vkeylogger | 8c50b6cbe0c930b7e7725350fbb11cf8f1d7e8d5efb0db383d507155ab9f0a7d

General

Target

4552348445415f5a30a31366a5d5e126.exe
Size

276KB
MD5

4552348445415f5a30a31366a5d5e126
SHA1

c15892a50f4237608feee5b06c0737c3126a8bc4
SHA256

8c50b6cbe0c930b7e7725350fbb11cf8f1d7e8d5efb0db383d507155ab9f0a7d
SHA512

8c96dc9747a32f9242942f0dcd867ec52e8dd6dcfff1818fba53ea9fb7bcfeda437550dc022a583b8e23535c810b1f25b7c387b29bcf7b6d36896a0bb072f318

Score

10^/10

vkeylogger keylogger stealer

Malware Config

Signatures

VKeylogger
A keylogger first seen in Nov 2020.
stealer keylogger vkeylogger

VKeylogger Payload 15 IoCs

Processes:

resource	yara_rule
behavioral1/memory/308-61-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/308-63-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/308-65-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/308-67-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/1776-68-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/1028-84-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/1668-100-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/1964-102-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/2012-118-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/1736-133-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/460-136-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/556-138-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/1876-167-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/1524-182-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger
behavioral1/memory/1604-197-0x00000000011C0000-0x0000000001208000-memory.dmp	family_vkeylogger

Suspicious use of SetThreadContext 9 IoCs

Processes:

4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe

description	pid	process	target process
PID 1776 set thread context of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 set thread context of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 set thread context of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 2012 set thread context of 1156	2012	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1736 set thread context of 1076	1736	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 556 set thread context of 1364	556	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1876 set thread context of 1548	1876	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1524 set thread context of 1596	1524	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1604 set thread context of 1612	1604	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe

Program crash 9 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
680	308	WerFault.exe	4552348445415f5a30a31366a5d5e126.exe
1152	304	WerFault.exe	4552348445415f5a30a31366a5d5e126.exe
1184	1520	WerFault.exe	4552348445415f5a30a31366a5d5e126.exe
2020	1156	WerFault.exe	4552348445415f5a30a31366a5d5e126.exe
1680	1076	WerFault.exe	4552348445415f5a30a31366a5d5e126.exe
1824	1364	WerFault.exe	4552348445415f5a30a31366a5d5e126.exe
1368	1548	WerFault.exe	4552348445415f5a30a31366a5d5e126.exe
1116	1596	WerFault.exe	4552348445415f5a30a31366a5d5e126.exe
1816	1612	WerFault.exe	4552348445415f5a30a31366a5d5e126.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe

pid	process
1776	4552348445415f5a30a31366a5d5e126.exe
1028	4552348445415f5a30a31366a5d5e126.exe
1668	4552348445415f5a30a31366a5d5e126.exe
2012	4552348445415f5a30a31366a5d5e126.exe
1736	4552348445415f5a30a31366a5d5e126.exe
556	4552348445415f5a30a31366a5d5e126.exe
1876	4552348445415f5a30a31366a5d5e126.exe
1524	4552348445415f5a30a31366a5d5e126.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe4552348445415f5a30a31366a5d5e126.exe

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1776

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 36
3⤵
- Program crash
PID:680

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1028

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 36
4⤵
- Program crash
PID:1152

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1668

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 36
5⤵
- Program crash
PID:1184

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:1964

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
5⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2012

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
6⤵
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 36
7⤵
- Program crash
PID:2020

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1736

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
7⤵
PID:1076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 36
8⤵
- Program crash
PID:1680

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
7⤵
PID:460

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
8⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:556

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
9⤵
PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 36
10⤵
- Program crash
PID:1824

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1876

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
10⤵
PID:1548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 36
11⤵
- Program crash
PID:1368

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
10⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1524

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
11⤵
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 36
12⤵
- Program crash
PID:1116

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
11⤵
- Suspicious use of SetThreadContext
PID:1604

C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe
"C:\Users\Admin\AppData\Local\Temp\4552348445415f5a30a31366a5d5e126.exe"
12⤵
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 36
13⤵
- Program crash
PID:1816

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/308-55-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/308-59-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/308-57-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/308-61-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/308-63-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/308-65-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/308-67-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/460-139-0x0000000077C50000-0x0000000077DD0000-memory.dmp

Filesize
1.5MB

Download
memory/460-136-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/556-138-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/1028-85-0x0000000077C50000-0x0000000077DD0000-memory.dmp

Filesize
1.5MB

Download
memory/1028-84-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/1524-182-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/1604-197-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/1668-100-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/1736-133-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/1736-134-0x0000000077C50000-0x0000000077DD0000-memory.dmp

Filesize
1.5MB

Download
memory/1776-69-0x0000000077C50000-0x0000000077DD0000-memory.dmp

Filesize
1.5MB

Download
memory/1776-68-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/1876-167-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/1964-102-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download
memory/1964-103-0x0000000077C50000-0x0000000077DD0000-memory.dmp

Filesize
1.5MB

Download
memory/2012-118-0x00000000011C0000-0x0000000001208000-memory.dmp

Filesize
288KB

Download

description	pid	process	target process
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 308	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 308 wrote to memory of 680	308	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 308 wrote to memory of 680	308	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 308 wrote to memory of 680	308	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 308 wrote to memory of 680	308	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 1776 wrote to memory of 1028	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 1028	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 1028	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1776 wrote to memory of 1028	1776	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 304	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 304 wrote to memory of 1152	304	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 304 wrote to memory of 1152	304	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 304 wrote to memory of 1152	304	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 304 wrote to memory of 1152	304	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 1028 wrote to memory of 1668	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 1668	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 1668	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1028 wrote to memory of 1668	1028	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1520	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1520 wrote to memory of 1184	1520	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 1520 wrote to memory of 1184	1520	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 1520 wrote to memory of 1184	1520	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 1520 wrote to memory of 1184	1520	4552348445415f5a30a31366a5d5e126.exe	WerFault.exe
PID 1668 wrote to memory of 1964	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1964	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1964	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1668 wrote to memory of 1964	1668	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1964 wrote to memory of 2012	1964	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1964 wrote to memory of 2012	1964	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1964 wrote to memory of 2012	1964	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 1964 wrote to memory of 2012	1964	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 2012 wrote to memory of 1156	2012	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 2012 wrote to memory of 1156	2012	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe
PID 2012 wrote to memory of 1156	2012	4552348445415f5a30a31366a5d5e126.exe	4552348445415f5a30a31366a5d5e126.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads