Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll64.exe

loaddll64.exe "C:\Users\user\Desktop\eNtYgxj1lX.dll"

Details

Is windows:	true
Is dropped:	false
PID:	4892
Target ID:	0
Parent PID:	4056
Name:	loaddll64.exe
Path:	C:\Windows\System32\loaddll64.exe
Commandline:	loaddll64.exe "C:\Users\user\Desktop\eNtYgxj1lX.dll"
Size:	165888
MD5:	763455F9DCB24DFEECC2B9D9F8D46D52
Time:	06:32:08
Date:	30/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff662f80000
Modulesize:	188416
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\eNtYgxj1lX.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4684
Target ID:	4
Parent PID:	4656
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\eNtYgxj1lX.dll",#1
Size:	71680
MD5:	EF3179D498793BF4234F708D3BE28633
Time:	06:32:08
Date:	30/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6cc020000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection
Binary contains paths to debug symbols	Compliance, System Summary

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	5996
Target ID:	1
Parent PID:	4892
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	06:32:08
Date:	30/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff75da10000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\eNtYgxj1lX.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4656
Target ID:	2
Parent PID:	4892
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\eNtYgxj1lX.dll",#1
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	06:32:08
Date:	30/09/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff671580000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

26F83F20000

heap

page read and write

BF1707D000

stack

page read and write

20FFA250000

trusted library allocation

page read and write

7FFB226C1000

unkown

page execute read

26F83F10000

heap

page read and write

26F83F40000

heap

page read and write

7FFB226C8000

unkown

page readonly

7FFB226C9000

unkown

page read and write

7FFB226C8000

unkown

page readonly

26F84150000

trusted library allocation

page read and write

26F83F68000

heap

page read and write

26F84310000

heap

page read and write

7FFB226C1000

unkown

page execute read

20FFA26D000

heap

page read and write

7FFB226C0000

unkown

page readonly

26F84150000

unclassified section

page read and write

20FFA278000

heap

page read and write

802A5EB000

stack

page read and write

26F83F6F000

heap

page read and write

7FFB226CB000

unkown

page readonly

20FFA250000

unclassified section

page read and write

26F84315000

heap

page read and write

7FFB226CB000

unkown

page readonly

7FFB226C0000

unkown

page readonly

20FFA220000

heap

page read and write

7FFB226C9000

unkown

page read and write

20FFA210000

heap

page read and write

26F84150000

trusted library allocation

page read and write

20FFA430000

trusted library allocation

page read and write

20FFA269000

heap

page read and write

20FFA260000

heap

page read and write

26F83F60000

heap

page read and write

There are 22 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
eNtYgxj1lX.exe

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReporteNtYgxj1lX.exe

Processes

Memdumps

IOC Report
eNtYgxj1lX.exe