Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.Basic.20957.14191.dll"

Details

Is windows:	true
Is dropped:	false
PID:	5080
Target ID:	0
Parent PID:	1028
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.Basic.20957.14191.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	14:52:40
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x8f0000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	3504
Target ID:	1
Parent PID:	5080
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	14:52:40
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.Basic.20957.14191.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	5464
Target ID:	2
Parent PID:	5080
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.Basic.20957.14191.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	14:52:41
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x790000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.Basic.20957.14191.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4768
Target ID:	3
Parent PID:	5464
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.MSIL.Basic.20957.14191.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	14:52:41
Date:	13/10/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xf0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

Domains

Name

Malicious

15.164.165.52.in-addr.arpa

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

3FFF000

stack

page read and write

244D000

heap

page read and write

F2B000

heap

page read and write

2169000

stack

page read and write

EB0000

heap

page read and write

2448000

heap

page read and write

2448000

heap

page read and write

5C50000

trusted library allocation

page read and write

25C0000

heap

page read and write

BDD000

stack

page read and write

E9E000

stack

page read and write

2410000

heap

page read and write

E40000

heap

page read and write

25AD000

stack

page read and write

F37000

heap

page read and write

ADD000

stack

page read and write

2420000

heap

page read and write

E50000

heap

page read and write

3E7E000

stack

page read and write

5880000

heap

page read and write

EC0000

heap

page read and write

2465000

heap

page read and write

3EFE000

stack

page read and write

3FBE000

stack

page read and write

F2F000

heap

page read and write

242A000

heap

page read and write

5800000

heap

page read and write

2444000

heap

page read and write

2450000

heap

page read and write

2540000

heap

page read and write

2465000

heap

page read and write

3EBE000

stack

page read and write

2457000

heap

page read and write

21AC000

stack

page read and write

5810000

heap

page read and write

2440000

heap

page read and write

2546000

heap

page read and write

5884000

heap

page read and write

2520000

heap

page read and write

2457000

heap

page read and write

F20000

heap

page read and write

11EF000

stack

page read and write

2465000

heap

page read and write

254A000

heap

page read and write

2457000

heap

page read and write

2465000

heap

page read and write

2453000

heap

page read and write

There are 37 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
SecuriteInfo.com.Trojan.MSIL.Basic.20957.14191.dll

Processes

Domains

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportSecuriteInfo.com.Trojan.MSIL.Basic.20957.14191.dll

Processes

Domains

Memdumps

IOC Report
SecuriteInfo.com.Trojan.MSIL.Basic.20957.14191.dll