gozi_ifsb | 59d433bc2b7b0462f4866a79ae09c7a0ba5f61d9a1e427a174a21ace9a428d97

General

Target

richiedere,12.20.doc
Size

145KB
MD5

f6b2953ee71d517801697bb19e31b101
SHA1

6d7f15afba0bf1bf1f2cfb9d96a711ad714cce92
SHA256

59d433bc2b7b0462f4866a79ae09c7a0ba5f61d9a1e427a174a21ace9a428d97
SHA512

706896759453cf03abdcc2d64156209434e8c674379f26308b192c62b1857cd0d270cbc6e7b534de729d2d6c6e61ccc88521e37d1af67540333b7aa2865ad008

Score

10^/10

gozi_ifsb banker trojan

Malware Config

Signatures

Gozi, Gozi IFSB
Gozi ISFB is a well-known and widely distributed banking trojan.
banker trojan gozi_ifsb

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

regsvr32.exe

description	pid	pid_target	process	target process
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	4088	648	regsvr32.exe	WINWORD.EXE

Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

1016 regsvr32.exe

pid	process
1016	regsvr32.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

WINWORD.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Modifies Internet Explorer settings 1 TTPs 56 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0c118cf6ec9d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E8A53239-3561-11EB-B59A-6E25161A58E2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30853486"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{191C7D0F-3562-11EB-B59A-6E25161A58E2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3175922973"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 10ce2fc86ec9d601	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30853486"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3176077787"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000d1da9e26852abab079450f8afcb07c1f4eb48d055545c3d1785b0aa1cb2c5b54000000000e8000000002000020000000fd5b7dd46366804b8e8fd7bcdb558ef23ffcf4c6f900ae6c3be9dc47df6d5c68200000006d81feb6b6932664b4e457ba5c8885c51c0563593155062470ef9b5b287ad63740000000517a4a469ce65af5910ebe49ca595580c082b70b56bcaff018109888810244458db80c77505a7d0caddec4a5b3d7a85277a11fbc0b7bce8da6099ea90d7445e1	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a00000000020000000000106600000001000020000000f1b52b2255b90e77f64074f4cd22e85fccc1bc37832859b8c4f70365a8a28e7e000000000e800000000200002000000017f4f05fb6bc2d1f035b032e7298c38716523f3093797f0367dcc11c86b1ca44200000003617c3ceb996446f1fcffab69006b1625f3443902add67cfa17e15c1f4fe0bff400000004d0028ee55f79f0f8fa17c293f3e9ef3552cac1e024ed7b4d81b806b83d98fd7bc9e0b4d2ee31db767d3df6f16e3bf10a333f70d5176e1d4bbc7f7d5118a1f47	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a000000000200000000001066000000010000200000004bc4c63c5e9221aaa8944d4fe564a7659c42b894b80f55f8dc1f437aad04cde8000000000e80000000020000200000009427e9769ce7595cfdd2799bfa09b25c4b158db07694a46671fc6cde3bdf1dbf200000002786ae551bf7f03aacc80a6c3519cb407a2477d798df94df3994954a617f09b340000000c113b8e242afd42a872fafe2ae88d646943a61303314dac4c6795e3ebe608ee13d186d94b0965dd467e6ac1447fda079f00a0dcbeba6c35c377d9279545e4852	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = f0d373e46ec9d601	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001cad0ccd232972468e753df42302a60a0000000002000000000010660000000100002000000007ca351e92e8b5833c7bf42dcc4bc51f002b31f838ab51b8a44628056f9b7e54000000000e800000000200002000000006b5e6dd0ecb3afb1e66b20dd9afc836cbbb5175ebbbaac30645d9c03569a12920000000be3a5f42972ea9cd6dc79cd33832e0a02d5ad964f9617d7430618fa16270a38b40000000e06e85a9cef6c442a2a6f9b804735b74eb06450cc396b06c4ef26999b7cb419407ca2f1b99b6b3a9c3cbee7f1de81f7de0daeb14339460f8b5a44cf0348fe57b	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{0C1C2B1E-3562-11EB-B59A-6E25161A58E2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d00c4ac86ec9d601	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe

Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 21 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Suspicious behavior: AddClipboardFormatListener 2 IoCs

Processes:

WINWORD.EXE

pid process

648 WINWORD.EXE
648 WINWORD.EXE
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exe

pid process

1008 iexplore.exe
1040 iexplore.exe
1004 iexplore.exe

description	flow	ioc
HTTP User-Agent header	21	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

pid	process
1008	iexplore.exe
1040	iexplore.exe
1004	iexplore.exe

Suspicious use of SetWindowsHookEx 30 IoCs

Processes:

WINWORD.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
648	WINWORD.EXE
1008	iexplore.exe
1008	iexplore.exe
356	IEXPLORE.EXE
356	IEXPLORE.EXE
1040	iexplore.exe
1040	iexplore.exe
2208	IEXPLORE.EXE
2208	IEXPLORE.EXE
1004	iexplore.exe
1004	iexplore.exe
656	IEXPLORE.EXE
656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

WINWORD.EXEregsvr32.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 648 wrote to memory of 4088	648	WINWORD.EXE	regsvr32.exe
PID 648 wrote to memory of 4088	648	WINWORD.EXE	regsvr32.exe
PID 4088 wrote to memory of 1016	4088	regsvr32.exe	regsvr32.exe
PID 4088 wrote to memory of 1016	4088	regsvr32.exe	regsvr32.exe
PID 4088 wrote to memory of 1016	4088	regsvr32.exe	regsvr32.exe
PID 1008 wrote to memory of 356	1008	iexplore.exe	IEXPLORE.EXE
PID 1008 wrote to memory of 356	1008	iexplore.exe	IEXPLORE.EXE
PID 1008 wrote to memory of 356	1008	iexplore.exe	IEXPLORE.EXE
PID 1040 wrote to memory of 2208	1040	iexplore.exe	IEXPLORE.EXE
PID 1040 wrote to memory of 2208	1040	iexplore.exe	IEXPLORE.EXE
PID 1040 wrote to memory of 2208	1040	iexplore.exe	IEXPLORE.EXE
PID 1004 wrote to memory of 656	1004	iexplore.exe	IEXPLORE.EXE
PID 1004 wrote to memory of 656	1004	iexplore.exe	IEXPLORE.EXE
PID 1004 wrote to memory of 656	1004	iexplore.exe	IEXPLORE.EXE

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\richiedere,12.20.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:648

C:\Windows\SYSTEM32\regsvr32.exe
regsvr32 c:\programdata\JUreF.pdf
2⤵
- Process spawned unexpected child process
- Suspicious use of WriteProcessMemory
PID:4088

C:\Windows\SysWOW64\regsvr32.exe
c:\programdata\JUreF.pdf
3⤵
- Loads dropped DLL
PID:1016

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1008

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1008 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:356

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1040

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1040 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1004

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1004 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:656

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\programdata\JUreF.pdf
MD5
6dc320da82bfe9f897cd02fcd83c5d9b

SHA1
6ef252db67b1a0fe9b28c01cc6b7206fcb94a731

SHA256
31ace401668e11cf7874612cc2ce412dcb2ea96428e14f55364cde9214826023

SHA512
d9fea48b54e65439c650c9fa9ce3d70a485ba541710d160ff0dbdba5d21f1c7d22f89bd2bd0fe8fd247ad50da0ed9c452f3abd77aa9e86f580d359fa9cef65e6

Download Submit
\ProgramData\JUreF.pdf
MD5
6dc320da82bfe9f897cd02fcd83c5d9b

SHA1
6ef252db67b1a0fe9b28c01cc6b7206fcb94a731

SHA256
31ace401668e11cf7874612cc2ce412dcb2ea96428e14f55364cde9214826023

SHA512
d9fea48b54e65439c650c9fa9ce3d70a485ba541710d160ff0dbdba5d21f1c7d22f89bd2bd0fe8fd247ad50da0ed9c452f3abd77aa9e86f580d359fa9cef65e6

Download Submit
memory/356-10-0x0000000000000000-mapping.dmp

Download
memory/648-2-0x000001EB4E090000-0x000001EB4E6C7000-memory.dmp

Filesize
6.2MB

Download
memory/648-3-0x000001EB5676A000-0x000001EB5677B000-memory.dmp

Filesize
68KB

Download
memory/648-4-0x000001EB5676A000-0x000001EB5677B000-memory.dmp

Filesize
68KB

Download
memory/648-5-0x000001EB5677B000-0x000001EB56787000-memory.dmp

Filesize
48KB

Download
memory/656-12-0x0000000000000000-mapping.dmp

Download
memory/1016-8-0x0000000000000000-mapping.dmp

Download
memory/2208-11-0x0000000000000000-mapping.dmp

Download
memory/4088-6-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads