modiloader | 6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0

General

Target

6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
Size

3.2MB
MD5

ab8e9ac36f014b3e59d38f5a41dd5abe
SHA1

b040fed81d9d11384d8f972e51fb946128ddc398
SHA256

6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0
SHA512

7004299e4eda607bac1ca3b89a38ff9e23065e0601269f03b699788bd39f858ac24aef0bd84690aafb24b76a52ee945635e56c06742f4f08b7f109c001c6f269

Score

10^/10

modiloader evasion themida trojan

Malware Config

Signatures

ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
trojan modiloader
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

ModiLoader Second Stage 39 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3136-144-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-145-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-146-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-147-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-149-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-150-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-151-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-148-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-153-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-154-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-155-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-152-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-156-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-157-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-158-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-159-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-160-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-161-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-162-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-163-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-164-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-165-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-166-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-168-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-169-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-167-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-172-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-173-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-171-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-175-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-174-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-182-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-183-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-184-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-185-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-187-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-188-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-189-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2
behavioral1/memory/3136-186-0x00000000051B0000-0x000000000520B000-memory.dmp	modiloader_stage2

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/memory/3136-130-0x0000000000400000-0x0000000000738000-memory.dmp	themida
behavioral1/memory/3136-133-0x0000000000400000-0x0000000000738000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

pid process

3136 6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3616 2032 WerFault.exe 6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

pid	pid_target	process	target process
3616	2032	WerFault.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

pid	process
3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

C:\Users\Admin\AppData\Local\Temp\6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
"C:\Users\Admin\AppData\Local\Temp\6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3136

C:\Users\Admin\AppData\Local\Temp\6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
C:\Users\Admin\AppData\Local\Temp\6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
2⤵
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 84
3⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2032 -ip 2032
1⤵
PID:3320

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1

T1497

Credential Access

Discovery

Query Registry

2

T1012

Virtualization/Sandbox Evasion

1

T1497

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2032-170-0x0000000000000000-mapping.dmp

Download
memory/3136-162-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-144-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-134-0x0000000077B80000-0x0000000077D23000-memory.dmp

Filesize
1.6MB

Download
memory/3136-130-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3136-145-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-146-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-147-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-149-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-150-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-151-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-161-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-153-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-163-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-155-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-152-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-156-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-157-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-158-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-159-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-160-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-148-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-133-0x0000000000400000-0x0000000000738000-memory.dmp

Filesize
3.2MB

Download
memory/3136-154-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-164-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-165-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-166-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-168-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-169-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-167-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-132-0x0000000077B80000-0x0000000077D23000-memory.dmp

Filesize
1.6MB

Download
memory/3136-172-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-173-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-171-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-175-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-174-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-182-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-183-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-184-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-185-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-187-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-188-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-189-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-186-0x00000000051B0000-0x000000000520B000-memory.dmp

Filesize
364KB

Download
memory/3136-190-0x0000000077B80000-0x0000000077D23000-memory.dmp

Filesize
1.6MB

Download

description	pid	process	target process
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe
PID 3136 wrote to memory of 2032	3136	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe	6d0a5048b64ef4877f1ea3480f95b899344dd020c05130055260048b91201dc0.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads