IOC Report
unpacked (1).bin

loading gif

Files

File Path
Type
Category
Malicious
unpacked (1).dll
PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
initial sample
malicious
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_7bde5861e98b2ac3cc37e329f3101f62f0fff922_82810a17_1492a377\Report.wer
Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9984.tmp.dmp
Mini DuMP crash report, 14 streams, Fri Mar 17 02:54:08 2023, 0x1205a4 type
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C05.tmp.WERInternalMetadata.xml
XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
dropped
C:\ProgramData\Microsoft\Windows\WER\Temp\WER9C74.tmp.xml
XML 1.0 document, ASCII text, with CRLF line terminators
dropped
C:\Windows\appcompat\Programs\Amcache.hve
MS Windows registry file, NT/2000 or above
dropped
C:\Windows\appcompat\Programs\Amcache.hve.LOG1
MS Windows registry file, NT/2000 or above
dropped

Processes

Path
Cmdline
Malicious
C:\Windows\System32\loaddll32.exe
loaddll32.exe "C:\Users\user\Desktop\unpacked (1).dll"
malicious
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\user\Desktop\unpacked (1).dll",#1
malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C rundll32.exe "C:\Users\user\Desktop\unpacked (1).dll",#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 644

URLs

Name
IP
Malicious
http://upx.sf.net
unknown

Registry

Path
Value
Malicious
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHivePermissionsCorrect
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
AmiHiveOwnerCorrect
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProgramId
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
FileId
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LowerCaseLongPath
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LongPathHash
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Name
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Publisher
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Version
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinFileVersion
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinaryType
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProductName
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
ProductVersion
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
LinkDate
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
BinProductVersion
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Size
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
Language
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
IsPeFile
\REGISTRY\A\{860d3b95-22c5-1cf1-5e3f-b2b7548e796f}\Root\InventoryApplicationFile\rundll32.exe|ab97b57a
IsOsComponent
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\Windows Error Reporting\Debug
ExceptionRecord
There are 10 hidden registries, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
D6D000
stack
page read and write
2B352732000
heap
page read and write
2B351EA2000
heap
page read and write
2B351E86000
heap
page read and write
20E05B00000
heap
page read and write
FF64DFA000
stack
page read and write
2B461A6D000
heap
page read and write
2B461830000
heap
page read and write
2B351EA0000
heap
page read and write
25E0D5E0000
heap
page read and write
220BFE75000
heap
page read and write
2B351D10000
trusted library allocation
page read and write
349E000
stack
page read and write
FF6497B000
stack
page read and write
2B352772000
heap
page read and write
E8B000
heap
page read and write
22BC5037000
heap
page read and write
10001000
unkown
page execute read
E7729FC000
stack
page read and write
2B351F13000
heap
page read and write
34DF000
stack
page read and write
2B461A42000
heap
page read and write
10003000
unkown
page readonly
20E05A51000
heap
page read and write
27681C00000
heap
page read and write
2B461A45000
heap
page read and write
2B461930000
trusted library allocation
page read and write
2B35276F000
heap
page read and write
27681B70000
trusted library allocation
page read and write
2B352772000
heap
page read and write
2B351E41000
heap
page read and write
9F8757D000
stack
page read and write
290A0A00000
heap
page read and write
220BFE5A000
heap
page read and write
2B461A65000
heap
page read and write
220BFDB0000
heap
page read and write
27681D18000
heap
page read and write
2B461A63000
heap
page read and write
EFD767F000
stack
page read and write
2B351E84000
heap
page read and write
290A0B02000
heap
page read and write
FF6451B000
stack
page read and write
B1FE87F000
stack
page read and write
220BFE64000
heap
page read and write
10004000
unkown
page write copy
20E05A64000
heap
page read and write
2B461A31000
heap
page read and write
2B352737000
heap
page read and write
20E05A66000
heap
page read and write
B118EFB000
stack
page read and write
290A09C0000
heap
page read and write
27681BE0000
remote allocation
page read and write
2B352727000
heap
page read and write
9F8727D000
stack
page read and write
E85478E000
stack
page read and write
10006000
unkown
page readonly
10008000
unkown
page readonly
FF64B7B000
stack
page read and write
2B351E5D000
heap
page read and write
E854B7E000
stack
page read and write
290A0A64000
heap
page read and write
20E05A43000
heap
page read and write
2B351E23000
heap
page read and write
2B35275F000
heap
page read and write
2B461A61000
heap
page read and write
22BC505D000
heap
page read and write
2B35273B000
heap
page read and write
10008000
unkown
page readonly
22BC5034000
heap
page read and write
22BC5002000
heap
page read and write
276819F0000
heap
page read and write
25E0E113000
heap
page read and write
FF64CFF000
stack
page read and write
2B352702000
heap
page read and write
27681BA0000
trusted library allocation
page read and write
290A0960000
heap
page read and write
20E05860000
heap
page read and write
27681C6E000
heap
page read and write
290A1402000
trusted library allocation
page read and write