37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb

General

Target

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
Size

316KB
MD5

40a96c42e50077f03f9873a696427b0c
SHA1

5932ee55845edbeb10c7bc612b88eb2f1c7316cd
SHA256

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb
SHA512

45883c375d9384a99065db8e33778647e31ca7c16baee5f46ef859baf21954b72b7e100ef96adaf3e581cff8a60ee0d91ebe98b364ef9ad7eb3bf0d6efc64b84

Score

10^/10

evasion persistence trojan upx

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Roaming\\e476yexdjs.exe"	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\AppData\\Roaming\\e476yexdjs.exe"	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Disables RegEdit via registry modification 1 IoCs

evasion

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Disables Task Manager via registry modification
evasion

Modifies Installed Components in the registry 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ZT5B0cUB-7Ln8-ERbk-bYZw-GfsEiQpHSoxF}	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{ZT5B0cUB-7Ln8-ERbk-bYZw-GfsEiQpHSoxF}\Vp8VykqmSuJMWPi = "\"C:\\Users\\Admin\\AppData\\Roaming\\e476yexdjs.exe\" /ActiveX"	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/908-57-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral1/memory/908-59-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral1/memory/908-61-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral1/memory/908-63-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral1/memory/908-65-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral1/memory/908-66-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral1/memory/908-67-0x0000000000400000-0x000000000049A000-memory.dmp	upx
behavioral1/memory/908-70-0x0000000000400000-0x000000000049A000-memory.dmp	upx

Loads dropped DLL 1 IoCs

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

pid process

908 37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Windows\CurrentVersion\Run\Vp8VykqmSuJMWPi = "C:\\Users\\Admin\\AppData\\Roaming\\e476yexdjs.exe"	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Vp8VykqmSuJMWPi = "C:\\Users\\Admin\\AppData\\Roaming\\e476yexdjs.exe"	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Modifies WinLogon 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

description	pid	process	target process
PID 1704 set thread context of 908	1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-790309383-526510583-3802439154-1000\Software\Microsoft\Internet Explorer\Main	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

pid	process
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	468	AUDIODG.EXE
Token: 33	468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	468	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 10 IoCs

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

pid	process
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

pid	process
1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
908	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

description	pid	process	target process
PID 1704 wrote to memory of 908	1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
PID 1704 wrote to memory of 908	1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
PID 1704 wrote to memory of 908	1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
PID 1704 wrote to memory of 908	1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
PID 1704 wrote to memory of 908	1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
PID 1704 wrote to memory of 908	1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
PID 1704 wrote to memory of 908	1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
PID 1704 wrote to memory of 908	1704	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe	37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe

C:\Users\Admin\AppData\Local\Temp\37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
"C:\Users\Admin\AppData\Local\Temp\37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704

C:\Users\Admin\AppData\Local\Temp\37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
C:\Users\Admin\AppData\Local\Temp\37a3c510bf94138e9cc983c691fdfaf22a8de1bbac3cf718a7e522649cdf88fb.exe
2⤵
- Modifies WinLogon for persistence
- Disables RegEdit via registry modification
- Modifies Installed Components in the registry
- Loads dropped DLL
- Adds Run key to start application
- Checks whether UAC is enabled
- Modifies WinLogon
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x570
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:468

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

2

T1004

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

5

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dwlGina3.dll
Filesize
93KB

MD5
1173123287198dce1eb831f04e28352c

SHA1
39d650f4297c990a7ffaa7dc3b6d0ef903c9bd14

SHA256
65d4582e135c774d9c827ae08de8b77f199ee934f13d1a0537df4f5d18f590ba

SHA512
e9fdb6e808b0f3ed850fb364d48609a9726fd41ad138594fc04f8d48d5672aec3aaa76af236f07c4263c053dc539f99009e74491adb03c885190dcce78f0cede

Download Submit
memory/908-64-0x0000000076241000-0x0000000076243000-memory.dmp

Filesize
8KB

Download
memory/908-59-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/908-61-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/908-62-0x0000000000497350-mapping.dmp

Download
memory/908-63-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/908-56-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/908-65-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/908-66-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/908-67-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/908-57-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download
memory/908-69-0x0000000000660000-0x000000000067C000-memory.dmp

Filesize
112KB

Download
memory/908-70-0x0000000000400000-0x000000000049A000-memory.dmp

Filesize
616KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads