b2ebc0f8c302a04961b8c2ed0673384050e5932a370be062788b7630bf188123

Analysis

max time kernel
142s
max time network
145s
platform
windows10_x64
resource
win10
submitted
13/07/2020, 12:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Guqcvju_Signed_.exe
Size

1.1MB
MD5

271646d2ae5f0c7693be133688eaca38
SHA1

fce0e671122419cbb94f9651039323e945960964
SHA256

b2ebc0f8c302a04961b8c2ed0673384050e5932a370be062788b7630bf188123
SHA512

263656c10302a5ae39d3712b7bcbf8424b46bb98132bdb1f659baebba72eb1e166e5af4b63ad83e4b458fc4547ebcb1b7be62c18e4dd3622fdcf8067f40fe3b7

Score

8^/10

persistence

Malware Config

Signatures

Suspicious use of WriteProcessMemory 512 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3044 wrote to memory of 3832	3044	Guqcvju_Signed_.exe	67
PID 3832 wrote to memory of 3628	3832	TapiUnattend.exe	68
PID 3832 wrote to memory of 3628	3832	TapiUnattend.exe	68
PID 3832 wrote to memory of 3628	3832	TapiUnattend.exe	68
PID 3044 wrote to memory of 3116	3044	Guqcvju_Signed_.exe	69
PID 3044 wrote to memory of 3116	3044	Guqcvju_Signed_.exe	69
PID 3044 wrote to memory of 3116	3044	Guqcvju_Signed_.exe	69
PID 3044 wrote to memory of 3116	3044	Guqcvju_Signed_.exe	69
PID 3044 wrote to memory of 3116	3044	Guqcvju_Signed_.exe	69
PID 3832 wrote to memory of 3824	3832	TapiUnattend.exe	74
PID 3832 wrote to memory of 3824	3832	TapiUnattend.exe	74
PID 3832 wrote to memory of 3824	3832	TapiUnattend.exe	74
PID 3628 wrote to memory of 4008	3628	cmd.exe	76
PID 3628 wrote to memory of 4008	3628	cmd.exe	76
PID 3628 wrote to memory of 4008	3628	cmd.exe	76
PID 3824 wrote to memory of 3004	3824	cmd.exe	77
PID 3824 wrote to memory of 3004	3824	cmd.exe	77
PID 3628 wrote to memory of 3704	3628	cmd.exe	78
PID 3628 wrote to memory of 3704	3628	cmd.exe	78
PID 3628 wrote to memory of 3704	3628	cmd.exe	78

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3044 set thread context of 3116	3044	Guqcvju_Signed_.exe	69

Executes dropped EXE 1 IoCs

pid	Process
3004	fodhelper.exe

Loads dropped DLL 1 IoCs

pid	Process
3004	fodhelper.exe

Adds Run entry to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2066881839-3229799743-3576549721-1000\Software\Microsoft\Windows\CurrentVersion\Run\Guqc = "C:\\Users\\Admin\\AppData\\Local\\Guqc\\Guqc.hta"	Guqcvju_Signed_.exe

Modifies registry key 1 TTPs 2 IoCs

Modify Registry

T1112

pid	Process
3704	reg.exe
4008	reg.exe

Script User-Agent 1 IoCs

description	flow	ioc
HTTP User-Agent header	6	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

C:\Users\Admin\AppData\Local\Temp\Guqcvju_Signed_.exe
"C:\Users\Admin\AppData\Local\Temp\Guqcvju_Signed_.exe"
1⤵
- Suspicious use of WriteProcessMemory
- Suspicious use of SetThreadContext
- Adds Run entry to start application
PID:3044
- C:\Windows\SysWOW64\TapiUnattend.exe
  "C:\Windows\System32\TapiUnattend.exe"
  2⤵
  PID:3832
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Public\Natso.bat
    3⤵
    PID:3628
  - - C:\Windows\SysWOW64\reg.exe
      reg delete hkcu\Environment /v windir /f
      4⤵
      Modifies registry key
      PID:4008
  - - C:\Windows\SysWOW64\reg.exe
      reg add hkcu\Environment /v windir /d "cmd /c start /min C:\Users\Public\x.bat reg delete hkcu\Environment /v windir /f && REM "
      4⤵
      Modifies registry key
      PID:3704
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c C:\Users\Public\Runex.bat
    3⤵
    PID:3824
  - - C:\Windows \System32\fodhelper.exe
      "C:\Windows \System32\fodhelper.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3004
- C:\Program Files (x86)\internet explorer\ieinstal.exe
  "C:\Program Files (x86)\internet explorer\ieinstal.exe"
  2⤵
  PID:3116

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3044-124-0x0000000050480000-0x00000000504C0000-memory.dmp

Filesize
256KB

Download
memory/3116-129-0x0000000000660000-0x00000000007B6000-memory.dmp

Filesize
1.3MB

Download
memory/3116-127-0x0000000000660000-0x00000000007B6000-memory.dmp

Filesize
1.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads