Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\1728837010f8dbc27ab56e33ce777df8975cafb75f4fb4ee8083e6485fe669922eb6a54392628.dat-decoded.dll"

Details

Is windows:	true
Is dropped:	false
PID:	7596
Target ID:	0
Parent PID:	4056
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\1728837010f8dbc27ab56e33ce777df8975cafb75f4fb4ee8083e6485fe669922eb6a54392628.dat-decoded.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	12:34:52
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x490000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1728837010f8dbc27ab56e33ce777df8975cafb75f4fb4ee8083e6485fe669922eb6a54392628.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7648
Target ID:	2
Parent PID:	7596
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1728837010f8dbc27ab56e33ce777df8975cafb75f4fb4ee8083e6485fe669922eb6a54392628.dat-decoded.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	12:34:52
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x410000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\1728837010f8dbc27ab56e33ce777df8975cafb75f4fb4ee8083e6485fe669922eb6a54392628.dat-decoded.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7672
Target ID:	3
Parent PID:	7648
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\1728837010f8dbc27ab56e33ce777df8975cafb75f4fb4ee8083e6485fe669922eb6a54392628.dat-decoded.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	12:34:52
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x600000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Sigma detected: Execute DLL with spoofed extension	Data Obfuscation
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7604
Target ID:	1
Parent PID:	7596
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	12:34:52
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff75da10000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

s-part-0023.t-0009.t-msedge.net

13.107.246.51

time.windows.com

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

6050000

heap

page read and write

2ED8000

heap

page read and write

4CCF000

stack

page read and write

5BD000

stack

page read and write

2E5A000

heap

page read and write

2DB0000

heap

page read and write

2ED8000

heap

page read and write

DA0000

heap

page read and write

9B0000

heap

page read and write

9BF000

heap

page read and write

2EBA000

heap

page read and write

2C7C000

stack

page read and write

2EE4000

heap

page read and write

2ED5000

heap

page read and write

4C8E000

stack

page read and write

2ED8000

heap

page read and write

2E1E000

stack

page read and write

6090000

heap

page read and write

2EE6000

heap

page read and write

2EDF000

heap

page read and write

39D000

stack

page read and write

400000

heap

page read and write

2CB0000

heap

page read and write

BAF000

stack

page read and write

2ED8000

heap

page read and write

2D90000

heap

page read and write

45E000

stack

page read and write

2EF5000

heap

page read and write

2ED0000

heap

page read and write

2EDF000

heap

page read and write

480000

heap

page read and write

410000

heap

page read and write

2E9F000

stack

page read and write

6094000

heap

page read and write

2ED9000

heap

page read and write

64B0000

trusted library allocation

page read and write

2EB0000

heap

page read and write

2E50000

heap

page read and write

2ED9000

heap

page read and write

2ED0000

heap

page read and write

6040000

heap

page read and write

2E57000

heap

page read and write

2EE0000

heap

page read and write

2C39000

stack

page read and write

2ED4000

heap

page read and write

2EE4000

heap

page read and write

9BB000

heap

page read and write

There are 37 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
1728837010f8dbc27ab56e33ce777df8975cafb75f4fb4ee8083e6485fe669922eb6a54392628.dat-decoded.dll

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report1728837010f8dbc27ab56e33ce777df8975cafb75f4fb4ee8083e6485fe669922eb6a54392628.dat-decoded.dll

Processes

Domains

Memdumps

IOC Report
1728837010f8dbc27ab56e33ce777df8975cafb75f4fb4ee8083e6485fe669922eb6a54392628.dat-decoded.dll