Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll64.exe

loaddll64.exe "C:\Users\user\Desktop\1.dll"

Details

Is windows:	true
Is dropped:	false
PID:	760
Target ID:	0
Parent PID:	1028
Name:	loaddll64.exe
Path:	C:\Windows\System32\loaddll64.exe
Commandline:	loaddll64.exe "C:\Users\user\Desktop\1.dll"
Size:	165888
MD5:	763455F9DCB24DFEECC2B9D9F8D46D52
Time:	15:09:56
Date:	28/03/2024
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff716ea0000
Modulesize:	188416
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2884
Target ID:	1
Parent PID:	760
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	15:09:57
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4512
Target ID:	2
Parent PID:	760
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\System32\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1.dll",#1
Size:	289792
MD5:	8A2122E8162DBEF04694B9C3E0B6CDEE
Time:	15:09:57
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff64f850000
Modulesize:	421888
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\1.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	6416
Target ID:	3
Parent PID:	4512
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\1.dll",#1
Size:	71680
MD5:	EF3179D498793BF4234F708D3BE28633
Time:	15:09:57
Date:	28/03/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6aaf30000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

URLs

Name

Malicious

http://crl.entrust.net/g2ca.crl0

unknown

http://crl.entrust.net/csbr1.crl0

unknown

http://ocsp.entrust.net03

unknown

http://ocsp.entrust.net02

unknown

http://ocsp.entrust.net01

unknown

http://www.entrust.net/rpa03

unknown

http://ocsp.entrust.net00

unknown

http://aia.entrust.net/ts1-chain256.cer01

unknown

http://aia.entrust.net/evcs2-chain.p7c01

unknown

http://crl.entrust.net/ts1ca.crl0

unknown

http://crl.entrust.net/evcs2.crl0

unknown

http://www.entrust.net/rpa0

unknown

http://crl.entrust.net/2048ca.crl0

unknown

https://www.entrust.net/rpa0

unknown

There are 4 hidden URLs, click here to show them.

Memdumps

Base Address

Regiontype

Protect

Malicious

1F250FA6000

heap

page read and write

1F250FA3000

heap

page read and write

1F250FC3000

heap

page read and write

1F250F1B000

heap

page read and write

D50AEFF000

stack

page read and write

1F250FA6000

heap

page read and write

1F254000000

heap

page read and write

1F250F9C000

heap

page read and write

1F250FAB000

heap

page read and write

D50ACFC000

stack

page read and write

1F250FA0000

heap

page read and write

1F250FA6000

heap

page read and write

4AE0AFE000

stack

page read and write

1F253F90000

heap

page read and write

25FB33E0000

heap

page read and write

1F250FAA000

heap

page read and write

1F250FA7000

heap

page read and write

25FB34F0000

heap

page read and write

1F250EE0000

heap

page read and write

1F250FB5000

heap

page read and write

25FB33ED000

heap

page read and write

25FB3610000

heap

page read and write

1F250FB0000

heap

page read and write

1F254540000

trusted library allocation

page read and write

1F250F80000

heap

page read and write

1F250F10000

heap

page read and write

1F252820000

heap

page read and write

25FB35D0000

heap

page read and write

25FB3710000

heap

page read and write

4AE0A7E000

stack

page read and write

1F250F9C000

heap

page read and write

1F250FAA000

heap

page read and write

4AE0B7F000

stack

page read and write

4AE07FA000

stack

page read and write

D50ADFE000

stack

page read and write

1F250F15000

heap

page read and write

1F250F88000

heap

page read and write

1F250FA6000

heap

page read and write

1F254003000

heap

page read and write

1F250EC0000

heap

page read and write

1F250DE0000

heap

page read and write

There are 31 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
1.exe

Processes

URLs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report1.exe

Processes

URLs

Memdumps

IOC Report
1.exe