aa438f22db488466ed39153b302b4f7557ca4bcc44ba35f83ad2dc8a04903398

General

Target

Privacy By Design - Training Module.exe
Size

724KB
MD5

82126e6a1d3b1bb5b1d1c3ddbb256b0e
SHA1

2259e9b89fcfd3e01d2e1554b32b478fc0f6396c
SHA256

aa438f22db488466ed39153b302b4f7557ca4bcc44ba35f83ad2dc8a04903398
SHA512

6795d4872554840c5a1bb4ed415c3d948c3384348ea8c18e30d74c8d800d554956003a048a4d7bceac9b670f7fd350c1a2aaa8d07725cce3138cf1fa036ac4f9

Score

9^/10

evasion ransomware spyware stealer

Malware Config

Signatures

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490
Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
ransomware evasion

Inhibit System Recovery
T1490

Processes:

bcdedit.exebcdedit.exe

pid process

476 bcdedit.exe
3128 bcdedit.exe
Deletes backup catalog 3 TTPs 1 IoCs
Uses wbadmin.exe to inhibit system recovery.
ransomware

Command-Line Interface
T1059

File Deletion
T1107

Inhibit System Recovery
T1490

Processes:

wbadmin.exe

pid process

3712 wbadmin.exe
Executes dropped EXE 1 IoCs

Processes:

Privacy By Design - Training Module.exe

pid process

3968 Privacy By Design - Training Module.exe

pid	process
476	bcdedit.exe
3128	bcdedit.exe

pid	process
3712	wbadmin.exe

pid	process
3968	Privacy By Design - Training Module.exe

Modifies extensions of user files 7 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

Privacy By Design - Training Module.exe

description	ioc	process
File renamed	C:\Users\Admin\Pictures\UnlockTest.png => C:\Users\Admin\Pictures\UnlockTest.png.89i5	Privacy By Design - Training Module.exe
File renamed	C:\Users\Admin\Pictures\WaitPop.tif => C:\Users\Admin\Pictures\WaitPop.tif.kuuh	Privacy By Design - Training Module.exe
File renamed	C:\Users\Admin\Pictures\ClearConvertFrom.tif => C:\Users\Admin\Pictures\ClearConvertFrom.tif.bkxv	Privacy By Design - Training Module.exe
File renamed	C:\Users\Admin\Pictures\CompareRevoke.tif => C:\Users\Admin\Pictures\CompareRevoke.tif.vu3l	Privacy By Design - Training Module.exe
File renamed	C:\Users\Admin\Pictures\MergeTrace.raw => C:\Users\Admin\Pictures\MergeTrace.raw.zav7	Privacy By Design - Training Module.exe
File renamed	C:\Users\Admin\Pictures\OptimizeApprove.png => C:\Users\Admin\Pictures\OptimizeApprove.png.eco3	Privacy By Design - Training Module.exe
File renamed	C:\Users\Admin\Pictures\ShowDisconnect.tif => C:\Users\Admin\Pictures\ShowDisconnect.tif.btwj	Privacy By Design - Training Module.exe

Drops startup file 3 IoCs

Processes:

Privacy By Design - Training Module.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Privacy By Design - Training Module.url	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Privacy By Design - Training Module.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\READ TO UN-HACK	Privacy By Design - Training Module.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops desktop.ini file(s) 34 IoCs

Processes:

Privacy By Design - Training Module.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Documents\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	Privacy By Design - Training Module.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	Privacy By Design - Training Module.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

Privacy By Design - Training Module.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\r9v9uzjuu.jpg"	Privacy By Design - Training Module.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vds.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_&PROD_HEARTDISK\4&37CE57BA&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_&Prod_HeartDisk\4&37ce57ba&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_SANU&PROD_SANU_DVD-ROM\4&37CE57BA&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Sanu&Prod_Sanu_DVD-ROM\4&37ce57ba&0&010000\FriendlyName	vds.exe

Interacts with shadow copies 2 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490

Processes:

vssadmin.exe

pid process

2108 vssadmin.exe

pid	process
2108	vssadmin.exe

Modifies registry class 4 IoCs

Processes:

OpenWith.exePrivacy By Design - Training Module.exeOpenWith.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings	Privacy By Design - Training Module.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1594587808-2047097707-2163810515-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

Privacy By Design - Training Module.exe

pid process

3968 Privacy By Design - Training Module.exe

pid	process
3968	Privacy By Design - Training Module.exe

Suspicious behavior: EnumeratesProcesses 27 IoCs

Processes:

Privacy By Design - Training Module.exePrivacy By Design - Training Module.exe

pid	process
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
640	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe
3968	Privacy By Design - Training Module.exe

