Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Details

Is windows:	true
Is dropped:	false
PID:	6152
Target ID:	0
Parent PID:	804
Name:	rundll32.exe
Class:	rundll32
Path:	C:\Windows\System32\rundll32.exe
Commandline:	C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Size:	71680
MD5:	EF3179D498793BF4234F708D3BE28633
Time:	04:51:21
Date:	06/05/2024
Reason:	newprocess
Reputation:	high
Is admin:	false
Is elevated:	false
Modulebase:	0x7ff74d8a0000
Modulesize:	94208
Wow64:	false

Signature Hits	Behavior Group	Mitre Attack
Runs a DLL by calling functions	System Summary	Rundll32

Memdumps

Base Address

Regiontype

Protect

Malicious

1BC550A0000

heap

page read and write

1BC56A90000

heap

page read and write

B13D0FE000

stack

page read and write

1BC54FC0000

heap

page read and write

1BC553F0000

heap

page read and write

1BC55128000

heap

page read and write

1BC553F5000

heap

page read and write

B13CDAC000

stack

page read and write

B13D07E000

stack

page read and write

1BC55120000

heap

page read and write

B13D17F000

stack

page read and write

1BC550C0000

heap

page read and write

There are 2 hidden memdumps, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca.zip

Processes

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca.zip

Processes

Memdumps

IOC Report
5d9fe2735d4399d98e6e6a792b1feb26d6f2d9a5d77944ecacb4b4837e5e5fca.zip