033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060

General

Target

033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
Size

632KB
MD5

9292558d5cb6e240ca96ba18f2aacffb
SHA1

2c3267f7d77b09c9dfb5b71123054c5f97e640f3
SHA256

033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060
SHA512

10d80b638ea9b849f38b2898dcbb097b4165296cdc07baa3020b377ba1e0b63f24bef614a546f3a8d15c51ed59f21e63e9e0d723a12c9b6f9bf9d92a5ee6aae0

Score

7^/10

adware discovery spyware stealer

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exeregsvr32.exe

pid process

748 033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
1964 regsvr32.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Installs/modifies Browser Helper Object 2 TTPs
BHOs are DLL modules which act as plugins for Internet Explorer.
stealer adware

Modify Registry
T1112

Browser Extensions
T1176

Drops file in System32 directory 4 IoCs

Processes:

033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

description	ioc	process
File opened for modification	C:\Windows\System32\GroupPolicy	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Windows\SysWOW64\GroupPolicy\gpt.ini	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Windows\System32\GroupPolicy\GPT.INI	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

Drops file in Program Files directory 22 IoCs

Processes:

033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

description	ioc	process
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ie\MediaViewV1alpha3596.dll	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ch\MediaViewV1alpha3596.crx	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\ffMediaViewV1alpha3596.js	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\overlay.xul	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\overlay.xul	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome.manifest	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome.manifest	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\install.rdf	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\ffMediaViewV1alpha3596.js	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\ffMediaViewV1alpha3596ffaction.js	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\icons	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\icons\Thumbs.db	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\icons\Thumbs.db	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\icons\default\MediaViewV1alpha3596_32.png	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ch\MediaViewV1alpha3596.crx	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\install.rdf	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\ffMediaViewV1alpha3596ffaction.js	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\icons\default	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File opened for modification	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ff\chrome\content\icons\default\MediaViewV1alpha3596_32.png	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
File created	C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\uninstall.exe	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Approved Extensions	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{02b50e6d-cb6d-452f-99a4-f1350da2f04d} = 51667a6c4c1d3b1b7d17ae1b5998490b8dacae6d0fe7b050	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

Modifies registry class 36 IoCs

Processes:

regsvr32.exe033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\ = "MediaViewV1alpha3596"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}\1.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}\1.1\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}\1.1\HELPDIR\ = "C:\\Program Files (x86)\\MediaViewV1\\MediaViewV1alpha3596\\ie"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\TypeLib\Version = "1.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\InprocServer32\ = "C:\\Program Files (x86)\\MediaViewV1\\MediaViewV1alpha3596\\ie\\MediaViewV1alpha3596.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\TypeLib\ = "{a795f357-7bc1-4417-9343-319b4d208ddd}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\ = "IMediaViewV1alpha3596BHO"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\ = "IMediaViewV1alpha3596BHO"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}\1.1\FLAGS	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}\1.1\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\TypeLib\ = "{A795F357-7BC1-4417-9343-319B4D208DDD}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}\1.1\ = "MediaViewV1alpha3596Lib"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}\1.1\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}\1.1\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}\1.1\0\win32\ = "C:\\Program Files (x86)\\MediaViewV1\\MediaViewV1alpha3596\\ie\\MediaViewV1alpha3596.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\TypeLib\Version = "1.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{A795F357-7BC1-4417-9343-319B4D208DDD}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\Version\ = "1.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0AA7E518-F3A1-4F5C-8C45-3C94002BB930}\TypeLib\ = "{A795F357-7BC1-4417-9343-319B4D208DDD}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02b50e6d-cb6d-452f-99a4-f1350da2f04d}\ = "Media View"	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

pid	process
748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe

description	pid	process	target process
PID 748 wrote to memory of 1964	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	regsvr32.exe
PID 748 wrote to memory of 1964	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	regsvr32.exe
PID 748 wrote to memory of 1964	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	regsvr32.exe
PID 748 wrote to memory of 1964	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	regsvr32.exe
PID 748 wrote to memory of 1964	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	regsvr32.exe
PID 748 wrote to memory of 1964	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	regsvr32.exe
PID 748 wrote to memory of 1964	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	regsvr32.exe
PID 748 wrote to memory of 2044	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	gpupdate.exe
PID 748 wrote to memory of 2044	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	gpupdate.exe
PID 748 wrote to memory of 2044	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	gpupdate.exe
PID 748 wrote to memory of 2044	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	gpupdate.exe
PID 748 wrote to memory of 2044	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	gpupdate.exe
PID 748 wrote to memory of 2044	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	gpupdate.exe
PID 748 wrote to memory of 2044	748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe	gpupdate.exe

C:\Users\Admin\AppData\Local\Temp\033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
"C:\Users\Admin\AppData\Local\Temp\033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:748

C:\Windows\SysWOW64\regsvr32.exe
regsvr32 "C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ie\MediaViewV1alpha3596.dll" /s
2⤵
- Loads dropped DLL
- Modifies registry class
PID:1964

C:\Windows\SysWOW64\gpupdate.exe
"C:\Windows\System32\gpupdate.exe" /force
2⤵
PID:2044

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Browser Extensions

1

T1176

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ie\MediaViewV1alpha3596.dll
Filesize
85KB

MD5
4e3a899af7af6b6c5dea01cf1fdc76ad

SHA1
49d5a523a77e04c5eb423e761226ae2a33674310

SHA256
7d3870ed2d392e8b683c690151d11736469a6db550b7f339d0abc988cc088336

SHA512
4d96bc3d2591954ae967a4ac3ede33c1c3893d0dcae9e704ccab8bc1e8a8a53cdc0adbcffeeff82454c59fc3cac50d52c42f8e0d8dd2b241f68db2624b52513b

Download Submit
\Program Files (x86)\MediaViewV1\MediaViewV1alpha3596\ie\MediaViewV1alpha3596.dll
Filesize
85KB

MD5
4e3a899af7af6b6c5dea01cf1fdc76ad

SHA1
49d5a523a77e04c5eb423e761226ae2a33674310

SHA256
7d3870ed2d392e8b683c690151d11736469a6db550b7f339d0abc988cc088336

SHA512
4d96bc3d2591954ae967a4ac3ede33c1c3893d0dcae9e704ccab8bc1e8a8a53cdc0adbcffeeff82454c59fc3cac50d52c42f8e0d8dd2b241f68db2624b52513b

Download Submit
\Users\Admin\AppData\Local\Temp\nsy3101.tmp\aminsis.dll
Filesize
559KB

MD5
75fccc3ffe4fdeaa26b9098975ba3772

SHA1
9f04339adecad084b9696f757a8c12d3fd036be0

SHA256
71fd0603ba5bb405a0d134595c0d7f7d2ffd83bf1d083d4ccb6e7382f5bef81e

SHA512
bd3c65aa43b88dd3e1449180944d7dd6df3734fb1097117be4285b8b4bd72e7decf5e3e18e8a49b51b71b47b9ae9e444128dfeb1167a4b04a08dc220d314e3bd

Download Submit
memory/748-54-0x0000000076811000-0x0000000076813000-memory.dmp

Filesize
8KB

Download
memory/1964-56-0x0000000000000000-mapping.dmp

Download
memory/2044-60-0x0000000000000000-mapping.dmp

Download

pid	process
748	033170b7ea9e53ab040d23aecb1e541d2e64ac8af6781147aac007ef6f1b5060.exe
1964	regsvr32.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads