Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\SysWOW64\cmd.exe

cmd /C "152806710990800000114981760417202421471027801102024150837872C:\WINDOWS\system32\msdt.exe"C:\WINDOWS\system32\msdt.exe" ms-msdt:-id AudioPlaybackDiagnostic -skip true -ep SndVolToast"

Details

Is windows:	true
Is dropped:	false
PID:	5604
Target ID:	0
Parent PID:	5316
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd /C "152806710990800000114981760417202421471027801102024150837872C:\WINDOWS\system32\msdt.exe"C:\WINDOWS\system32\msdt.exe" ms-msdt:-id AudioPlaybackDiagnostic -skip true -ep SndVolToast"
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	01:10:21
Date:	18/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x790000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	1220
Target ID:	1
Parent PID:	5604
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	01:10:21
Date:	18/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff6d64d0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report

Processes