Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	7060
Target ID:	0
Parent PID:	804
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Size:	71680
MD5:	EF3179D498793BF4234F708D3BE28633
Time:	06:44:56
Date:	25/11/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff760a20000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Runs a DLL by calling functions	System Summary	Rundll32

URLs

Name

Malicious

http://www.eci.org/eci/en/eciRGB.phpdesc

unknown

http://www.eci.org/eci/en/eciRGB.php

unknown

Memdumps

Base Address

Regiontype

Protect

Malicious

1689C340000

heap

page read and write

1689BFD9000

heap

page read and write

1689BF40000

heap

page read and write

1689BF30000

heap

page read and write

28BEE7E000

stack

page read and write

1689BF60000

heap

page read and write

28BEEFF000

stack

page read and write

28BEF7E000

stack

page read and write

1689DB10000

heap

page read and write

1689C345000

heap

page read and write

1689BFD0000

heap

page read and write

28BEBFC000

stack

page read and write

There are 2 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
OneDrive_1_25-11-2024.zip

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportOneDrive_1_25-11-2024.zip

Processes

URLs

Memdumps

IOC Report
OneDrive_1_25-11-2024.zip