Suspicious use of AdjustPrivilegeToken 50 IoCs

Processes:

Privacy By Design - Training Module.exePrivacy By Design - Training Module.exevssvc.exeWMIC.exewbengine.exe

description	pid	process
Token: SeDebugPrivilege	640	Privacy By Design - Training Module.exe
Token: SeDebugPrivilege	3968	Privacy By Design - Training Module.exe
Token: SeBackupPrivilege	3960	vssvc.exe
Token: SeRestorePrivilege	3960	vssvc.exe
Token: SeAuditPrivilege	3960	vssvc.exe
Token: SeIncreaseQuotaPrivilege	656	WMIC.exe
Token: SeSecurityPrivilege	656	WMIC.exe
Token: SeTakeOwnershipPrivilege	656	WMIC.exe
Token: SeLoadDriverPrivilege	656	WMIC.exe
Token: SeSystemProfilePrivilege	656	WMIC.exe
Token: SeSystemtimePrivilege	656	WMIC.exe
Token: SeProfSingleProcessPrivilege	656	WMIC.exe
Token: SeIncBasePriorityPrivilege	656	WMIC.exe
Token: SeCreatePagefilePrivilege	656	WMIC.exe
Token: SeBackupPrivilege	656	WMIC.exe
Token: SeRestorePrivilege	656	WMIC.exe
Token: SeShutdownPrivilege	656	WMIC.exe
Token: SeDebugPrivilege	656	WMIC.exe
Token: SeSystemEnvironmentPrivilege	656	WMIC.exe
Token: SeRemoteShutdownPrivilege	656	WMIC.exe
Token: SeUndockPrivilege	656	WMIC.exe
Token: SeManageVolumePrivilege	656	WMIC.exe
Token: 33	656	WMIC.exe
Token: 34	656	WMIC.exe
Token: 35	656	WMIC.exe
Token: 36	656	WMIC.exe
Token: SeIncreaseQuotaPrivilege	656	WMIC.exe
Token: SeSecurityPrivilege	656	WMIC.exe
Token: SeTakeOwnershipPrivilege	656	WMIC.exe
Token: SeLoadDriverPrivilege	656	WMIC.exe
Token: SeSystemProfilePrivilege	656	WMIC.exe
Token: SeSystemtimePrivilege	656	WMIC.exe
Token: SeProfSingleProcessPrivilege	656	WMIC.exe
Token: SeIncBasePriorityPrivilege	656	WMIC.exe
Token: SeCreatePagefilePrivilege	656	WMIC.exe
Token: SeBackupPrivilege	656	WMIC.exe
Token: SeRestorePrivilege	656	WMIC.exe
Token: SeShutdownPrivilege	656	WMIC.exe
Token: SeDebugPrivilege	656	WMIC.exe
Token: SeSystemEnvironmentPrivilege	656	WMIC.exe
Token: SeRemoteShutdownPrivilege	656	WMIC.exe
Token: SeUndockPrivilege	656	WMIC.exe
Token: SeManageVolumePrivilege	656	WMIC.exe
Token: 33	656	WMIC.exe
Token: 34	656	WMIC.exe
Token: 35	656	WMIC.exe
Token: 36	656	WMIC.exe
Token: SeBackupPrivilege	1360	wbengine.exe
Token: SeRestorePrivilege	1360	wbengine.exe
Token: SeSecurityPrivilege	1360	wbengine.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

OpenWith.exeOpenWith.exeOpenWith.exe

pid process

1284 OpenWith.exe
1468 OpenWith.exe
1468 OpenWith.exe
1468 OpenWith.exe
1228 OpenWith.exe

pid	process
1284	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1468	OpenWith.exe
1228	OpenWith.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

Privacy By Design - Training Module.exePrivacy By Design - Training Module.execmd.execmd.exe

description	pid	process	target process
PID 640 wrote to memory of 3968	640	Privacy By Design - Training Module.exe	Privacy By Design - Training Module.exe
PID 640 wrote to memory of 3968	640	Privacy By Design - Training Module.exe	Privacy By Design - Training Module.exe
PID 3968 wrote to memory of 3744	3968	Privacy By Design - Training Module.exe	cmd.exe
PID 3968 wrote to memory of 3744	3968	Privacy By Design - Training Module.exe	cmd.exe
PID 3968 wrote to memory of 2372	3968	Privacy By Design - Training Module.exe	cmd.exe
PID 3968 wrote to memory of 2372	3968	Privacy By Design - Training Module.exe	cmd.exe
PID 2372 wrote to memory of 476	2372	cmd.exe	bcdedit.exe
PID 2372 wrote to memory of 476	2372	cmd.exe	bcdedit.exe
PID 2372 wrote to memory of 3128	2372	cmd.exe	bcdedit.exe
PID 2372 wrote to memory of 3128	2372	cmd.exe	bcdedit.exe
PID 3968 wrote to memory of 732	3968	Privacy By Design - Training Module.exe	cmd.exe
PID 3968 wrote to memory of 732	3968	Privacy By Design - Training Module.exe	cmd.exe
PID 732 wrote to memory of 3712	732	cmd.exe	wbadmin.exe
PID 732 wrote to memory of 3712	732	cmd.exe	wbadmin.exe

C:\Users\Admin\AppData\Local\Temp\Privacy By Design - Training Module.exe
"C:\Users\Admin\AppData\Local\Temp\Privacy By Design - Training Module.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:640

C:\Users\Admin\AppData\Roaming\Privacy By Design - Training Module.exe
"C:\Users\Admin\AppData\Roaming\Privacy By Design - Training Module.exe"
2⤵
- Executes dropped EXE
- Modifies extensions of user files
- Drops startup file
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3968

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
3⤵
PID:3744

C:\Windows\system32\vssadmin.exe
vssadmin delete shadows /all /quiet
4⤵
- Interacts with shadow copies
PID:2108

C:\Windows\System32\Wbem\WMIC.exe
wmic shadowcopy delete
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:656

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
3⤵
- Suspicious use of WriteProcessMemory
PID:2372

C:\Windows\system32\bcdedit.exe
bcdedit /set {default} bootstatuspolicy ignoreallfailures
4⤵
- Modifies boot configuration data using bcdedit
PID:476

C:\Windows\system32\bcdedit.exe
bcdedit /set {default} recoveryenabled no
4⤵
- Modifies boot configuration data using bcdedit
PID:3128

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
3⤵
- Suspicious use of WriteProcessMemory
PID:732

C:\Windows\system32\wbadmin.exe
wbadmin delete catalog -quiet
4⤵
- Deletes backup catalog
PID:3712

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3960

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1360

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:276

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:2172

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1228

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1

T1059

Persistence

Privilege Escalation

Defense Evasion

File Deletion

3

T1107

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

System Information Discovery

2

T1082

Query Registry

1

T1012

Peripheral Device Discovery

1

T1120

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

4

T1490

Defacement

1

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Privacy By Design - Training Module.exe.log
MD5
d78293ab15ad25b5d6e8740fe5fd3872

SHA1
51b70837f90f2bff910daee706e6be8d62a3550e

SHA256
4d64746f8d24ec321b1a6c3a743946b66d8317cbc6bac6fed675a4bf6fa181f3

SHA512
1127435ef462f52677e1ef4d3b8cfdf9f5d95c832b4c9f41526b7448d315f25d96d3d5454108569b76d66d78d07ea5ba4a1ba8baee108e8c1b452ba19cc04925

Download Submit
C:\Users\Admin\AppData\Roaming\Privacy By Design - Training Module.exe
MD5
82126e6a1d3b1bb5b1d1c3ddbb256b0e

SHA1
2259e9b89fcfd3e01d2e1554b32b478fc0f6396c

SHA256
aa438f22db488466ed39153b302b4f7557ca4bcc44ba35f83ad2dc8a04903398

SHA512
6795d4872554840c5a1bb4ed415c3d948c3384348ea8c18e30d74c8d800d554956003a048a4d7bceac9b670f7fd350c1a2aaa8d07725cce3138cf1fa036ac4f9

Download Submit
C:\Users\Admin\AppData\Roaming\Privacy By Design - Training Module.exe
MD5
82126e6a1d3b1bb5b1d1c3ddbb256b0e

SHA1
2259e9b89fcfd3e01d2e1554b32b478fc0f6396c

SHA256
aa438f22db488466ed39153b302b4f7557ca4bcc44ba35f83ad2dc8a04903398

SHA512
6795d4872554840c5a1bb4ed415c3d948c3384348ea8c18e30d74c8d800d554956003a048a4d7bceac9b670f7fd350c1a2aaa8d07725cce3138cf1fa036ac4f9

Download Submit
memory/476-125-0x0000000000000000-mapping.dmp

Download
memory/640-114-0x0000000000900000-0x0000000000901000-memory.dmp

Filesize
4KB

Download
memory/732-127-0x0000000000000000-mapping.dmp

Download
memory/2372-124-0x0000000000000000-mapping.dmp

Download
memory/3128-126-0x0000000000000000-mapping.dmp

Download
memory/3712-128-0x0000000000000000-mapping.dmp

Download
memory/3744-123-0x0000000000000000-mapping.dmp

Download
memory/3968-116-0x0000000000000000-mapping.dmp

Download
memory/3968-122-0x0000000001220000-0x0000000001222000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads