Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\1728293259cc6e52b482888882dfe5c059be5da0d1632c0622501d4ffa671dd4a2b13e033e282.dat-decoded.dll"

Details

Is windows:	true
Is dropped:	false
PID:	7256
Target ID:	0
Parent PID:	2580
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\1728293259cc6e52b482888882dfe5c059be5da0d1632c0622501d4ffa671dd4a2b13e033e282.dat-decoded.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	05:31:36
Date:	07/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x950000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1728293259cc6e52b482888882dfe5c059be5da0d1632c0622501d4ffa671dd4a2b13e033e282.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7308
Target ID:	2
Parent PID:	7256
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1728293259cc6e52b482888882dfe5c059be5da0d1632c0622501d4ffa671dd4a2b13e033e282.dat-decoded.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	05:31:36
Date:	07/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x240000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\1728293259cc6e52b482888882dfe5c059be5da0d1632c0622501d4ffa671dd4a2b13e033e282.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7324
Target ID:	3
Parent PID:	7308
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\1728293259cc6e52b482888882dfe5c059be5da0d1632c0622501d4ffa671dd4a2b13e033e282.dat-decoded.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	05:31:36
Date:	07/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xeb0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7264
Target ID:	1
Parent PID:	7256
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	05:31:36
Date:	07/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

A50000

heap

page read and write

BAE000

stack

page read and write

A40000

heap

page read and write

5F24000

heap

page read and write

BD7000

heap

page read and write

5FD000

stack

page read and write

AEF000

heap

page read and write

BD2000

heap

page read and write

BE0000

heap

page read and write

BCB000

heap

page read and write

799000

stack

page read and write

E1E000

stack

page read and write

CEF000

stack

page read and write

7DC000

stack

page read and write

BCF000

heap

page read and write

5F20000

heap

page read and write

BF3000

heap

page read and write

D4E000

stack

page read and write

D8E000

stack

page read and write

BD8000

heap

page read and write

E2A000

heap

page read and write

E20000

heap

page read and write

DD0000

heap

page read and write

ACE000

stack

page read and write

930000

heap

page read and write

BD7000

heap

page read and write

AEB000

heap

page read and write

BE1000

heap

page read and write

BD7000

heap

page read and write

AE0000

heap

page read and write

D20000

heap

page read and write

9A0000

heap

page read and write

8FD000

stack

page read and write

CDF000

stack

page read and write

A80000

heap

page read and write

62F0000

trusted library allocation

page read and write

BBA000

heap

page read and write

E6F000

stack

page read and write

E26000

heap

page read and write

BB0000

heap

page read and write

BD4000

heap

page read and write

E70000

heap

page read and write

A80000

heap

page read and write

There are 33 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
1728293259cc6e52b482888882dfe5c059be5da0d1632c0622501d4ffa671dd4a2b13e033e282.dat-decoded.dll

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report1728293259cc6e52b482888882dfe5c059be5da0d1632c0622501d4ffa671dd4a2b13e033e282.dat-decoded.dll

Processes

Memdumps

IOC Report
1728293259cc6e52b482888882dfe5c059be5da0d1632c0622501d4ffa671dd4a2b13e033e282.dat-decoded.dll