read and write

248F9985000

heap

page read and write

248F9C40000

heap

page read and write

248F9900000

heap

page read and write

248F9996000

heap

page read and write

248F9C45000

heap

page read and write

241DCA50000

heap

page read and write

248F9979000

heap

page read and write

248F98D0000

heap

page read and write

248F9968000

heap

page read and write

248FD180000

trusted library allocation

page read and write

248F9C4B000

heap

page read and write

248F98E0000

heap

page read and write

9CEC4FF000

stack

page read and write

9CEC2FC000

stack

page read and write

241DCA60000

heap

page read and write

248F9990000

heap

page read and write

B75B47F000

stack

page read and write

248F9986000

heap

page read and write

248FB530000

heap

page read and write

241DCA89000

heap

page read and write

248F9985000

heap

page read and write

241DCA8D000

heap

page read and write

248F9960000

heap

page read and write

241DCA98000

heap

page read and write

241DCA80000

heap

page read and write

248F997C000

heap

page read and write

248F9980000

heap

page read and write

9CEC3FF000

stack

page read and write

248F9982000

heap

page read and write

There are 28 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.Win64.Krypt.28688.30024.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.Win64.Krypt.28688.30024.exe

Processes

Memdumps

IOC Report
SecuriteInfo.com.Trojan.Win64.Krypt.28688.30024.exe