remcos | 86c9b8f7003a77106c1746a855da645783d6ed30fffa45350554ab2edd0e1290

General

Target

75288df36386c8ce9ad16ff78d6cf3ca.exe
Size

1.3MB
MD5

75288df36386c8ce9ad16ff78d6cf3ca
SHA1

3f8553a2bfeac57bb76cb4e2050d3aa7fa0a111a
SHA256

86c9b8f7003a77106c1746a855da645783d6ed30fffa45350554ab2edd0e1290
SHA512

7701c1630fa0c19afb98321dc9af635e64080dcbefb356f95051165e84dd27405a919a8ae77e5d38a568a7ce24b9977cd61c45920315c82a73b760080704b0f6

Score

10^/10

remcos persistence rat

Malware Config

Extracted

Family

remcos

C2

swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu:2017

Signatures

Remcos
Remcos is a closed-source remote control and surveillance software.
rat remcos
Executes dropped EXE 3 IoCs

Processes:

vlc.exevlc.exevlc.exe

pid process

432 vlc.exe
2568 vlc.exe
2836 vlc.exe

pid	process
432	vlc.exe
2568	vlc.exe
2836	vlc.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

75288df36386c8ce9ad16ff78d6cf3ca.exevlc.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\win = "\"C:\\Users\\Admin\\AppData\\Roaming\\vlc.exe\""	75288df36386c8ce9ad16ff78d6cf3ca.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\	vlc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\win = "\"C:\\Users\\Admin\\AppData\\Roaming\\vlc.exe\""	vlc.exe
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000\Software\Microsoft\Windows\CurrentVersion\Run\	75288df36386c8ce9ad16ff78d6cf3ca.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 24 IoCs

Processes:

75288df36386c8ce9ad16ff78d6cf3ca.exevlc.exe

pid	process
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

75288df36386c8ce9ad16ff78d6cf3ca.exevlc.exe

description	pid	process	target process
PID 4700 set thread context of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 432 set thread context of 2836	432	vlc.exe	vlc.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

3904 4700 WerFault.exe 75288df36386c8ce9ad16ff78d6cf3ca.exe
4588 432 WerFault.exe vlc.exe
Delays execution with timeout.exe 6 IoCs
evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid process

4060 timeout.exe
1596 timeout.exe
1748 timeout.exe
2356 timeout.exe
3444 timeout.exe
3220 timeout.exe

pid	pid_target	process	target process
3904	4700	WerFault.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
4588	432	WerFault.exe	vlc.exe

pid	process
4060	timeout.exe
1596	timeout.exe
1748	timeout.exe
2356	timeout.exe
3444	timeout.exe
3220	timeout.exe

Modifies registry class 1 IoCs

Processes:

75288df36386c8ce9ad16ff78d6cf3ca.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3341490333-719741536-2920803124-1000_Classes\Local Settings	75288df36386c8ce9ad16ff78d6cf3ca.exe

Suspicious behavior: EnumeratesProcesses 39 IoCs

Processes:

75288df36386c8ce9ad16ff78d6cf3ca.exeWerFault.exevlc.exeWerFault.exe

pid	process
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
3904	WerFault.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
432	vlc.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe
4588	WerFault.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

vlc.exe

pid process

2836 vlc.exe

pid	process
2836	vlc.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

75288df36386c8ce9ad16ff78d6cf3ca.exeWerFault.exevlc.exeWerFault.exe

description	pid	process
Token: SeDebugPrivilege	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe
Token: SeRestorePrivilege	3904	WerFault.exe
Token: SeBackupPrivilege	3904	WerFault.exe
Token: SeDebugPrivilege	3904	WerFault.exe
Token: SeDebugPrivilege	432	vlc.exe
Token: SeDebugPrivilege	4588	WerFault.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

vlc.exe

pid process

2836 vlc.exe

pid	process
2836	vlc.exe

Suspicious use of WriteProcessMemory 68 IoCs

Processes:

75288df36386c8ce9ad16ff78d6cf3ca.execmd.execmd.execmd.exe75288df36386c8ce9ad16ff78d6cf3ca.exeWScript.execmd.exevlc.execmd.execmd.execmd.exe

description	pid	process	target process
PID 4700 wrote to memory of 3516	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	cmd.exe
PID 4700 wrote to memory of 3516	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	cmd.exe
PID 4700 wrote to memory of 3516	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	cmd.exe
PID 3516 wrote to memory of 3444	3516	cmd.exe	timeout.exe
PID 3516 wrote to memory of 3444	3516	cmd.exe	timeout.exe
PID 3516 wrote to memory of 3444	3516	cmd.exe	timeout.exe
PID 4700 wrote to memory of 788	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	cmd.exe
PID 4700 wrote to memory of 788	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	cmd.exe
PID 4700 wrote to memory of 788	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	cmd.exe
PID 788 wrote to memory of 3220	788	cmd.exe	timeout.exe
PID 788 wrote to memory of 3220	788	cmd.exe	timeout.exe
PID 788 wrote to memory of 3220	788	cmd.exe	timeout.exe
PID 4700 wrote to memory of 4208	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	cmd.exe
PID 4700 wrote to memory of 4208	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	cmd.exe
PID 4700 wrote to memory of 4208	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	cmd.exe
PID 4208 wrote to memory of 4060	4208	cmd.exe	timeout.exe
PID 4208 wrote to memory of 4060	4208	cmd.exe	timeout.exe
PID 4208 wrote to memory of 4060	4208	cmd.exe	timeout.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 4700 wrote to memory of 560	4700	75288df36386c8ce9ad16ff78d6cf3ca.exe	75288df36386c8ce9ad16ff78d6cf3ca.exe
PID 560 wrote to memory of 2112	560	75288df36386c8ce9ad16ff78d6cf3ca.exe	WScript.exe
PID 560 wrote to memory of 2112	560	75288df36386c8ce9ad16ff78d6cf3ca.exe	WScript.exe
PID 560 wrote to memory of 2112	560	75288df36386c8ce9ad16ff78d6cf3ca.exe	WScript.exe
PID 2112 wrote to memory of 4448	2112	WScript.exe	cmd.exe
PID 2112 wrote to memory of 4448	2112	WScript.exe	cmd.exe
PID 2112 wrote to memory of 4448	2112	WScript.exe	cmd.exe
PID 4448 wrote to memory of 432	4448	cmd.exe	vlc.exe
PID 4448 wrote to memory of 432	4448	cmd.exe	vlc.exe
PID 4448 wrote to memory of 432	4448	cmd.exe	vlc.exe
PID 432 wrote to memory of 1324	432	vlc.exe	cmd.exe
PID 432 wrote to memory of 1324	432	vlc.exe	cmd.exe
PID 432 wrote to memory of 1324	432	vlc.exe	cmd.exe
PID 1324 wrote to memory of 1596	1324	cmd.exe	timeout.exe
PID 1324 wrote to memory of 1596	1324	cmd.exe	timeout.exe
PID 1324 wrote to memory of 1596	1324	cmd.exe	timeout.exe
PID 432 wrote to memory of 1816	432	vlc.exe	cmd.exe
PID 432 wrote to memory of 1816	432	vlc.exe	cmd.exe
PID 432 wrote to memory of 1816	432	vlc.exe	cmd.exe
PID 1816 wrote to memory of 1748	1816	cmd.exe	timeout.exe
PID 1816 wrote to memory of 1748	1816	cmd.exe	timeout.exe
PID 1816 wrote to memory of 1748	1816	cmd.exe	timeout.exe
PID 432 wrote to memory of 2196	432	vlc.exe	cmd.exe
PID 432 wrote to memory of 2196	432	vlc.exe	cmd.exe
PID 432 wrote to memory of 2196	432	vlc.exe	cmd.exe
PID 2196 wrote to memory of 2356	2196	cmd.exe	timeout.exe
PID 2196 wrote to memory of 2356	2196	cmd.exe	timeout.exe
PID 2196 wrote to memory of 2356	2196	cmd.exe	timeout.exe
PID 432 wrote to memory of 2568	432	vlc.exe	vlc.exe
PID 432 wrote to memory of 2568	432	vlc.exe	vlc.exe
PID 432 wrote to memory of 2568	432	vlc.exe	vlc.exe
PID 432 wrote to memory of 2836	432	vlc.exe	vlc.exe
PID 432 wrote to memory of 2836	432	vlc.exe	vlc.exe
PID 432 wrote to memory of 2836	432	vlc.exe	vlc.exe
PID 432 wrote to memory of 2836	432	vlc.exe	vlc.exe
PID 432 wrote to memory of 2836	432	vlc.exe	vlc.exe
PID 432 wrote to memory of 2836	432	vlc.exe	vlc.exe

C:\Users\Admin\AppData\Local\Temp\75288df36386c8ce9ad16ff78d6cf3ca.exe
"C:\Users\Admin\AppData\Local\Temp\75288df36386c8ce9ad16ff78d6cf3ca.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4700

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
2⤵
- Suspicious use of WriteProcessMemory
PID:3516

C:\Windows\SysWOW64\timeout.exe
timeout 1
3⤵
- Delays execution with timeout.exe
PID:3444

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
2⤵
- Suspicious use of WriteProcessMemory
PID:788

C:\Windows\SysWOW64\timeout.exe
timeout 1
3⤵
- Delays execution with timeout.exe
PID:3220

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
2⤵
- Suspicious use of WriteProcessMemory
PID:4208

C:\Windows\SysWOW64\timeout.exe
timeout 1
3⤵
- Delays execution with timeout.exe
PID:4060

C:\Users\Admin\AppData\Local\Temp\75288df36386c8ce9ad16ff78d6cf3ca.exe
"C:\Users\Admin\AppData\Local\Temp\75288df36386c8ce9ad16ff78d6cf3ca.exe"
2⤵
- Adds Run key to start application
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:560

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\install.vbs"
3⤵
- Suspicious use of WriteProcessMemory
PID:2112

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c "C:\Users\Admin\AppData\Roaming\vlc.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:4448

C:\Users\Admin\AppData\Roaming\vlc.exe
C:\Users\Admin\AppData\Roaming\vlc.exe
5⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:432

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
6⤵
- Suspicious use of WriteProcessMemory
PID:1324

C:\Windows\SysWOW64\timeout.exe
timeout 1
7⤵
- Delays execution with timeout.exe
PID:1596

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
6⤵
- Suspicious use of WriteProcessMemory
PID:1816

C:\Windows\SysWOW64\timeout.exe
timeout 1
7⤵
- Delays execution with timeout.exe
PID:1748

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c timeout 1
6⤵
- Suspicious use of WriteProcessMemory
PID:2196

C:\Windows\SysWOW64\timeout.exe
timeout 1
7⤵
- Delays execution with timeout.exe
PID:2356

C:\Users\Admin\AppData\Roaming\vlc.exe
"C:\Users\Admin\AppData\Roaming\vlc.exe"
6⤵
- Executes dropped EXE
PID:2568

C:\Users\Admin\AppData\Roaming\vlc.exe
"C:\Users\Admin\AppData\Roaming\vlc.exe"
6⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 432 -s 1568
6⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 1564
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3904

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\install.vbs
MD5
0fd303b21c1a43c6a9078e6f5280ca85

SHA1
0db8f1ae34f4e2e72184e337951fde826c0bd26f

SHA256
5d8c6cfdf8fc198c4fd279487e5c1620ece89e39781c6337f4cb5e111e606ddc

SHA512
be4cdd48940bead0274c7cf08abd9bc75b5db468159cbf883198712d0bb15ad81a069638c628eba62237cfa0a197f845c0d9e1f4727c9608a8d642f7aba38671

Download Submit
C:\Users\Admin\AppData\Roaming\vlc.exe
MD5
75288df36386c8ce9ad16ff78d6cf3ca

SHA1
3f8553a2bfeac57bb76cb4e2050d3aa7fa0a111a

SHA256
86c9b8f7003a77106c1746a855da645783d6ed30fffa45350554ab2edd0e1290

SHA512
7701c1630fa0c19afb98321dc9af635e64080dcbefb356f95051165e84dd27405a919a8ae77e5d38a568a7ce24b9977cd61c45920315c82a73b760080704b0f6

Download Submit
C:\Users\Admin\AppData\Roaming\vlc.exe
MD5
75288df36386c8ce9ad16ff78d6cf3ca

SHA1
3f8553a2bfeac57bb76cb4e2050d3aa7fa0a111a

SHA256
86c9b8f7003a77106c1746a855da645783d6ed30fffa45350554ab2edd0e1290

SHA512
7701c1630fa0c19afb98321dc9af635e64080dcbefb356f95051165e84dd27405a919a8ae77e5d38a568a7ce24b9977cd61c45920315c82a73b760080704b0f6

Download Submit
C:\Users\Admin\AppData\Roaming\vlc.exe
MD5
75288df36386c8ce9ad16ff78d6cf3ca

SHA1
3f8553a2bfeac57bb76cb4e2050d3aa7fa0a111a

SHA256
86c9b8f7003a77106c1746a855da645783d6ed30fffa45350554ab2edd0e1290

SHA512
7701c1630fa0c19afb98321dc9af635e64080dcbefb356f95051165e84dd27405a919a8ae77e5d38a568a7ce24b9977cd61c45920315c82a73b760080704b0f6

Download Submit
C:\Users\Admin\AppData\Roaming\vlc.exe
MD5
75288df36386c8ce9ad16ff78d6cf3ca

SHA1
3f8553a2bfeac57bb76cb4e2050d3aa7fa0a111a

SHA256
86c9b8f7003a77106c1746a855da645783d6ed30fffa45350554ab2edd0e1290

SHA512
7701c1630fa0c19afb98321dc9af635e64080dcbefb356f95051165e84dd27405a919a8ae77e5d38a568a7ce24b9977cd61c45920315c82a73b760080704b0f6

Download Submit
memory/432-23-0x0000000000000000-mapping.dmp

Download
memory/432-26-0x0000000073CE0000-0x00000000743CE000-memory.dmp

Filesize
6.9MB

Download
memory/560-16-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/560-15-0x0000000000413FA4-mapping.dmp

Download
memory/560-14-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/788-9-0x0000000000000000-mapping.dmp

Download
memory/1324-31-0x0000000000000000-mapping.dmp

Download
memory/1596-32-0x0000000000000000-mapping.dmp

Download
memory/1748-34-0x0000000000000000-mapping.dmp

Download
memory/1816-33-0x0000000000000000-mapping.dmp

Download
memory/2112-17-0x0000000000000000-mapping.dmp

Download
memory/2196-36-0x0000000000000000-mapping.dmp

Download
memory/2356-37-0x0000000000000000-mapping.dmp

Download
memory/2836-42-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2836-40-0x0000000000413FA4-mapping.dmp

Download
memory/3220-10-0x0000000000000000-mapping.dmp

Download
memory/3444-8-0x0000000000000000-mapping.dmp

Download
memory/3516-7-0x0000000000000000-mapping.dmp

Download
memory/3904-18-0x0000000004EA0000-0x0000000004EA1000-memory.dmp

Filesize
4KB

Download
memory/4060-13-0x0000000000000000-mapping.dmp

Download
memory/4208-12-0x0000000000000000-mapping.dmp

Download
memory/4448-22-0x0000000000000000-mapping.dmp

Download
memory/4588-43-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/4700-2-0x0000000073CE0000-0x00000000743CE000-memory.dmp

Filesize
6.9MB

Download
memory/4700-6-0x0000000004B20000-0x0000000004B4F000-memory.dmp

Filesize
188KB

Download
memory/4700-11-0x0000000005D50000-0x0000000005D51000-memory.dmp

Filesize
4KB

Download
memory/4700-5-0x0000000004BA0000-0x0000000004BA1000-memory.dmp

Filesize
4KB

Download
memory/4700-3-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads