cobaltstrike | 1eca90b11008621f5ce811ec2af5df1bf277162ddcbb217302d36e8fab4b313e

General

Target

PerformanceReview.html
Size

1.1MB
MD5

08287096d731608c6d79e58d5ec6db23
SHA1

a9e51f4649739bf75740fc9f755563cbe3780bfa
SHA256

1eca90b11008621f5ce811ec2af5df1bf277162ddcbb217302d36e8fab4b313e
SHA512

30cd4b79f95cfceb3556f7251ba7ff04037dc17b3c5a2cd15db22dc5103de3ee59924e48c51558f9585ffe96f7ff6f5b947e65d525b4ccea9c268c7a7b8ec8c1

Score

10^/10

cobaltstrike backdoor trojan

Malware Config

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

mshta.exe

description pid process target process

PID 1528 created 2896 1528 mshta.exe Explorer.EXE

description	pid	process	target process
PID 1528 created 2896	1528	mshta.exe	Explorer.EXE

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = af82d12985ecd701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 51 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000073ba28bec77bbe4ba4dd58ffcd9527ce000000000200000000001066000000010000200000008071975187c3599f820fd8741390f8dcecd7a544206815e4b1806aed76a567c0000000000e80000000020000200000007a15c613368d7cc31deb798b456edcf2d5ededd2f7f3cdd703fd2be3d730d772200000007d567711692ebdd2e82afa09b79710c9b5b347ea0e5e1050228804511439eb80400000008e358a22c27cede9ab5732e5da17f541d05c31e1d1404dd15c6d6ed60e1a9c78945969e19a573c258ad610eab48db18f762b7f321b5c00f3df0ce40f438ba6c9	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d039198328eed701	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$blogger	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2111197133"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30928424"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 4059ee8228eed701	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "345978675"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Telligent	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$http://www.typepad.com/	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000073ba28bec77bbe4ba4dd58ffcd9527ce000000000200000000001066000000010000200000008bd3b8e14f9d0c78f27c7d0644bbbd81c42bb2188410357f51df28c16a0b72f1000000000e80000000020000200000009b9a0c828cdb20a6b2d7933d70b7f4e24afdca5b01c9adf4a5c3ab0c85228ebb20000000cd51c48aebeb4c34df806df1abe00862228066642ae7e33767c0ab1ad7d0b27a400000001357b5a93d232089f9e9c9a3114a62a09ee9f0efce4c6c1fc1833790c4acd8dec2bf695c15a938c2c4e0dd33d58cf068565dd179e34220f5516fef050a75d053	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$MediaWiki	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 3	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate\NextUpdateDate = "346019505"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\NextUpdateDate = "346025822"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\HistoryJournalCertificate	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$WordPress	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\RepId\PublicId = "{B08AB1A7-2FE3-45F9-9DD5-47F397E1CA26}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\FileVersion = "2016061511"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30928424"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2159007568"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30928424"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A800EF02-5A1B-11EC-876A-D241B17F579F} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2111197133"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$Discuz!	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000\Software\Microsoft\Internet Explorer\FlipAhead\Meta\generator$vBulletin 4	iexplore.exe

Modifies registry class 1 IoCs

Processes:

iexplore.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings iexplore.exe
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

mshta.exe

pid process

1528 mshta.exe
1528 mshta.exe
1528 mshta.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

mshta.exe

description pid process

Token: SeDebugPrivilege 1528 mshta.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

856 iexplore.exe
856 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

856 iexplore.exe
856 iexplore.exe
1408 IEXPLORE.EXE
1408 IEXPLORE.EXE
1408 IEXPLORE.EXE
1408 IEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2361464256-2201551969-2316606395-1000_Classes\Local Settings	iexplore.exe

pid	process
1528	mshta.exe
1528	mshta.exe
1528	mshta.exe

description	pid	process
Token: SeDebugPrivilege	1528	mshta.exe

pid	process
856	iexplore.exe
856	iexplore.exe

pid	process
856	iexplore.exe
856	iexplore.exe
1408	IEXPLORE.EXE
1408	IEXPLORE.EXE
1408	IEXPLORE.EXE
1408	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

iexplore.exemshta.exe

description	pid	process	target process
PID 856 wrote to memory of 1408	856	iexplore.exe	IEXPLORE.EXE
PID 856 wrote to memory of 1408	856	iexplore.exe	IEXPLORE.EXE
PID 856 wrote to memory of 1408	856	iexplore.exe	IEXPLORE.EXE
PID 856 wrote to memory of 1528	856	iexplore.exe	mshta.exe
PID 856 wrote to memory of 1528	856	iexplore.exe	mshta.exe
PID 856 wrote to memory of 1528	856	iexplore.exe	mshta.exe
PID 1528 wrote to memory of 3128	1528	mshta.exe	WerFault.exe
PID 1528 wrote to memory of 3128	1528	mshta.exe	WerFault.exe
PID 1528 wrote to memory of 3128	1528	mshta.exe	WerFault.exe
PID 1528 wrote to memory of 3128	1528	mshta.exe	WerFault.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2896

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\PerformanceReview.html
2⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:82945 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Windows\SysWOW64\mshta.exe
"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Downloads\PerformanceReview-v20220101.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
3⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1528

C:\Windows\SysWOW64\WerFault.exe
"C:\Windows\System32\WerFault.exe"
2⤵
PID:3128

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
5101ccedaac0e998d2260c800e967333

SHA1
1da450d76622c6db3625653d0c65a480a86fe704

SHA256
fbcc424fea0cbb6c7eed2e84d6e05a05d639315fd903530eb151103a9f723ebd

SHA512
a0d2d3f0239a7d64bb3b74fc2b3c2d83c591e39fbc6008ef67ac0de2bf69156994b18ed433b7dae3bfbe18237cc443617259acc7ee9dae8c4f365b80ed8b4a0f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
MD5
7ea48d2dc27288d99ae3c9a6a607998f

SHA1
7925ae7c9d559ec036a9721bde22bc7594d6878d

SHA256
faab39e03778d2172c8abe58a6584e2669069e7191e3589f36b3b9abf55c2413

SHA512
1f21f70487b5e6913b46ea5448e6f3502b9f9699c3cf4ec319718714ccc6a058c6a08239542c348a9d956bbc08402f884d0ecb9b22ceffa24be192884762dc45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\545W4OEW.cookie
MD5
33c6af6db7402656b27c64ad6c7b72f0

SHA1
2e4eba450afb3db313a5ba5fb60e9c30a43a7a12

SHA256
c7b66dca34324d734e0906beba24633a32f50453a517dc2cf1c5db762450bd18

SHA512
ad831ba2e9159a0d36673e9c981264b04c784709a39c1c7d5d56845e5fd41a94eb133ba687f0a78095d5ce703adf4c3f1a6266c4535fb3c3d6ec5ef792e1f45d

Download Submit
C:\Users\Admin\Downloads\PerformanceReview-v20220101.hta.yousfoe.partial
MD5
160b7d982e3526a09e202f0d61b3fdfa

SHA1
73db938ca6749ce32e7b64e18d80551876e2d291

SHA256
f38bd16013de4b9da3603b2425173db9bcc1865f381351b2ba62fdeeb6d5af00

SHA512
d51c9f2bf74b9551f088ec3830c385001012f37ef76fc5e33335374ad1832fc486cc4341d9f89e6233e7a197b97c6b49cf0744191dae2706188d03206b5a2b69

Download Submit
memory/856-143-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-168-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-119-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-120-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-121-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-122-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-123-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-124-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-125-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-127-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-128-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-129-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-131-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-132-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-134-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-135-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-146-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-137-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-138-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-140-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-116-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-145-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-150-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-148-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-136-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-151-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-152-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-156-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-157-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-158-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-164-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-165-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-166-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-167-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-117-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-169-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-173-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-174-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-179-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-180-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/856-115-0x00007FF8FF9A0000-0x00007FF8FFA0B000-memory.dmp

Filesize
428KB

Download
memory/1408-141-0x0000000000000000-mapping.dmp

Download
memory/1528-197-0x0000000000000000-mapping.dmp

Download
memory/1528-205-0x0000000008070000-0x0000000008071000-memory.dmp

Filesize
4KB

Download
memory/1528-209-0x0000000008072000-0x0000000008073000-memory.dmp

Filesize
4KB

Download
memory/3128-207-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads