vkeylogger | ebbf3b5a2fea9d1313ec35ce127db7dd86a7b6c55c241fcf3d7e2f7b167a7100

General

Target

9394c417afa9c6615a4aa929b062f420.exe
Size

210KB
MD5

9394c417afa9c6615a4aa929b062f420
SHA1

b63ec408e1d573ad34b0acca7821db58b9c9135d
SHA256

ebbf3b5a2fea9d1313ec35ce127db7dd86a7b6c55c241fcf3d7e2f7b167a7100
SHA512

9129389dcda5b669e8e3e13424d2fe9fa851b4daa1dfb68e5da1e57591d88ff52e9c534716bc337ef9b838d73faa71af3763ff11e000788ec21effe7b883b76b

Score

10^/10

vkeylogger keylogger stealer

Malware Config

Signatures

VKeylogger
A keylogger first seen in Nov 2020.
stealer keylogger vkeylogger

VKeylogger Payload 19 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1584-57-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1280-55-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1472-70-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/1472-68-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/1472-66-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/1472-72-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/432-74-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1148-89-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1844-105-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1048-107-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1620-123-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1240-126-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1376-142-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1728-144-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/892-160-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1304-175-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1568-190-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1684-192-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger
behavioral1/memory/1608-208-0x0000000000230000-0x0000000000267000-memory.dmp	family_vkeylogger

Suspicious use of SetThreadContext 9 IoCs

Processes:

9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe

description	pid	process	target process
PID 432 set thread context of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 set thread context of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 set thread context of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1620 set thread context of 1800	1620	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1376 set thread context of 1516	1376	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 892 set thread context of 1968	892	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1304 set thread context of 996	1304	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1568 set thread context of 1468	1568	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1608 set thread context of 768	1608	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe

Program crash 9 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
980	1472	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1116	1560	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1736	1576	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1672	1800	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1732	1516	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1840	1968	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1308	996	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1992	1468	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1520	768	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe

pid	process
432	9394c417afa9c6615a4aa929b062f420.exe
1148	9394c417afa9c6615a4aa929b062f420.exe
1844	9394c417afa9c6615a4aa929b062f420.exe
1620	9394c417afa9c6615a4aa929b062f420.exe
1376	9394c417afa9c6615a4aa929b062f420.exe
892	9394c417afa9c6615a4aa929b062f420.exe
1304	9394c417afa9c6615a4aa929b062f420.exe
1568	9394c417afa9c6615a4aa929b062f420.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1280

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1584

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:432

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 36
5⤵
- Program crash
PID:980

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
4⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1148

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
5⤵
- Suspicious use of WriteProcessMemory
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 36
6⤵
- Program crash
PID:1116

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
5⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1844

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
6⤵
- Suspicious use of WriteProcessMemory
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 36
7⤵
- Program crash
PID:1736

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
6⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
7⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1620

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
8⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 36
9⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
8⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
9⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1376

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
10⤵
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 36
11⤵
- Program crash
PID:1732

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
10⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
11⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:892

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
12⤵
PID:1968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 36
13⤵
- Program crash
PID:1840

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
12⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1304

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
13⤵
PID:996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 36
14⤵
- Program crash
PID:1308

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
13⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1568

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
14⤵
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 36
15⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
14⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
15⤵
- Suspicious use of SetThreadContext
PID:1608

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
16⤵
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 36
17⤵
- Program crash
PID:1520

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/432-74-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/892-160-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1048-107-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1048-108-0x0000000077300000-0x0000000077480000-memory.dmp

Filesize
1.5MB

Download
memory/1148-89-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1148-90-0x0000000077300000-0x0000000077480000-memory.dmp

Filesize
1.5MB

Download
memory/1240-127-0x0000000077300000-0x0000000077480000-memory.dmp

Filesize
1.5MB

Download
memory/1240-126-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1280-55-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1280-73-0x0000000077300000-0x0000000077480000-memory.dmp

Filesize
1.5MB

Download
memory/1304-175-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1376-142-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1472-64-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1472-66-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1472-62-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1472-60-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1472-70-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1472-68-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1472-72-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1568-190-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1584-58-0x0000000077300000-0x0000000077480000-memory.dmp

Filesize
1.5MB

Download
memory/1584-57-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1608-208-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1620-124-0x0000000077300000-0x0000000077480000-memory.dmp

Filesize
1.5MB

Download
memory/1620-123-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1684-192-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1684-195-0x0000000077300000-0x0000000077480000-memory.dmp

Filesize
1.5MB

Download
memory/1728-145-0x0000000077300000-0x0000000077480000-memory.dmp

Filesize
1.5MB

Download
memory/1728-144-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download
memory/1844-105-0x0000000000230000-0x0000000000267000-memory.dmp

Filesize
220KB

Download

description	pid	process	target process
PID 1280 wrote to memory of 1584	1280	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1280 wrote to memory of 1584	1280	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1280 wrote to memory of 1584	1280	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1280 wrote to memory of 1584	1280	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1584 wrote to memory of 432	1584	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1584 wrote to memory of 432	1584	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1584 wrote to memory of 432	1584	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1584 wrote to memory of 432	1584	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1472	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1472 wrote to memory of 980	1472	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1472 wrote to memory of 980	1472	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1472 wrote to memory of 980	1472	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1472 wrote to memory of 980	1472	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 432 wrote to memory of 1148	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1148	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1148	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 432 wrote to memory of 1148	432	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1560	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1560 wrote to memory of 1116	1560	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1560 wrote to memory of 1116	1560	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1560 wrote to memory of 1116	1560	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1560 wrote to memory of 1116	1560	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1148 wrote to memory of 1844	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1844	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1844	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1148 wrote to memory of 1844	1148	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1576	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1576 wrote to memory of 1736	1576	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1576 wrote to memory of 1736	1576	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1576 wrote to memory of 1736	1576	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1576 wrote to memory of 1736	1576	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1844 wrote to memory of 1048	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1048	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1844 wrote to memory of 1048	1844	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads