Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\172883701194d92b397f675a5540cc755b22045792762d574d00728a55f4aa1d3437adce26334.dat-decoded.dll"

Details

Is windows:	true
Is dropped:	false
PID:	3656
Target ID:	0
Parent PID:	4004
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\172883701194d92b397f675a5540cc755b22045792762d574d00728a55f4aa1d3437adce26334.dat-decoded.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	12:34:45
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xb60000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\172883701194d92b397f675a5540cc755b22045792762d574d00728a55f4aa1d3437adce26334.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	5692
Target ID:	2
Parent PID:	3656
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\172883701194d92b397f675a5540cc755b22045792762d574d00728a55f4aa1d3437adce26334.dat-decoded.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	12:34:45
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x1c0000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\172883701194d92b397f675a5540cc755b22045792762d574d00728a55f4aa1d3437adce26334.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7036
Target ID:	3
Parent PID:	5692
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\172883701194d92b397f675a5540cc755b22045792762d574d00728a55f4aa1d3437adce26334.dat-decoded.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	12:34:45
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x300000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	3280
Target ID:	1
Parent PID:	3656
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:34:45
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff66e660000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

s-part-0017.t-0009.t-msedge.net

13.107.246.45

Memdumps

Base Address

Regiontype

Protect

Malicious

3023000

heap

page read and write

300E000

heap

page read and write

A90000

heap

page read and write

300E000

heap

page read and write

B1E000

stack

page read and write

3290000

heap

page read and write

FCF000

stack

page read and write

300C000

heap

page read and write

3023000

heap

page read and write

2B3C000

stack

page read and write

A2D000

stack

page read and write

2FE0000

heap

page read and write

2BB0000

heap

page read and write

302C000

heap

page read and write

92D000

stack

page read and write

2FEA000

heap

page read and write

3004000

heap

page read and write

300C000

heap

page read and write

2FCF000

stack

page read and write

3008000

heap

page read and write

AD0000

heap

page read and write

AA0000

heap

page read and write

300F000

heap

page read and write

FEF000

heap

page read and write

3023000

heap

page read and write

6040000

heap

page read and write

2B70000

heap

page read and write

300E000

heap

page read and write

11C0000

heap

page read and write

2AF9000

stack

page read and write

FE0000

heap

page read and write

6570000

trusted library allocation

page read and write

3008000

heap

page read and write

2BC0000

heap

page read and write

2FFC000

heap

page read and write

2F8E000

stack

page read and write

6050000

heap

page read and write

329A000

heap

page read and write

2F4F000

stack

page read and write

3003000

heap

page read and write

3297000

heap

page read and write

3024000

heap

page read and write

2FFF000

heap

page read and write

2FFF000

heap

page read and write

6060000

heap

page read and write

2F0E000

stack

page read and write

3023000

heap

page read and write

FEB000

heap

page read and write

6064000

heap

page read and write

There are 39 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
172883701194d92b397f675a5540cc755b22045792762d574d00728a55f4aa1d3437adce26334.dat-decoded.dll

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report172883701194d92b397f675a5540cc755b22045792762d574d00728a55f4aa1d3437adce26334.dat-decoded.dll

Processes

Domains

Memdumps

IOC Report
172883701194d92b397f675a5540cc755b22045792762d574d00728a55f4aa1d3437adce26334.dat-decoded.dll