Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\loaddll32.exe

loaddll32.exe "C:\Users\user\Desktop\1f0000.dll"

Details

Is windows:	true
Is dropped:	false
PID:	5092
Target ID:	0
Parent PID:	3528
Name:	loaddll32.exe
Path:	C:\Windows\System32\loaddll32.exe
Commandline:	loaddll32.exe "C:\Users\user\Desktop\1f0000.dll"
Size:	116736
MD5:	1F562FBF37040EC6C43C8D5EF619EA39
Time:	10:01:24
Date:	18/10/2022
Reason:	newprocess
Reputation:	moderate
Is admin:	true
Is elevated:	true
Modulebase:	0xca0000
Modulesize:	135168
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\System32\conhost.exe

C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Details

Is windows:	true
Is dropped:	false
PID:	2064
Target ID:	1
Parent PID:	5092
Name:	conhost.exe
Path:	C:\Windows\System32\conhost.exe
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Size:	625664
MD5:	EA777DEEA782E8B4D7C7C33BBF8A4496
Time:	10:01:24
Date:	18/10/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0x7ff7c72c0000
Modulesize:	651264
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\cmd.exe

cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1f0000.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4996
Target ID:	2
Parent PID:	5092
Name:	cmd.exe
Class:	cmd
Path:	C:\Windows\SysWOW64\cmd.exe
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\1f0000.dll",#1
Size:	232960
MD5:	F3BDBE3BB6F734E357235F4D5898582D
Time:	10:01:24
Date:	18/10/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xd90000
Modulesize:	364544
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Spawns processes	System Summary	Process Injection

C:\Windows\SysWOW64\rundll32.exe

rundll32.exe "C:\Users\user\Desktop\1f0000.dll",#1

Details

Is windows:	true
Is dropped:	false
PID:	4668
Target ID:	3
Parent PID:	4996
Name:	rundll32.exe
Class:	system-tools
Path:	C:\Windows\SysWOW64\rundll32.exe
Commandline:	rundll32.exe "C:\Users\user\Desktop\1f0000.dll",#1
Size:	61952
MD5:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Time:	10:01:24
Date:	18/10/2022
Reason:	newprocess
Reputation:	high
Is admin:	true
Is elevated:	true
Modulebase:	0xb20000
Modulesize:	81920
Wow64:	true

Signature Hits	Behavior Group	Mitre Attack
Creates a process in suspended mode (likely to inject code)	HIPS / PFW / Operating System Protection Evasion	Process Injection
Runs a DLL by calling functions	System Summary	Rundll32
Spawns processes	System Summary	Process Injection

Memdumps

Base Address

Regiontype

Protect

Malicious

3558000

heap

page read and write

354F000

heap

page read and write

3500000

trusted library allocation

page read and write

5180000

trusted library allocation

page read and write

2F2B000

stack

page read and write

92C000

stack

page read and write

2FFA000

heap

page read and write

3520000

heap

page read and write

990000

trusted library allocation

page read and write

3545000

heap

page read and write

8C0000

heap

page read and write

3545000

heap

page read and write

3553000

heap

page read and write

2EEA000

stack

page read and write

352A000

heap

page read and write

ED0000

heap

page read and write

6530000

heap

page read and write

2FF7000

heap

page read and write

3549000

heap

page read and write

4E3F000

stack

page read and write

3554000

heap

page read and write

33B0000

trusted library allocation

page read and write

4DFE000

stack

page read and write

354E000

heap

page read and write

2FF0000

heap

page read and write

354E000

heap

page read and write

3542000

heap

page read and write

2E80000

heap

page read and write

340F000

stack

page read and write

2F90000

trusted library allocation

page read and write

F80000

heap

page read and write

DCD000

stack

page read and write

33C0000

heap

page read and write

3553000

heap

page read and write

334E000

stack

page read and write

3550000

heap

page read and write

6533000

heap

page read and write

3569000

heap

page read and write

330E000

stack

page read and write

F8B000

heap

page read and write

338E000

stack

page read and write

6600000

trusted library allocation

page read and write

There are 32 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
1f0000.dll

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report1f0000.dll

Processes

Memdumps

IOC Report
1f0000.dll