Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\1728837011f2c8c4409febaf6c32a8ab478efe1cbe481eec5860f61fb84d06b6e12e91d6fe985.dat-decoded.dll"

Details

Is windows:	true
Is dropped:	false
PID:	4280
Target ID:	0
Parent PID:	1028
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\1728837011f2c8c4409febaf6c32a8ab478efe1cbe481eec5860f61fb84d06b6e12e91d6fe985.dat-decoded.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	12:34:40
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xd10000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1728837011f2c8c4409febaf6c32a8ab478efe1cbe481eec5860f61fb84d06b6e12e91d6fe985.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	5296
Target ID:	2
Parent PID:	4280
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1728837011f2c8c4409febaf6c32a8ab478efe1cbe481eec5860f61fb84d06b6e12e91d6fe985.dat-decoded.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	12:34:40
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x790000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\1728837011f2c8c4409febaf6c32a8ab478efe1cbe481eec5860f61fb84d06b6e12e91d6fe985.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4996
Target ID:	3
Parent PID:	5296
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\1728837011f2c8c4409febaf6c32a8ab478efe1cbe481eec5860f61fb84d06b6e12e91d6fe985.dat-decoded.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	12:34:40
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x850000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2300
Target ID:	1
Parent PID:	4280
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:34:40
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

3469000

heap

page read and write

33DE000

stack

page read and write

3468000

heap

page read and write

57D000

stack

page read and write

331F000

stack

page read and write

2F0C000

stack

page read and write

7C0000

heap

page read and write

5F0000

heap

page read and write

345C000

heap

page read and write

3483000

heap

page read and write

335A000

heap

page read and write

3350000

heap

page read and write

9BF000

stack

page read and write

65E4000

heap

page read and write

7CB000

heap

page read and write

63E000

stack

page read and write

650000

heap

page read and write

65E0000

heap

page read and write

344A000

heap

page read and write

2EC9000

stack

page read and write

7CF000

heap

page read and write

346C000

heap

page read and write

5E0000

heap

page read and write

32D0000

heap

page read and write

3410000

heap

page read and write

3440000

heap

page read and write

47D000

stack

page read and write

3471000

heap

page read and write

2F80000

heap

page read and write

3472000

heap

page read and write

A50000

heap

page read and write

3420000

heap

page read and write

2FFE000

stack

page read and write

7D7000

heap

page read and write

346D000

heap

page read and write

3468000

heap

page read and write

3465000

heap

page read and write

3469000

heap

page read and write

3460000

heap

page read and write

3463000

heap

page read and write

3468000

heap

page read and write

6980000

trusted library allocation

page read and write

3356000

heap

page read and write

2F70000

heap

page read and write

339D000

stack

page read and write

There are 35 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
1728837011f2c8c4409febaf6c32a8ab478efe1cbe481eec5860f61fb84d06b6e12e91d6fe985.dat-decoded.dll

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report1728837011f2c8c4409febaf6c32a8ab478efe1cbe481eec5860f61fb84d06b6e12e91d6fe985.dat-decoded.dll

Processes

Memdumps

IOC Report
1728837011f2c8c4409febaf6c32a8ab478efe1cbe481eec5860f61fb84d06b6e12e91d6fe985.dat-decoded.dll