neshta | 8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750

General

Target

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
Size

247KB
MD5

c3d37ef0937c1d83cf245c773324a86f
SHA1

6c6e66063d5063d11a8f07b5535e2d209c8e6cec
SHA256

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750
SHA512

887be032074a8eddad45b9064ba97f5b7d8bbe0afd1f39d4b9e139ed804e955d542f9a832d8dab09adb2e4cd77d5fc1b90759035024038936910fadc0fd5f9e1

Score

10^/10

neshta persistence spyware stealer upx

Malware Config

Signatures

Modifies system executable filetype association 2 TTPs 1 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1042

Processes:

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

Neshta
Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
persistence spyware neshta
Executes dropped EXE 1 IoCs

Processes:

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

pid process

3056 8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\3582-490\8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe	upx
C:\Users\Admin\AppData\Local\Temp\3582-490\8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe	upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1809750270-3141839489-3074374771-1000\Control Panel\International\Geo\Nation	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops file in Program Files directory 64 IoCs

Processes:

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

description	ioc	process
File opened for modification	C:\PROGRA~2\MOZILL~1\UNINST~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\wab.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{CA675~1\VCREDI~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROBR~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~2.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\IDENTI~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\NOTIFI~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13157~1.61\MICROS~3.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmpshare.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroRd32.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADelRCP.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jusched.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13157~1.61\MI391D~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MOZILL~1\MAINTE~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Google\Update\DISABL~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~2.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13157~1.61\MICROS~2.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ACROTE~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jaureg.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Java\JAVAUP~1\jucheck.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{33D1F~1\VCREDI~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\LOGTRA~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\VSTO\10.0\VSTOIN~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~4.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.71\GOOGLE~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.71\GO664E~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ieinstal.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13157~1.61\MI9C33~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ExtExport.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~3.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmlaunch.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~3\Adobe\Setup\{AC76B~1\setup.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\INSTAL~1\setup.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13157~1.61\MICROS~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\MicrosoftEdgeUpdate.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\AcroCEF\RdrCEF.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\ADOBEC~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\plug_ins\PI_BRO~1\64BITM~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\ADOBEA~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\COOKIE~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\WINDOW~2\wabmig.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~3\PACKAG~1\{57A73~1\VC_RED~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\arh.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\msedge.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\13157~1.61\MICROS~4.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\PWAHEL~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmprph.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\WINDOW~3\ACCESS~1\wordpad.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\WOW_HE~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\COMMON~1\MICROS~1\MSInfo\msinfo32.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.71\GOF5E2~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\MSEDGE~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\FULLTR~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\READER~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Google\Update\1336~1.71\GOBD5D~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\EDGEUP~1\Download\{F3C4F~1\13157~1.61\MICROS~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\WI8A19~1\ImagingDevices.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\MICROS~1\Edge\APPLIC~1\920902~1.67\MSEDGE~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\WINDOW~4\wmpconfig.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~3\MICROS~1\CLICKT~1\{9AC08~1\INTEGR~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\Browser\WCCHRO~1\WCCHRO~1.EXE	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\Adobe\ACROBA~1\Reader\Eula.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\COMMON~1\Adobe\ARM\1.0\AdobeARM.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
File opened for modification	C:\PROGRA~2\INTERN~1\ielowutil.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

Drops file in Windows directory 1 IoCs

Processes:

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

description ioc process

File opened for modification C:\Windows\svchost.com 8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\svchost.com	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

Modifies registry class 1 IoCs

Processes:

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shell\open\command\ = "C:\\Windows\\svchost.com \"%1\" %*"	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

pid	process
3056	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
3056	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

description	pid	process	target process
PID 3044 wrote to memory of 3056	3044	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
PID 3044 wrote to memory of 3056	3044	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
PID 3044 wrote to memory of 3056	3044	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe	8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe

C:\Users\Admin\AppData\Local\Temp\8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
"C:\Users\Admin\AppData\Local\Temp\8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe"
1⤵
- Modifies system executable filetype association
- Checks computer location settings
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:3044

C:\Users\Admin\AppData\Local\Temp\3582-490\8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
"C:\Users\Admin\AppData\Local\Temp\3582-490\8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1

T1042

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3582-490\8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
Filesize
206KB

MD5
a2b3bc90b47ad623aab4c4be8d654ad3

SHA1
d40876758899c50e4227f990e669806f284f83c5

SHA256
80cf6f18816d07b699168dfa53bfcbc80d12f4105970f54a007da69b64e1a614

SHA512
5062079410fa40adfec4b6d25128510fe0ae8c7f6c608d65224933d622591bf80fd8078289b8d5ceffc9f35725b66d1884301c3f46f0837c3a990f1713290184

Download Submit
C:\Users\Admin\AppData\Local\Temp\3582-490\8cc33adb2d9aca6fc5fd3f7043edecf07ebf2dcdbacdc11f9c34c9c3cf01a750.exe
Filesize
206KB

MD5
a2b3bc90b47ad623aab4c4be8d654ad3

SHA1
d40876758899c50e4227f990e669806f284f83c5

SHA256
80cf6f18816d07b699168dfa53bfcbc80d12f4105970f54a007da69b64e1a614

SHA512
5062079410fa40adfec4b6d25128510fe0ae8c7f6c608d65224933d622591bf80fd8078289b8d5ceffc9f35725b66d1884301c3f46f0837c3a990f1713290184

Download Submit
memory/3056-130-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads