4aa2f937edd661a5a3762c25d129d27085562e816e03a7063a5f43446608a730

General

Target

7d180125f28a3625c407fee1767c0df3.exe
Size

9.7MB
MD5

b48e8f6cd5f6b0785d39274d0633801d
SHA1

7fea985ab3d94abc817360c280a09c59a6b59f58
SHA256

4aa2f937edd661a5a3762c25d129d27085562e816e03a7063a5f43446608a730
SHA512

32cdb545541acd24a5b878c4c81e70cd2d63542697fce0dc363cadb317a1714bf028b4ad78dc7c1c57db08940e215150f96f6687098970f1ac54c0c7884529ec

Score

10^/10

discovery

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 1 IoCs

Processes:

WerFault.exe

description pid process target process

PID 3980 created 3188 3980 WerFault.exe UdioConverter.exe

description	pid	process	target process
PID 3980 created 3188	3980	WerFault.exe	UdioConverter.exe

ServiceHost packer 31 IoCs

Detects ServiceHost packer used for .NET malware

Processes:

resource	yara_rule
behavioral2/memory/3188-13-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-15-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-12-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-16-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-14-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-18-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-19-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-20-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-21-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-25-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-26-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-27-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-28-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-29-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-31-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-32-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-33-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-34-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-39-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-40-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-41-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-42-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-54-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-53-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-51-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-52-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-59-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-60-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-61-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-62-0x0000000000000000-mapping.dmp	servicehost
behavioral2/memory/3188-58-0x0000000000000000-mapping.dmp	servicehost

Executes dropped EXE 2 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.tmpUdioConverter.exe

pid process

4016 7d180125f28a3625c407fee1767c0df3.tmp
3188 UdioConverter.exe
Loads dropped DLL 1 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.tmp

pid process

4016 7d180125f28a3625c407fee1767c0df3.tmp
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 184 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.tmp

description	ioc	process
File created	C:\Program Files (x86)\UdioConverter 32bit\is-6JBKI.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-VHCRP.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-5FG6V.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-OBDN8.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\wavpack\is-VEOP8.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\mpc\is-DB35O.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\wavpack\is-39VHS.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\renametool.exe	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\ffmpeg\avformat-55.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-O6R7G.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\ffmpeg\is-TQDNA.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\is-9D8PE.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\ttaenc\is-ML0SB.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\ttaenc\is-SKSVS.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\CUETools.Codecs.FLAKE.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-J1H9C.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-BUQUS.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\is-39MBS.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\sox\is-3A6L4.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\bass_aac.dll	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\bass_ac3.dll	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\bass_tta.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-0AAVD.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\is-U5A01.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\src\fhgaacenc\is-HDLIF.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\is-M5IDF.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\bass_tak2.4.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-HJKCK.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-2UHN3.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-9UNJM.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-6V3AE.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\sox\is-NV3ER.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\wavpack\is-Q34G4.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\opusenc.exe	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\dcaenc.exe	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-Q40CK.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-CC0D3.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\is-OBU0T.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\src\fhgaacenc\is-76CLJ.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\CUETools.FLACCL.cmd.exe	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\OpenCLNet.dll	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\oggenc2.exe	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-SDOTG.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\OptimFROG.dll	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\libsndfile-1.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-SOBJ9.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-E0DLJ.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-RO0GM.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\basslib\bass_ofr.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-VHNM3.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-QN86O.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-DC7SV.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-6N04U.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\fdkaac\fdkaac.exe	7d180125f28a3625c407fee1767c0df3.tmp
File opened for modification	C:\Program Files (x86)\UdioConverter 32bit\Tools\flaccl\CUETools.Codecs.FLACCL.dll	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-VR04J.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-7I3LA.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\basslib\is-PL260.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-V5HVD.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\profiles\is-95GBL.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\Tools\fhgaacenc\src\fhgaacenc\is-JI5JH.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-O7VCT.tmp	7d180125f28a3625c407fee1767c0df3.tmp
File created	C:\Program Files (x86)\UdioConverter 32bit\is-20DA5.tmp	7d180125f28a3625c407fee1767c0df3.tmp

Program crash 5 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
200	3188	WerFault.exe	UdioConverter.exe
2924	3188	WerFault.exe	UdioConverter.exe
3980	3188	WerFault.exe	UdioConverter.exe
4036	3188	WerFault.exe	UdioConverter.exe
3928	3188	WerFault.exe	UdioConverter.exe

Suspicious behavior: EnumeratesProcesses 47 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.tmpUdioConverter.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
4016	7d180125f28a3625c407fee1767c0df3.tmp
4016	7d180125f28a3625c407fee1767c0df3.tmp
3188	UdioConverter.exe
3188	UdioConverter.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
200	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
2924	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe
3980	WerFault.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exe

description	pid	process
Token: SeRestorePrivilege	200	WerFault.exe
Token: SeBackupPrivilege	200	WerFault.exe
Token: SeDebugPrivilege	200	WerFault.exe
Token: SeDebugPrivilege	2924	WerFault.exe
Token: SeDebugPrivilege	3980	WerFault.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.tmp

pid process

4016 7d180125f28a3625c407fee1767c0df3.tmp

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

7d180125f28a3625c407fee1767c0df3.exe7d180125f28a3625c407fee1767c0df3.tmp

description	pid	process	target process
PID 576 wrote to memory of 4016	576	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 576 wrote to memory of 4016	576	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 576 wrote to memory of 4016	576	7d180125f28a3625c407fee1767c0df3.exe	7d180125f28a3625c407fee1767c0df3.tmp
PID 4016 wrote to memory of 3188	4016	7d180125f28a3625c407fee1767c0df3.tmp	UdioConverter.exe
PID 4016 wrote to memory of 3188	4016	7d180125f28a3625c407fee1767c0df3.tmp	UdioConverter.exe
PID 4016 wrote to memory of 3188	4016	7d180125f28a3625c407fee1767c0df3.tmp	UdioConverter.exe

C:\Users\Admin\AppData\Local\Temp\7d180125f28a3625c407fee1767c0df3.exe
"C:\Users\Admin\AppData\Local\Temp\7d180125f28a3625c407fee1767c0df3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:576

C:\Users\Admin\AppData\Local\Temp\is-NVS8E.tmp\7d180125f28a3625c407fee1767c0df3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NVS8E.tmp\7d180125f28a3625c407fee1767c0df3.tmp" /SL5="$20118,9852964,58368,C:\Users\Admin\AppData\Local\Temp\7d180125f28a3625c407fee1767c0df3.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4016

C:\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe
"C:\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe" 7d180125f28a3625c407fee1767c0df3.exe
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 820
4⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 824
4⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 792
4⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 836
4⤵
- Program crash
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 872
4⤵
- Program crash
PID:3928

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe
MD5
ada6ffe2d5feac62c6d71379cbca677f

SHA1
6ab66f0c0f239a2f0534ebda6ae097bf2ce6c02d

SHA256
4edb495fb84dc4ba5b2cd7896d83908c2ea0df4da8b1f601ae2ce17bc54c5096

SHA512
502dff71ca0ba0f3af47acf12a2b43aa43ce6008cfc0554d912015fc3a296a09cf95dd6890f6641ca3036e7c8b77e4521bf284903fb760dafb3223d23c2a806d

Download Submit
C:\Program Files (x86)\UdioConverter 32bit\UdioConverter.exe
MD5
ada6ffe2d5feac62c6d71379cbca677f

SHA1
6ab66f0c0f239a2f0534ebda6ae097bf2ce6c02d

SHA256
4edb495fb84dc4ba5b2cd7896d83908c2ea0df4da8b1f601ae2ce17bc54c5096

SHA512
502dff71ca0ba0f3af47acf12a2b43aa43ce6008cfc0554d912015fc3a296a09cf95dd6890f6641ca3036e7c8b77e4521bf284903fb760dafb3223d23c2a806d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NVS8E.tmp\7d180125f28a3625c407fee1767c0df3.tmp
MD5
cf03b2ebd31db778f46ca4e77fe6f68b

SHA1
01804b307afd53b4f98b731595c66a2779eb5262

SHA256
98df318c044a7501d784c5771b285cdf35cefaf1b01968d5f39aee4734b0dcab

SHA512
05e2fbea6d73ff9fb284723bcde31c52bc3955c40c675e606cb2fe9ca52a49d88920e0a9bdd9f00361fc06a7562e7c3623235d4364e528f1d37297cb3e524744

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-NVS8E.tmp\7d180125f28a3625c407fee1767c0df3.tmp
MD5
cf03b2ebd31db778f46ca4e77fe6f68b

SHA1
01804b307afd53b4f98b731595c66a2779eb5262

SHA256
98df318c044a7501d784c5771b285cdf35cefaf1b01968d5f39aee4734b0dcab

SHA512
05e2fbea6d73ff9fb284723bcde31c52bc3955c40c675e606cb2fe9ca52a49d88920e0a9bdd9f00361fc06a7562e7c3623235d4364e528f1d37297cb3e524744

Download Submit
\Users\Admin\AppData\Local\Temp\is-93LKR.tmp\_isetup\_iscrypt.dll
MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
memory/200-17-0x0000000004910000-0x0000000004911000-memory.dmp

Filesize
4KB

Download
memory/200-8-0x0000000004710000-0x0000000004711000-memory.dmp

Filesize
4KB

Download
memory/200-10-0x0000000004710000-0x0000000004711000-memory.dmp

Filesize
4KB

Download
memory/2924-30-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2924-22-0x0000000004F60000-0x0000000004F61000-memory.dmp

Filesize
4KB

Download
memory/3188-28-0x0000000000000000-mapping.dmp

Download
memory/3188-33-0x0000000000000000-mapping.dmp

Download
memory/3188-12-0x0000000000000000-mapping.dmp

Download
memory/3188-16-0x0000000000000000-mapping.dmp

Download
memory/3188-14-0x0000000000000000-mapping.dmp

Download
memory/3188-13-0x0000000000000000-mapping.dmp

Download
memory/3188-18-0x0000000000000000-mapping.dmp

Download
memory/3188-19-0x0000000000000000-mapping.dmp

Download
memory/3188-20-0x0000000000000000-mapping.dmp

Download
memory/3188-21-0x0000000000000000-mapping.dmp

Download
memory/3188-6-0x0000000005B10000-0x0000000005B11000-memory.dmp

Filesize
4KB

Download
memory/3188-25-0x0000000000000000-mapping.dmp

Download
memory/3188-26-0x0000000000000000-mapping.dmp

Download
memory/3188-27-0x0000000000000000-mapping.dmp

Download
memory/3188-7-0x0000000006310000-0x0000000006311000-memory.dmp

Filesize
4KB

Download
memory/3188-29-0x0000000000000000-mapping.dmp

Download
memory/3188-4-0x0000000000000000-mapping.dmp

Download
memory/3188-31-0x0000000000000000-mapping.dmp

Download
memory/3188-32-0x0000000000000000-mapping.dmp

Download
memory/3188-15-0x0000000000000000-mapping.dmp

Download
memory/3188-34-0x0000000000000000-mapping.dmp

Download
memory/3188-58-0x0000000000000000-mapping.dmp

Download
memory/3188-62-0x0000000000000000-mapping.dmp

Download
memory/3188-39-0x0000000000000000-mapping.dmp

Download
memory/3188-40-0x0000000000000000-mapping.dmp

Download
memory/3188-41-0x0000000000000000-mapping.dmp

Download
memory/3188-42-0x0000000000000000-mapping.dmp

Download
memory/3188-61-0x0000000000000000-mapping.dmp

Download
memory/3188-60-0x0000000000000000-mapping.dmp

Download
memory/3188-59-0x0000000000000000-mapping.dmp

Download
memory/3188-54-0x0000000000000000-mapping.dmp

Download
memory/3188-53-0x0000000000000000-mapping.dmp

Download
memory/3188-51-0x0000000000000000-mapping.dmp

Download
memory/3188-52-0x0000000000000000-mapping.dmp

Download
memory/3928-55-0x0000000004710000-0x0000000004711000-memory.dmp

Filesize
4KB

Download
memory/3980-43-0x00000000051D0000-0x00000000051D1000-memory.dmp

Filesize
4KB

Download
memory/3980-38-0x0000000004B10000-0x0000000004B11000-memory.dmp

Filesize
4KB

Download
memory/3980-35-0x0000000004710000-0x0000000004711000-memory.dmp

Filesize
4KB

Download
memory/4016-0-0x0000000000000000-mapping.dmp

Download
memory/4036-48-0x0000000005090000-0x0000000005091000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads