Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\4eb9650.dll"

Details

Is windows:	true
Is dropped:	false
PID:	3916
Target ID:	0
Parent PID:	2580
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\4eb9650.dll"
Size:	126464
MD5:	51E6071F9CBA48E79F10C84515AAE618
Time:	16:08:25
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xe00000
Modulesize:	147456
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	7008
Target ID:	1
Parent PID:	3916
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	862208
MD5:	0D698AF330FD17BEE3BF90011D49251D
Time:	16:08:25
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7699e0000
Modulesize:	892928
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\4eb9650.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4312
Target ID:	2
Parent PID:	3916
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\4eb9650.dll",#1
Size:	236544
MD5:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Time:	16:08:26
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x240000
Modulesize:	368640
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\4eb9650.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	7064
Target ID:	3
Parent PID:	4312
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\4eb9650.dll",#1
Size:	61440
MD5:	889B99C52A60DD49227C5E485A016679
Time:	16:08:26
Date:	26/04/2024
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xce0000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

30C0000

heap

page read and write

30CC000

heap

page read and write

C4C000

stack

page read and write

30CD000

heap

page read and write

4B3E000

stack

page read and write

30D0000

heap

page read and write

30CC000

heap

page read and write

2DE0000

heap

page read and write

6320000

heap

page read and write

CD0000

heap

page read and write

30ED000

heap

page read and write

CC0000

heap

page read and write

30C9000

heap

page read and write

61F0000

heap

page read and write

2DEA000

heap

page read and write

497E000

stack

page read and write

304E000

stack

page read and write

30A0000

heap

page read and write

2DE7000

heap

page read and write

8FD000

stack

page read and write

30C0000

heap

page read and write

4B7F000

stack

page read and write

C90000

heap

page read and write

DD0000

heap

page read and write

30C4000

heap

page read and write

9E0000

heap

page read and write

B30000

heap

page read and write

4ABE000

stack

page read and write

61F4000

heap

page read and write

30E5000

heap

page read and write

920000

heap

page read and write

B3B000

heap

page read and write

6730000

trusted library allocation

page read and write

30E3000

heap

page read and write

30CE000

heap

page read and write

4AFF000

stack

page read and write

C09000

stack

page read and write

49BE000

stack

page read and write

30AA000

heap

page read and write

B3F000

heap

page read and write

6310000

heap

page read and write

308E000

stack

page read and write

30C5000

heap

page read and write

5BC000

stack

page read and write

930000

heap

page read and write

There are 35 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
4eb9650.dll

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report4eb9650.dll

Processes

Memdumps

IOC Report
4eb9650.dll