vkeylogger | ebbf3b5a2fea9d1313ec35ce127db7dd86a7b6c55c241fcf3d7e2f7b167a7100

General

Target

9394c417afa9c6615a4aa929b062f420.exe
Size

210KB
MD5

9394c417afa9c6615a4aa929b062f420
SHA1

b63ec408e1d573ad34b0acca7821db58b9c9135d
SHA256

ebbf3b5a2fea9d1313ec35ce127db7dd86a7b6c55c241fcf3d7e2f7b167a7100
SHA512

9129389dcda5b669e8e3e13424d2fe9fa851b4daa1dfb68e5da1e57591d88ff52e9c534716bc337ef9b838d73faa71af3763ff11e000788ec21effe7b883b76b

Score

10^/10

vkeylogger keylogger stealer

Malware Config

Signatures

VKeylogger
A keylogger first seen in Nov 2020.
stealer keylogger vkeylogger

VKeylogger Payload 13 IoCs

Processes:

resource	yara_rule
behavioral1/memory/940-54-0x0000000000A50000-0x0000000000A87000-memory.dmp	family_vkeylogger
behavioral1/memory/1720-63-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/1720-65-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/1720-69-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/1720-67-0x0000000000400000-0x000000000040F000-memory.dmp	family_vkeylogger
behavioral1/memory/816-84-0x0000000000A50000-0x0000000000A87000-memory.dmp	family_vkeylogger
behavioral1/memory/588-100-0x0000000000A50000-0x0000000000A87000-memory.dmp	family_vkeylogger
behavioral1/memory/1668-115-0x0000000000A50000-0x0000000000A87000-memory.dmp	family_vkeylogger
behavioral1/memory/1340-118-0x0000000000A50000-0x0000000000A87000-memory.dmp	family_vkeylogger
behavioral1/memory/1808-145-0x0000000000A50000-0x0000000000A87000-memory.dmp	family_vkeylogger
behavioral1/memory/1952-160-0x0000000000A50000-0x0000000000A87000-memory.dmp	family_vkeylogger
behavioral1/memory/1468-175-0x0000000000A50000-0x0000000000A87000-memory.dmp	family_vkeylogger
behavioral1/memory/832-190-0x0000000000A50000-0x0000000000A87000-memory.dmp	family_vkeylogger

Suspicious use of SetThreadContext 9 IoCs

Processes:

9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe

description	pid	process	target process
PID 940 set thread context of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 set thread context of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 set thread context of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1668 set thread context of 1624	1668	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1340 set thread context of 1236	1340	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1808 set thread context of 1888	1808	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1952 set thread context of 1792	1952	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1468 set thread context of 1396	1468	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 832 set thread context of 592	832	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe

Program crash 9 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1868	1720	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1988	612	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
520	844	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
748	1624	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1724	1236	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
776	1888	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
736	1792	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
964	1396	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe
1464	592	WerFault.exe	9394c417afa9c6615a4aa929b062f420.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe

pid	process
940	9394c417afa9c6615a4aa929b062f420.exe
816	9394c417afa9c6615a4aa929b062f420.exe
588	9394c417afa9c6615a4aa929b062f420.exe
1668	9394c417afa9c6615a4aa929b062f420.exe
1340	9394c417afa9c6615a4aa929b062f420.exe
1808	9394c417afa9c6615a4aa929b062f420.exe
1952	9394c417afa9c6615a4aa929b062f420.exe
1468	9394c417afa9c6615a4aa929b062f420.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe9394c417afa9c6615a4aa929b062f420.exe

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:940

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 36
3⤵
- Program crash
PID:1868

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:816

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
3⤵
- Suspicious use of WriteProcessMemory
PID:612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 36
4⤵
- Program crash
PID:1988

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
3⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:588

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
4⤵
- Suspicious use of WriteProcessMemory
PID:844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 36
5⤵
- Program crash
PID:520

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
4⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1668

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
5⤵
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 36
6⤵
- Program crash
PID:748

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
5⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1340

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
6⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 36
7⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
6⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1808

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
7⤵
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 36
8⤵
- Program crash
PID:776

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
7⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1952

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
8⤵
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 36
9⤵
- Program crash
PID:736

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
8⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
PID:1468

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
9⤵
PID:1396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 36
10⤵
- Program crash
PID:964

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
9⤵
- Suspicious use of SetThreadContext
PID:832

C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe
"C:\Users\Admin\AppData\Local\Temp\9394c417afa9c6615a4aa929b062f420.exe"
10⤵
PID:592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 36
11⤵
- Program crash
PID:1464

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/588-100-0x0000000000A50000-0x0000000000A87000-memory.dmp

Filesize
220KB

Download
memory/816-84-0x0000000000A50000-0x0000000000A87000-memory.dmp

Filesize
220KB

Download
memory/816-85-0x0000000077CF0000-0x0000000077E70000-memory.dmp

Filesize
1.5MB

Download
memory/832-190-0x0000000000A50000-0x0000000000A87000-memory.dmp

Filesize
220KB

Download
memory/940-55-0x0000000077CF0000-0x0000000077E70000-memory.dmp

Filesize
1.5MB

Download
memory/940-54-0x0000000000A50000-0x0000000000A87000-memory.dmp

Filesize
220KB

Download
memory/1340-118-0x0000000000A50000-0x0000000000A87000-memory.dmp

Filesize
220KB

Download
memory/1468-175-0x0000000000A50000-0x0000000000A87000-memory.dmp

Filesize
220KB

Download
memory/1668-115-0x0000000000A50000-0x0000000000A87000-memory.dmp

Filesize
220KB

Download
memory/1720-61-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1720-67-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1720-69-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1720-65-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1720-63-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1720-59-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1720-57-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1808-145-0x0000000000A50000-0x0000000000A87000-memory.dmp

Filesize
220KB

Download
memory/1952-160-0x0000000000A50000-0x0000000000A87000-memory.dmp

Filesize
220KB

Download

description	pid	process	target process
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 1720	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1720 wrote to memory of 1868	1720	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1720 wrote to memory of 1868	1720	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1720 wrote to memory of 1868	1720	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 1720 wrote to memory of 1868	1720	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 940 wrote to memory of 816	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 816	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 816	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 940 wrote to memory of 816	940	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 612	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 612 wrote to memory of 1988	612	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 612 wrote to memory of 1988	612	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 612 wrote to memory of 1988	612	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 612 wrote to memory of 1988	612	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 816 wrote to memory of 588	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 588	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 588	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 816 wrote to memory of 588	816	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 844	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 844 wrote to memory of 520	844	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 844 wrote to memory of 520	844	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 844 wrote to memory of 520	844	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 844 wrote to memory of 520	844	9394c417afa9c6615a4aa929b062f420.exe	WerFault.exe
PID 588 wrote to memory of 1668	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 1668	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 1668	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 588 wrote to memory of 1668	588	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1668 wrote to memory of 1624	1668	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1668 wrote to memory of 1624	1668	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1668 wrote to memory of 1624	1668	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1668 wrote to memory of 1624	1668	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1668 wrote to memory of 1624	1668	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1668 wrote to memory of 1624	1668	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe
PID 1668 wrote to memory of 1624	1668	9394c417afa9c6615a4aa929b062f420.exe	9394c417afa9c6615a4aa929b062f420.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads