dridex | hxxps://cdn[.]discordapp[.]com/attachments/869191622208925709/869213951068614656/Invoice_3326809[.]xlsm

General

Target

https://cdn.discordapp.com/attachments/869191622208925709/869213951068614656/Invoice_3326809.xlsm
Sample

210727-kmz1n1vl36

Score

10^/10

dridex 22202 botnet evasion loader macro trojan

Malware Config

Extracted

Family

dridex

Botnet

22202

C2

45.79.33.48:443

139.162.202.74:5007

68.183.216.174:7443

rc4.plain

Signatures

Dridex
Dridex(known as Bugat/Cridex) is a form of malware that specializes in stealing bank credentials.
botnet dridex

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

mshta.exe

description	pid	pid_target	process	target process
Parent C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE is not expected to spawn this process	4452	2732	mshta.exe	EXCEL.EXE

Dridex Loader 1 IoCs

Detects Dridex both x86 and x64 loader in memory.

botnet loader

Processes:

resource	yara_rule
behavioral1/memory/4576-287-0x000000006F350000-0x000000006F380000-memory.dmp	dridex_ldr

Blocklisted process makes network request 1 IoCs

Processes:

mshta.exe

flow pid process

27 4452 mshta.exe
Downloads MZ/PE file

flow	pid	process
27	4452	mshta.exe

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OVHLE5P6\Invoice_3326809.xlsm.9unrd1b.partial	office_macros

Loads dropped DLL 1 IoCs

Processes:

rundll32.exe

pid process

4576 rundll32.exe
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

rundll32.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe

pid	process
4576	rundll32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

EXCEL.EXE

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 339704ea112ed701	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 44 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{5EB9B191-EEBC-11EB-A11C-56F1F4F21F1A} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "863297995"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "873767490"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30900937"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "334142813"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30900937"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "334191400"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "863297995"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "334159408"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30900937"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\RepId\PublicId = "{B0750D46-F511-4271-AF8D-FC4ECE3A5A2A}"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Modifies registry class 1 IoCs

Processes:

iexplore.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings iexplore.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

2732 EXCEL.EXE
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

iexplore.exeEXCEL.EXE

pid process

3944 iexplore.exe
3944 iexplore.exe
2732 EXCEL.EXE
2732 EXCEL.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3686645723-710336880-414668232-1000_Classes\Local Settings	iexplore.exe

pid	process
2732	EXCEL.EXE

Suspicious use of SetWindowsHookEx 24 IoCs

Processes:

iexplore.exeIEXPLORE.EXEEXCEL.EXE

pid	process
3944	iexplore.exe
3944	iexplore.exe
1328	IEXPLORE.EXE
1328	IEXPLORE.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE
2732	EXCEL.EXE

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

iexplore.exeEXCEL.EXEmshta.exerundll32.exe

description	pid	process	target process
PID 3944 wrote to memory of 1328	3944	iexplore.exe	IEXPLORE.EXE
PID 3944 wrote to memory of 1328	3944	iexplore.exe	IEXPLORE.EXE
PID 3944 wrote to memory of 1328	3944	iexplore.exe	IEXPLORE.EXE
PID 3944 wrote to memory of 2732	3944	iexplore.exe	EXCEL.EXE
PID 3944 wrote to memory of 2732	3944	iexplore.exe	EXCEL.EXE
PID 3944 wrote to memory of 2732	3944	iexplore.exe	EXCEL.EXE
PID 2732 wrote to memory of 4452	2732	EXCEL.EXE	mshta.exe
PID 2732 wrote to memory of 4452	2732	EXCEL.EXE	mshta.exe
PID 4452 wrote to memory of 4552	4452	mshta.exe	rundll32.exe
PID 4452 wrote to memory of 4552	4452	mshta.exe	rundll32.exe
PID 4552 wrote to memory of 4576	4552	rundll32.exe	rundll32.exe
PID 4552 wrote to memory of 4576	4552	rundll32.exe	rundll32.exe
PID 4552 wrote to memory of 4576	4552	rundll32.exe	rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://cdn.discordapp.com/attachments/869191622208925709/869213951068614656/Invoice_3326809.xlsm
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3944

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3944 CREDAT:82945 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OVHLE5P6\Invoice_3326809.xlsm"
2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732

C:\Windows\SYSTEM32\mshta.exe
mshta C:\ProgramData//theParamTypeSmallInt.sct
3⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
- Suspicious use of WriteProcessMemory
PID:4452

C:\Windows\SYSTEM32\rundll32.exe
rundll32.exe C:\ProgramData\qPaperEnvelopePersonal.dll,AddLookaside
4⤵
- Suspicious use of WriteProcessMemory
PID:4552

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\ProgramData\qPaperEnvelopePersonal.dll,AddLookaside
5⤵
- Loads dropped DLL
- Checks whether UAC is enabled
PID:4576

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

3

T1082

Query Registry

2

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\qPaperEnvelopePersonal.dll
MD5
98cba5d4e3bc55750e6716b3d952e375

SHA1
2b8ae91d2d044eeae4456fb000cd92583abcdfe3

SHA256
00072be4185289677e5babb9fda5279b5c2886683ebd7ea22d36f4bc9683b3e5

SHA512
52a392878a8fd99ea1100f36c42c29886cd49a2c03c3aec862731f97517950010c0af44a04a304861c9402d3aa8405e6e04408d52e3ee42d311dbdd1960ff953

Download Submit
C:\ProgramData\theParamTypeSmallInt.sct
MD5
92a9626c7da7b2e83ffc085503d472dd

SHA1
9eb0f57b72a6ebb0be7d6c2008cda52e4dbd70fc

SHA256
04a3042944f0aeab3f11c71769513509a2c697bdb0a19b8d0cd42a9f77d5b987

SHA512
89a9f0485f348f991bc63559ae34d3cc739f6e60639c162415b59b48aef24815f86628a60415bf81c9d58e4064ebae7102181e2de69c06022766127c6cdec6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\OVHLE5P6\Invoice_3326809.xlsm.9unrd1b.partial
MD5
86c63e5a375f54c79cfa007828400a5d

SHA1
858168c7285d60d905470d70c32962a1367ea947

SHA256
297fa628e174f62edfc8ecf1e4ec79d8f177fe89308a0c04a0b55693af0a776f

SHA512
39c357bef2f317080dc115803d211a1d8294360a7002e38a8e7d7a5cd86d2b3c0d6faaa9535e2c5787dfc00b7e450ee03e3b3f259e0dd95e196a850a16d45f79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\DQN394Q4.cookie
MD5
81fce24bf7ee966b37a21910dd50bd3e

SHA1
64ce52e9c4cf38d088dcaf4ccfe40bb7171ec20f

SHA256
293e1410b11bcb08f89a8a9f26195856caffb697296cfe0cf10d81a321526477

SHA512
9ac5c31a88664259154a8d20d89cf46495556f7d5f9f2971ceed7f4c4b2029f56c327eb8b0ff89bf67a146104145824ccf47d28757438f948f7cf21b47b5dd44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\ITSAV4WV.cookie
MD5
6f6b3684523e5fe4554b6464bbfe9565

SHA1
151349d9c58c5c6e7f26415b929d569786c6dcee

SHA256
0bf327af597893982b72f8f7e349df4835073762a9231c06f6ce4a6c1a53ad05

SHA512
496934cbdfebd800ee7b33ec814a2e905d9910eea49938b035f976a631df260b60a2d74af25903e0e81139b067cedd73b67f5f1a291aaa3a72b8df643e67249a

Download Submit
\ProgramData\qPaperEnvelopePersonal.dll
MD5
98cba5d4e3bc55750e6716b3d952e375

SHA1
2b8ae91d2d044eeae4456fb000cd92583abcdfe3

SHA256
00072be4185289677e5babb9fda5279b5c2886683ebd7ea22d36f4bc9683b3e5

SHA512
52a392878a8fd99ea1100f36c42c29886cd49a2c03c3aec862731f97517950010c0af44a04a304861c9402d3aa8405e6e04408d52e3ee42d311dbdd1960ff953

Download Submit
memory/1328-115-0x0000000000000000-mapping.dmp

Download
memory/2732-119-0x00007FFDA2790000-0x00007FFDA27A0000-memory.dmp

Filesize
64KB

Download
memory/2732-91933-0x00007FFDA2790000-0x00007FFDA27A0000-memory.dmp

Filesize
64KB

Download
memory/2732-123-0x00007FFDA2790000-0x00007FFDA27A0000-memory.dmp

Filesize
64KB

Download
memory/2732-126-0x00007FFDC2530000-0x00007FFDC361E000-memory.dmp

Filesize
16.9MB

Download
memory/2732-127-0x00007FFDC0630000-0x00007FFDC2525000-memory.dmp

Filesize
31.0MB

Download
memory/2732-117-0x0000000000000000-mapping.dmp

Download
memory/2732-121-0x00007FFDA2790000-0x00007FFDA27A0000-memory.dmp

Filesize
64KB

Download
memory/2732-122-0x00007FFDA2790000-0x00007FFDA27A0000-memory.dmp

Filesize
64KB

Download
memory/2732-120-0x00007FFDA2790000-0x00007FFDA27A0000-memory.dmp

Filesize
64KB

Download
memory/2732-91929-0x00007FFDA2790000-0x00007FFDA27A0000-memory.dmp

Filesize
64KB

Download
memory/2732-64717-0x00007FFDBA0B0000-0x00007FFDBAF7D000-memory.dmp

Filesize
14.8MB

Download
memory/2732-91932-0x00007FFDA2790000-0x00007FFDA27A0000-memory.dmp

Filesize
64KB

Download
memory/2732-91928-0x00007FFDA2790000-0x00007FFDA27A0000-memory.dmp

Filesize
64KB

Download
memory/2732-118-0x00007FF7E0A10000-0x00007FF7E3FC6000-memory.dmp

Filesize
53.7MB

Download
memory/3944-114-0x00007FFDD9A80000-0x00007FFDD9AEB000-memory.dmp

Filesize
428KB

Download
memory/4452-269-0x0000000000000000-mapping.dmp

Download
memory/4552-280-0x0000000000000000-mapping.dmp

Download
memory/4576-289-0x0000000000940000-0x0000000000A8A000-memory.dmp

Filesize
1.3MB

Download
memory/4576-287-0x000000006F350000-0x000000006F380000-memory.dmp

Filesize
192KB

Download
memory/4576-282-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads