masslogger | 239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e

General

Target

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Size

1.4MB
MD5

d37c977afd1ae6aa6e0b004322adb33c
SHA1

5360e8f454b9b4368bcf930725dc16640533a65d
SHA256

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e
SHA512

e5f78b9e620e2e0869a7ae62fa4fd1e9bee2e880a7c85c49e4581b8cd903f688e34505025d7cd584325ef2aba1c448ce0334a44d0df60a9e971b6f52986d1fb8

Score

10^/10

masslogger collection spyware stealer

Malware Config

Signatures

MassLogger
Masslogger is a .NET stealer targeting passwords from browsers, email and cryptocurrency clients.
stealer spyware masslogger

MassLogger Main Payload 6 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1696-64-0x0000000000400000-0x0000000000486000-memory.dmp	family_masslogger
behavioral1/memory/1696-65-0x0000000000400000-0x0000000000486000-memory.dmp	family_masslogger
behavioral1/memory/1696-66-0x0000000000400000-0x0000000000486000-memory.dmp	family_masslogger
behavioral1/memory/1696-67-0x0000000000481EBE-mapping.dmp	family_masslogger
behavioral1/memory/1696-69-0x0000000000400000-0x0000000000486000-memory.dmp	family_masslogger
behavioral1/memory/1696-71-0x0000000000400000-0x0000000000486000-memory.dmp	family_masslogger

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Control Panel\International\Geo\Nation	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Accesses Microsoft Outlook profiles 1 TTPs 35 IoCs

collection

Email Collection

T1114

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key opened	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key opened	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key opened	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key opened	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key opened	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key opened	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key opened	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

4 api.ipify.org

flow	ioc
4	api.ipify.org

Suspicious use of SetThreadContext 1 IoCs

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

description	pid	process	target process
PID 960 set thread context of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

1900 schtasks.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

pid process

1696 239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

pid	process
1900	schtasks.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exepowershell.exe

pid	process
1696	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
1696	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
1696	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
1696	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
1008	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	1696	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
Token: SeDebugPrivilege	1008	powershell.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

pid process

1696 239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

description	pid	process	target process
PID 960 wrote to memory of 1900	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	schtasks.exe
PID 960 wrote to memory of 1900	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	schtasks.exe
PID 960 wrote to memory of 1900	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	schtasks.exe
PID 960 wrote to memory of 1900	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	schtasks.exe
PID 960 wrote to memory of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
PID 960 wrote to memory of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
PID 960 wrote to memory of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
PID 960 wrote to memory of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
PID 960 wrote to memory of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
PID 960 wrote to memory of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
PID 960 wrote to memory of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
PID 960 wrote to memory of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
PID 960 wrote to memory of 1696	960	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
PID 1696 wrote to memory of 1008	1696	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	powershell.exe
PID 1696 wrote to memory of 1008	1696	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	powershell.exe
PID 1696 wrote to memory of 1008	1696	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	powershell.exe
PID 1696 wrote to memory of 1008	1696	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe	powershell.exe

outlook_office_path 1 IoCs

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

description	ioc	process
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

outlook_win_path 1 IoCs

Processes:

239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

description	ioc	process
Key queried	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe

C:\Users\Admin\AppData\Local\Temp\239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
"C:\Users\Admin\AppData\Local\Temp\239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\bogeIdjHjdIw" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5810.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:1900
- C:\Users\Admin\AppData\Local\Temp\239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe
  "C:\Users\Admin\AppData\Local\Temp\239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe"
  2⤵
  - Checks computer location settings
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  - outlook_office_path
  - outlook_win_path
  PID:1696
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "powershell" Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\239f15b4cd5a3be1b71da1cf09d67d1560569a4272838948141b79967367157e.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp5810.tmp

Filesize
1KB

MD5
0575e187ae824a38e19ee5d0357e3f80

SHA1
47371b9cdad2e0536ec0f67f4e880759d5609a94

SHA256
57957cb86bb7f1b91e0b954445716b08e4c45ba470b1d4a4d4d3539a329f2c79

SHA512
a48715c9b20b610bd5f385c6dcf150bfb1e322b75fe2940bd26b9dcc0012c1d3588ea189e26d2508a10cbb2d0f50c5d3c162b9b0dfb1b3e8b9fb6ea95b4c1f0b

Download Submit
memory/960-54-0x0000000000910000-0x0000000000A80000-memory.dmp

Filesize
1.4MB

Download
memory/960-55-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

Filesize
8KB

Download
memory/960-56-0x00000000003E0000-0x00000000003F0000-memory.dmp

Filesize
64KB

Download
memory/960-57-0x0000000005800000-0x00000000058C0000-memory.dmp

Filesize
768KB

Download
memory/960-58-0x00000000058C0000-0x0000000005948000-memory.dmp

Filesize
544KB

Download
memory/1008-76-0x000000006EAD0000-0x000000006F07B000-memory.dmp

Filesize
5.7MB

Download
memory/1008-73-0x0000000000000000-mapping.dmp

Download
memory/1696-62-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1696-64-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1696-65-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1696-66-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1696-67-0x0000000000481EBE-mapping.dmp

Download
memory/1696-69-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1696-71-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1696-61-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1696-74-0x0000000004835000-0x0000000004846000-memory.dmp

Filesize
68KB

Download
memory/1900-59-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads