gozi_rm3 | 8f6b3ca7b7afd249f3fc68f7ff2ce5ca5a206c2a1d123b5ac3aa28bf7f1eabd8

General

Target

Software Two Pty Ltd.exe
Size

279KB
MD5

e51e8d553d497180c028cbd9b3123d32
SHA1

902d5707d5e8d6d4e6f6e60e1b95aea5609723c6
SHA256

8f6b3ca7b7afd249f3fc68f7ff2ce5ca5a206c2a1d123b5ac3aa28bf7f1eabd8
SHA512

5ed08018b744233fd72f3c283b55e3809cc628e6d82edcbdf6f9ae6170c6e20faa8fc499d0949fc68695f98d757701418247b955f261a95bf7b6dc31b155f437

Score

10^/10

gozi_rm3 202105141 banker trojan

Malware Config

Extracted

Family

gozi_rm3

Botnet

202105141

C2

https://robonight.xyz

Attributes

build
300968
exe_type
loader
non_target_locale
RU
server_id
12
url_path
index.htm

rsa_pubkey.plain

serpent.plain

Signatures

Gozi RM3
A heavily modified version of Gozi using RM3 loader.
banker trojan gozi_rm3

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a066e03b4e51d701	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3ECFFFD5-BD41-11EB-B2DB-CEF18E2DA9C2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 603a87244e51d701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c369e1f7dd80e4a838305ff88bb1ffa00000000020000000000106600000001000020000000f9108e88cbea6358e1a57e3234e423403f5b05a554ba1c617e0312e50b2af4e3000000000e80000000020000200000004fd6a14dc8d5f54f458f21aa9da6c23f3eb0e753d5423bcb661c9e09fe76a05f2000000007d241709f717676adfec360bd74c5f18b9677f93532bea7817a73f3d98c2864400000007e369a9717b52888f97ae3df9cc88263a13e35f78a4ec5e4afdc28661e1e0411ff91880a475b3aba32f817aff1108723c3e20810c18cc681f27c0821cabf6d02	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{78FE019D-BD41-11EB-B2DB-CEF18E2DA9C2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{8D1BD8F9-BD41-11EB-B2DB-CEF18E2DA9C2} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c369e1f7dd80e4a838305ff88bb1ffa00000000020000000000106600000001000020000000b2e55998e06058fae0d87b73569d18089705aa4c0a5e3bc584a9f010a432f3bf000000000e8000000002000020000000c296e1972a4fd338f9837859fc1c7f364617d5ddd0a415838c7a9877bf064c7320000000d8efdc91863d12649a2cc6f92655e0f5777e60238f019aee03aaa217450b643b40000000f40b41a7a0bffc37bf3d752abfb9ed90c8137bf9f74de6d69f0b462e92d7d498b3aac1ab1b29716581298aa4ab21ffa1bab83b46294a5c85c2c21f0ec4131c45	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5052d8344e51d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{63AC9AB7-BD41-11EB-B2DB-CEF18E2DA9C2} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c369e1f7dd80e4a838305ff88bb1ffa000000000200000000001066000000010000200000003ad955ce39099408693d8f5d4eca9b47cb2824e484b37c231560cd9cdf44ac9f000000000e80000000020000200000008506268256e0c0a2b85e0e4bfd36f4f2bb7a4640f4edd6348bb6b7be7a6e529a2000000057f97813658f0441b6f9402a2761f33d8c5cf65207ea6eaaa22f7c7619d7253d4000000098c8fb658afb53b5c08759473449f28e393cb980637e2b965500f57dcb3412cd5405777f6d6c5d4044c7a2174b91519b5f4b217a502f0b9fea291ff294744f3c	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c369e1f7dd80e4a838305ff88bb1ffa00000000020000000000106600000001000020000000263453ad3f425b90b3d5dc9d40d09a3a3d29421d88d908ee20ec1964a4056663000000000e80000000020000200000000349e2a7c62fbd03712ad4bec019939079daf0e95b60a76056b8520e8ef3f2b6200000003d0ce343bec34bf70b70dd349b19192d6f2b37b6ddee7f8b34fe19f69892e7a04000000034855973cd88c5fe6e22dd125cc2e50f4aed7cc3741f899bdb9d811de08bb1b53a8a6c91530e4600e5492f4757e2953483c18f24af5a137ec5b7b4bad09348d8	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 1034a6244e51d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007c369e1f7dd80e4a838305ff88bb1ffa00000000020000000000106600000001000020000000f0c5aeacb6ad490ec40b68dfa8ff6e483da78559f73deec9f3d4afb491f01812000000000e8000000002000020000000541b19ef3a98bc6c92151c38a451d01c71a67c85cdcea5c6b0ec39ee6dc3696f200000005ed21ba21dda0ed64a9f78f2b36b0bf0385cf10794c3e0476af9a86cbcf37bd34000000077fbb7f1a4369864f093ac1a65c69e88a7bf4c9646e27b9e5e378544cb2901d3e92ebb2c359427d6ea2ac57e45fce8171b0dfefe01d680e52a5f3974367f40d1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 5026b62d4e51d701	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

2856 iexplore.exe
2220 iexplore.exe
3988 iexplore.exe
416 iexplore.exe
2876 iexplore.exe

Suspicious use of SetWindowsHookEx 20 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
2856	iexplore.exe
2856	iexplore.exe
2560	IEXPLORE.EXE
2560	IEXPLORE.EXE
2220	iexplore.exe
2220	iexplore.exe
2700	IEXPLORE.EXE
2700	IEXPLORE.EXE
3988	iexplore.exe
3988	iexplore.exe
3888	IEXPLORE.EXE
3888	IEXPLORE.EXE
416	iexplore.exe
416	iexplore.exe
1468	IEXPLORE.EXE
1468	IEXPLORE.EXE
2876	iexplore.exe
2876	iexplore.exe
3068	IEXPLORE.EXE
3068	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 2856 wrote to memory of 2560	2856	iexplore.exe	IEXPLORE.EXE
PID 2856 wrote to memory of 2560	2856	iexplore.exe	IEXPLORE.EXE
PID 2856 wrote to memory of 2560	2856	iexplore.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2700	2220	iexplore.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2700	2220	iexplore.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2700	2220	iexplore.exe	IEXPLORE.EXE
PID 3988 wrote to memory of 3888	3988	iexplore.exe	IEXPLORE.EXE
PID 3988 wrote to memory of 3888	3988	iexplore.exe	IEXPLORE.EXE
PID 3988 wrote to memory of 3888	3988	iexplore.exe	IEXPLORE.EXE
PID 416 wrote to memory of 1468	416	iexplore.exe	IEXPLORE.EXE
PID 416 wrote to memory of 1468	416	iexplore.exe	IEXPLORE.EXE
PID 416 wrote to memory of 1468	416	iexplore.exe	IEXPLORE.EXE
PID 2876 wrote to memory of 3068	2876	iexplore.exe	IEXPLORE.EXE
PID 2876 wrote to memory of 3068	2876	iexplore.exe	IEXPLORE.EXE
PID 2876 wrote to memory of 3068	2876	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\Software Two Pty Ltd.exe
"C:\Users\Admin\AppData\Local\Temp\Software Two Pty Ltd.exe"
1⤵
PID:644

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2856 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3988

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3988 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3888

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:416

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:416 CREDAT:82945 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2876 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3068

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/416-125-0x00007FFA223E0000-0x00007FFA2244B000-memory.dmp

Filesize
428KB

Download
memory/644-115-0x0000000001000000-0x0000000001055000-memory.dmp

Filesize
340KB

Download
memory/644-116-0x0000000000D30000-0x0000000000D44000-memory.dmp

Filesize
80KB

Download
memory/644-114-0x00000000001D0000-0x00000000001DE000-memory.dmp

Filesize
56KB

Download
memory/1468-126-0x0000000000000000-mapping.dmp

Download
memory/2220-121-0x00007FFA223E0000-0x00007FFA2244B000-memory.dmp

Filesize
428KB

Download
memory/2560-120-0x0000000000000000-mapping.dmp

Download
memory/2700-122-0x0000000000000000-mapping.dmp

Download
memory/2856-119-0x00007FFA13E50000-0x00007FFA13EBB000-memory.dmp

Filesize
428KB

Download
memory/2876-127-0x00007FFA223E0000-0x00007FFA2244B000-memory.dmp

Filesize
428KB

Download
memory/3068-128-0x0000000000000000-mapping.dmp

Download
memory/3888-124-0x0000000000000000-mapping.dmp

Download
memory/3988-123-0x00007FFA223E0000-0x00007FFA2244B000-memory.dmp

Filesize
428KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads