IOC Report
OctVbUtl.dll

loading gif

Files

File Path
Type
Category
Malicious
OctVbUtl.dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
initial sample
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1639818b7ea33fad73b6a9f374f2c2fc303b0dc_7522e4b5_42ad0679-496e-491f-b6c5-2a2b0b3da087\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_1639818b7ea33fad73b6a9f374f2c2fc303b0dc_7522e4b5_fb894857-d887-4aca-9640-e1541cf37841\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_8937994e4f6653102bf74df7bae4df35b16b585b_7522e4b5_861aaf2f-d957-4636-afe3-005811a133b1\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_d2d6a05f617930bde2d4c76b2a5555e299272ba9_7522e4b5_a66cba1d-ae51-4e93-836a-a8c12fd637a0\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER31FF.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 10 13:37:28 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER323D.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 10 13:37:28 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER327C.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 10 13:37:28 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3328.tmp.dmp
Mini DuMP crash report, 14 streams, Thu Oct 10 13:37:28 2024, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3338.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3387.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER33F4.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3405.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3433.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER3491.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER34DE.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER355C.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
There are 8 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\OctVbUtl.dll"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\OctVbUtl.dll,_OctlBitMskClr@8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\OctVbUtl.dll,_OctlBitMskSet@8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\user\Desktop\OctVbUtl.dll,_OctlBitMskTst@8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlBitMskClr@8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlBitMskSet@8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlBitMskTst@8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlUtil_szW@12
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlUtil_szR@12
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlUtil_szL@12
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlUtil_cpy@12
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlUtil_acR@12
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlUtil_acL@12
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlUtil_4sw@8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlUtilPakP@16
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlDttmUpk@8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlDttmSys@0
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlDttmPrs@8
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlDttmPak@4
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\OctVbUtl.dll",_OctlBitN2Mask@4
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 592
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 600
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 596
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 600
There are 17 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown

Domains

Name
IP
Malicious
s-part-0017.t-0009.t-msedge.net
13.107.246.45
time.windows.com
unknown

Registry

Path
Value
Malicious
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProgramId
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
FileId
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LowerCaseLongPath
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LongPathHash
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Name
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
OriginalFileName
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Publisher
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Version
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinFileVersion
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinaryType
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProductName
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
ProductVersion
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
LinkDate
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
BinProductVersion
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
AppxPackageFullName
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
AppxPackageRelativeId
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Size
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Language
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
IsOsComponent
\REGISTRY\A\{98998ca0-e946-1e22-1c46-92a371d2a5e0}\Root\InventoryApplicationFile\rundll32.exe|ccf370e740f0e788
Usn
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
ClockTimeSeconds
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\IdentityCRL\ClockData
TickCount
There are 12 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
2A1A000
heap
page read and write
2C50000
heap
page read and write
2DC0000
heap
page read and write
28FF000
stack
page read and write
2F1E000
stack
page read and write
2B70000
heap
page read and write
2E1F000
stack
page read and write
27E0000
heap
page read and write
10003000
unkown
page readonly
2EFC000
stack
page read and write
3080000
heap
page read and write
2E7E000
stack
page read and write
27CE000
stack
page read and write
26BF000
stack
page read and write
34A0000
heap
page read and write
10001000
unkown
page execute read
340F000
stack
page read and write
3280000
heap
page read and write
2C0000
heap
page read and write
3140000
heap
page read and write
2C10000
heap
page read and write
478F000
stack
page read and write
31EF000
stack
page read and write
23EF000
stack
page read and write
2E50000
heap
page read and write
2FA0000
heap
page read and write
B5B000
heap
page read and write
274F000
stack
page read and write
10000000
unkown
page readonly
29EC000
stack
page read and write
2DA0000
heap
page read and write
2BEC000
stack
page read and write
340E000
stack
page read and write
4DBF000
stack
page read and write
24AB000
stack
page read and write
25C000
stack
page read and write
267E000
stack
page read and write
2F90000
heap
page read and write
331F000
stack
page read and write
2CEB000
stack
page read and write
2550000
heap
page read and write
278E000
stack
page read and write
3230000
heap
page read and write
2D10000
heap
page read and write
2D70000
heap
page read and write
23FE000
stack
page read and write
29CA000
heap
page read and write
263B000
stack
page read and write
283B000
stack
page read and write
2DCA000
heap
page read and write
40D0000
heap
page read and write
2F70000
heap
page read and write
2960000
heap
page read and write
3180000
heap
page read and write
2830000
heap
page read and write
2560000
heap
page read and write
2930000
heap
page read and write
27B0000
heap
page read and write
10003000
unkown
page readonly
27DA000
heap
page read and write
29A0000
heap
page read and write
2EBA000
heap
page read and write
2CD0000
heap
page read and write
33D0000
heap
page read and write
2D1F000
stack
page read and write
220000
heap
page read and write
4E40000
heap
page read and write
2EB0000
heap
page read and write
24C000
stack
page read and write
4B0F000
stack
page read and write
4460000
heap
page read and write
10003000
unkown
page readonly
2E90000
heap
page read and write
2870000
heap
page read and write
286E000
stack
page read and write
270E000
stack
page read and write
29B0000
heap
page read and write
2750000
heap
page read and write
83D000
stack
page read and write
4B5E000
stack
page read and write
10003000
unkown
page readonly
1BC000
stack
page read and write
2F60000
heap
page read and write
2CDF000
stack
page read and write
2EAB000
stack
page read and write
31AE000
stack
page read and write
311F000
stack
page read and write
4BA0000
heap
page read and write
30BA000
heap
page read and write
10003000
unkown
page readonly
2890000
heap
page read and write
4CB0000
remote allocation
page read and write
10003000
unkown
page readonly
2C60000
heap
page read and write
287F000
stack
page read and write
10005000
unkown
page readonly
2EC000
stack
page read and write
3100000
remote allocation
page read and write
10001000
unkown
page execute read
263F000
stack
page read and write
42AE000
stack
page read and write
290F000
stack
page read and write
2C9E000
stack
page read and write
2880000
heap
page read and write
28C0000
heap
page read and write
2360000
heap
page read and write
2DCB000
stack
page read and write
2DD0000
heap
page read and write
2960000
heap
page read and write
290000
heap
page read and write
29AB000
stack
page read and write
2E3F000
stack
page read and write
10000000
unkown
page readonly
2350000
heap
page read and write
283C000
stack
page read and write
2DA0000
heap
page read and write
2EEC000
stack
page read and write
47F0000
heap
page read and write
10005000
unkown
page readonly
2CC000
stack
page read and write
357F000
stack
page read and write
2BEB000
stack
page read and write
25EE000
stack
page read and write
3320000
remote allocation
page read and write
10005000
unkown
page readonly
10000000
unkown
page readonly
10005000
unkown
page readonly
2780000
remote allocation
page read and write
4C8F000
stack
page read and write
4360000
heap
page read and write
3230000
heap
page read and write
27D0000
heap
page read and write
30FE000
stack
page read and write
10005000
unkown
page readonly
2E60000
heap
page read and write
10005000
unkown
page readonly
2D5E000
stack
page read and write
10003000
unkown
page readonly
2C0000
heap
page read and write
2ACC000
stack
page read and write
3070000
heap
page read and write
2B4E000
stack
page read and write
4CAF000
stack
page read and write
35BE000
stack
page read and write
2C20000
heap
page read and write
2380000
heap
page read and write
33DA000
heap
page read and write
10001000
unkown
page execute read
10003000
unkown
page readonly
30FF000
stack
page read and write
2B80000
heap
page read and write
AA0000
heap
page read and write
2EBA000
heap
page read and write
26EA000
heap
page read and write
4B00000
heap
page read and write
10000000
unkown
page readonly
2EB0000
heap
page read and write
3100000
heap
page read and write
323A000
heap
page read and write
2A10000
heap
page read and write
2FDB000
stack
page read and write
2B70000
heap
page read and write
2950000
heap
page read and write
10000000
unkown
page readonly
281E000
stack
page read and write
2BAB000
stack
page read and write
29F0000
heap
page read and write
29A0000
heap
page read and write
21B000
stack
page read and write
29EE000
stack
page read and write
30B0000
heap
page read and write
10005000
unkown
page readonly
3290000
heap
page read and write
32DA000
heap
page read and write
26E0000
heap
page read and write
B2E000
stack
page read and write
28BE000
stack
page read and write
274E000
stack
page read and write
27FE000
stack
page read and write
10001000
unkown
page execute read
10000000
unkown
page readonly
287C000
stack
page read and write
F6F000
stack
page read and write
267C000
stack
page read and write
4380000
remote allocation
page read and write
2FEE000
stack
page read and write
29C0000
heap
page read and write
2AE000
stack
page read and write
323C000
stack
page read and write
2DCE000
stack
page read and write
2E7E000
stack
page read and write
3140000
heap
page read and write
4280000
heap
page read and write
2EC0000
remote allocation
page read and write
4E90000
heap
page read and write
B50000
heap
page read and write
283F000
stack
page read and write
2EB0000
heap
page read and write
32BE000
stack
page read and write
2D80000
heap
page read and write
496F000
stack
page read and write
2DB0000
heap
page read and write
2B30000
heap
page read and write
10001000
unkown
page execute read
2AB000
stack
page read and write
10001000
unkown
page execute read
DA0000
heap
page read and write
2D1A000
heap
page read and write
33C0000
heap
page read and write
990000
heap
page read and write
24EC000
stack
page read and write
2740000
heap
page read and write
2F50000
heap
page read and write
D4F000
stack
page read and write
2370000
heap
page read and write
2370000
heap
page read and write
2FA0000
heap
page read and write
48C0000
heap
page read and write
10005000
unkown
page readonly
2FE0000
heap
page read and write
10005000
unkown
page readonly
2700000
heap
page read and write
2830000
heap
page read and write
2B0C000
stack
page read and write
281F000
stack
page read and write
30DE000
stack
page read and write
10001000
unkown
page execute read
2D9F000
stack
page read and write
28B000
stack
page read and write
17B000
stack
page read and write
230000
heap
page read and write
2D0000
heap
page read and write
4220000
heap
page read and write
10001000
unkown
page execute read
10000000
unkown
page readonly
20B000
stack
page read and write
AEE000
stack
page read and write
2D0000
heap
page read and write
283A000
heap
page read and write
2A8B000
stack
page read and write
2BFE000
stack
page read and write
296E000
stack
page read and write
29D0000
heap
page read and write
1110000
heap
page read and write
4CA0000
heap
page read and write
44B0000
heap
page read and write
2FEE000
stack
page read and write
4CC0000
heap
page read and write
2D30000
heap
page read and write
303C000
stack
page read and write
2F5A000
heap
page read and write
B5F000
heap
page read and write
26C0000
heap
page read and write
2F50000
heap
page read and write
10000000
unkown
page readonly
3350000
heap
page read and write
346E000
stack
page read and write
2FAA000
heap
page read and write
42EF000
stack
page read and write
31F0000
heap
page read and write
2990000
heap
page read and write
29AF000
stack
page read and write
23EE000
stack
page read and write
32D0000
heap
page read and write
10001000
unkown
page execute read
93D000
stack
page read and write
3440000
heap
page read and write
315F000
stack
page read and write
28FC000
stack
page read and write
28BB000
stack
page read and write
3FCF000
stack
page read and write
289A000
heap
page read and write
2F40000
heap
page read and write
10001000
unkown
page execute read
2E3C000
stack
page read and write
307F000
stack
page read and write
287A000
heap
page read and write
2E8F000
stack
page read and write
2B0000
heap
page read and write
25EB000
stack
page read and write
28CF000
stack
page read and write
2E4E000
stack
page read and write
10000000
unkown
page readonly
2F60000
heap
page read and write
303E000
stack
page read and write
27A0000
heap
page read and write
316E000
stack
page read and write
274F000
stack
page read and write
10000000
unkown
page readonly
339E000
stack
page read and write
2760000
heap
page read and write
2D2C000
stack
page read and write
2EBB000
stack
page read and write
295A000
heap
page read and write
32D0000
heap
page read and write
4A70000
heap
page read and write
261A000
heap
page read and write
4B9F000
stack
page read and write
10003000
unkown
page readonly
10003000
unkown
page readonly
10005000
unkown
page readonly
4260000
heap
page read and write
435F000
stack
page read and write
236E000
stack
page read and write
32F0000
heap
page read and write
2EA0000
heap
page read and write
2610000
heap
page read and write
23A0000
heap
page read and write
2F30000
heap
page read and write
2ACB000
stack
page read and write
344A000
heap
page read and write
2970000
heap
page read and write
32FF000
stack
page read and write
A70000
heap
page read and write
35D0000
heap
page read and write
2590000
heap
page read and write
There are 306 hidden memdumps, click here to show them.