IOC Report
test_sample.zip

loading gif

Processes

Path
Cmdline
Malicious
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\user\Desktop\7ad889d43b865efd2dd27f116845fc7839db8d7b.exe
"C:\Users\user\Desktop\7ad889d43b865efd2dd27f116845fc7839db8d7b.exe"
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Memdumps

Base Address
Regiontype
Protect
Malicious
290DEAF0000
heap
page read and write
AAF000
stack
page read and write
290DEB48000
heap
page read and write
290DEA10000
heap
page read and write
B02F2FF000
stack
page read and write
63A000
heap
page read and write
290DECB0000
heap
page read and write
B02EF9C000
stack
page read and write
557000
unkown
page readonly
553000
unkown
page execute read
76E000
stack
page read and write
290E0530000
heap
page read and write
B02F27E000
stack
page read and write
9B000
stack
page read and write
63E000
heap
page read and write
604000
unkown
page write copy
9AE000
stack
page read and write
5FB000
unkown
page read and write
54C000
unkown
page execute read
610000
heap
page read and write
B02F37F000
stack
page read and write
D10000
heap
page read and write
96F000
stack
page read and write
1F0000
heap
page read and write
605000
unkown
page read and write
AEE000
stack
page read and write
199000
stack
page read and write
400000
unkown
page readonly
290DECB5000
heap
page read and write
5ED000
unkown
page readonly
790000
heap
page read and write
5FB000
unkown
page write copy
2B60000
heap
page read and write
25C0000
heap
page read and write
290DEB10000
heap
page read and write
BEF000
stack
page read and write
19E000
stack
page read and write
290DEB40000
heap
page read and write
CF0000
heap
page read and write
600000
unkown
page read and write
630000
heap
page read and write
401000
unkown
page execute read
There are 32 hidden memdumps, click here to show them.