Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\17279183995338063c3337b59437329df8d8819a0f5a4ea9cf1609b9c4eed2206be54f143f469.dat-decoded.dll"

Details

Is windows:	true
Is dropped:	false
PID:	7428
Target ID:	0
Parent PID:	2580
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\17279183995338063c3337b59437329df8d8819a0f5a4ea9cf1609b9c4eed2206be54f143f469.dat-decoded.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	21:21:53
Date:	02/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x9f0000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\17279183995338063c3337b59437329df8d8819a0f5a4ea9cf1609b9c4eed2206be54f143f469.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7480
Target ID:	2
Parent PID:	7428
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\17279183995338063c3337b59437329df8d8819a0f5a4ea9cf1609b9c4eed2206be54f143f469.dat-decoded.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	21:21:53
Date:	02/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x240000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\17279183995338063c3337b59437329df8d8819a0f5a4ea9cf1609b9c4eed2206be54f143f469.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7496
Target ID:	3
Parent PID:	7480
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\17279183995338063c3337b59437329df8d8819a0f5a4ea9cf1609b9c4eed2206be54f143f469.dat-decoded.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	21:21:53
Date:	02/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x3c0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7436
Target ID:	1
Parent PID:	7428
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	21:21:53
Date:	02/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

94E000

stack

page read and write

31BF000

heap

page read and write

3486000

heap

page read and write

53D000

stack

page read and write

2E59000

stack

page read and write

2EF0000

heap

page read and write

5DE000

stack

page read and write

580000

heap

page read and write

31C7000

heap

page read and write

43D000

stack

page read and write

600000

heap

page read and write

2FF0000

heap

page read and write

33AE000

stack

page read and write

3410000

heap

page read and write

2FD0000

heap

page read and write

680000

heap

page read and write

62F0000

trusted library allocation

page read and write

31CF000

heap

page read and write

64E000

stack

page read and write

3480000

heap

page read and write

31AA000

heap

page read and write

348A000

heap

page read and write

31CC000

heap

page read and write

590000

heap

page read and write

2E9C000

stack

page read and write

31BB000

heap

page read and write

31E4000

heap

page read and write

B1F000

stack

page read and write

3474000

heap

page read and write

32EE000

stack

page read and write

31C7000

heap

page read and write

336D000

stack

page read and write

68B000

heap

page read and write

31E4000

heap

page read and write

3470000

heap

page read and write

31C3000

heap

page read and write

68F000

heap

page read and write

31D2000

heap

page read and write

D00000

heap

page read and write

31C3000

heap

page read and write

332E000

stack

page read and write

3420000

heap

page read and write

31A0000

heap

page read and write

There are 33 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
17279183995338063c3337b59437329df8d8819a0f5a4ea9cf1609b9c4eed2206be54f143f469.dat-decoded.dll

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report17279183995338063c3337b59437329df8d8819a0f5a4ea9cf1609b9c4eed2206be54f143f469.dat-decoded.dll

Processes

Memdumps

IOC Report
17279183995338063c3337b59437329df8d8819a0f5a4ea9cf1609b9c4eed2206be54f143f469.dat-decoded.dll