IOC Report
file.exe

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll64.exe
loaddll64.exe "C:\Users\user\Desktop\file.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\file.dll",#1
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\file.dll,JNI_OnLoad
C:\Windows\System32\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\file.dll",#1
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\file.dll,Java_jdk_management_resource_internal_ResourceNatives_computeRetainedMemory0
C:\Windows\System32\rundll32.exe
rundll32.exe C:\Users\user\Desktop\file.dll,Java_jdk_management_resource_internal_ResourceNatives_createResourceContext0

Domains

Name
IP
Malicious
18.31.95.13.in-addr.arpa
unknown

Memdumps

Base Address
Regiontype
Protect
Malicious
1A1D9AC0000
heap
page read and write
28FABE1B000
heap
page read and write
1CAD1A17000
heap
page read and write
F7625FE000
stack
page read and write
1CAD1A41000
heap
page read and write
1CAD34B0000
heap
page read and write
8DABE7E000
stack
page read and write
1A1D9AF6000
heap
page read and write
31153E000
stack
page read and write
25C99573000
heap
page read and write
26E27FBD000
heap
page read and write
3115BE000
stack
page read and write
25C963DA000
heap
page read and write
25C963F1000
heap
page read and write
1A1DCD70000
heap
page read and write
25C963DE000
heap
page read and write
25C963E0000
heap
page read and write
1A1DB5E0000
heap
page read and write
25C99570000
heap
page read and write
28FAEE60000
heap
page read and write
25C963C0000
heap
page read and write
25C963E0000
heap
page read and write
25C963E0000
heap
page read and write
25C96310000
heap
page read and write
1CAD1A1B000
heap
page read and write
1A1D9AFA000
heap
page read and write
28FABE15000
heap
page read and write
1CAD1A0E000
heap
page read and write
1CAD1A30000
heap
page read and write
1A1D9B20000
heap
page read and write
26E27FC8000
heap
page read and write
25C963E3000
heap
page read and write
1CAD1BC0000
heap
page read and write
8DABB6A000
stack
page read and write
1CAD1A1F000
heap
page read and write
FBCCFFE000
stack
page read and write
FBCCF7A000
stack
page read and write
1A1D9AFA000
heap
page read and write
1CAD51E0000
trusted library allocation
page read and write
1CAD1A4D000
heap
page read and write
25C963C8000
heap
page read and write
28FABBD1000
heap
page read and write
25C96305000
heap
page read and write
25C963E3000
heap
page read and write
28FAEE63000
heap
page read and write
25C96300000
heap
page read and write
1CAD1A00000
heap
page read and write
28FABBC0000
heap
page read and write
25C963E3000
heap
page read and write
1A1DCE70000
heap
page read and write
28FABB9E000
heap
page read and write
26E27F90000
heap
page read and write
1A1D9E3B000
heap
page read and write
1A1D9B0E000
heap
page read and write
28FABBB8000
heap
page read and write
25C97DA0000
heap
page read and write
1CAD18F0000
heap
page read and write
1A1D9AE0000
heap
page read and write
1A1D9B07000
heap
page read and write
25C99AB0000
trusted library allocation
page read and write
1A1D9B13000
heap
page read and write
1CAD19D0000
heap
page read and write
28FABAF0000
heap
page read and write
28FAD5C0000
heap
page read and write
FBCD27F000
stack
page read and write
8DABBED000
stack
page read and write
28FABBDC000
heap
page read and write
28FABBAA000
heap
page read and write
28FABBB4000
heap
page read and write
1A1D9B19000
heap
page read and write
28FABBAF000
heap
page read and write
BB124FD000
stack
page read and write
28FABB98000
heap
page read and write
28FABBC6000
heap
page read and write
28FABB90000
heap
page read and write
28FABBA7000
heap
page read and write
1A1D9B02000
heap
page read and write
1CAD1B70000
heap
page read and write
1A1D9B02000
heap
page read and write
F7626FF000
stack
page read and write
25C963E3000
heap
page read and write
1CAD1BC5000
heap
page read and write
28FAF2B0000
trusted library allocation
page read and write
26E27FB0000
heap
page read and write
1A1D9A90000
heap
page read and write
1CAD1A1B000
heap
page read and write
BB121FA000
stack
page read and write
28FABDD0000
heap
page read and write
1A1D9E30000
heap
page read and write
1CAD1A08000
heap
page read and write
25C963DA000
heap
page read and write
28FABBAA000
heap
page read and write
25C963F5000
heap
page read and write
1A1D9E35000
heap
page read and write
BB1247D000
stack
page read and write
1A1D9B2A000
heap
page read and write
8DABEFF000
stack
page read and write
1A1D9AFD000
heap
page read and write
F7624FC000
stack
page read and write
25C962D0000
heap
page read and write
1A1DD320000
trusted library allocation
page read and write
1CAD1A28000
heap
page read and write
28FABB10000
heap
page read and write
1CAD1B00000
heap
page read and write
1A1DCD73000
heap
page read and write
25C961F0000
heap
page read and write
25C963E0000
heap
page read and write
1A1D9B03000
heap
page read and write
1CAD4D40000
heap
page read and write
1CAD4D43000
heap
page read and write
28FABA10000
heap
page read and write
3114BA000
stack
page read and write
25C9630B000
heap
page read and write
1A1D9AA0000
heap
page read and write
1A1D9B02000
heap
page read and write
1CAD1A24000
heap
page read and write
1CAD1A36000
heap
page read and write
25C963E4000
heap
page read and write
1A1D9AE8000
heap
page read and write
26E28180000
heap
page read and write
25C96380000
heap
page read and write
1A1D9B19000
heap
page read and write
1CAD1BCB000
heap
page read and write
28FABE10000
heap
page read and write
There are 114 hidden memdumps, click here to show them.