locky | fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d

General

Target

fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
Size

268KB
MD5

63fb4f33561739b31aa174428905bd27
SHA1

2340adeb468267329279c42bb16c3182bd463967
SHA256

fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d
SHA512

d95b827a6f8bcef238b56a218c29587518b45a7177c5aa2e002f80e3e1f945343d1b5090ddb5b75746066ec5e44b7f0aa59117c497bf116a2cd5dbc7cd9b4198

Score

10^/10

locky ransomware

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1804 cmd.exe

pid	process
1804	cmd.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\_WHAT_is.bmp"	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe

description	pid	process	target process
PID 656 set thread context of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Control Panel 2 IoCs

evasion

Processes:

fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Control Panel\Desktop\WallpaperStyle = "0"	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Control Panel\Desktop\TileWallpaper = "0"	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "363209121"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000358f16e0538341458b70f68dad1eafd400000000020000000000106600000001000020000000b9ad0230a6bac8e49077039de8150b492e095c43c106397c4939061fea3bb37d000000000e8000000002000020000000e72840a222623c814b578ff2bc095ba08bae3cf802112a9ab86802a55bcd62ce200000003c52dd14f83e13510dc8e2658ad67b90eefe412806698fd1c07bc6a7162b0b5a40000000e15f3907e37c25f1ef1aa6484f1ce2fd616db8ffc1e214454fdb102c1960d71657b703878feda0aad00ab9510cb69e2f722720571d140d2ddbee3283d3bcba91	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000358f16e0538341458b70f68dad1eafd400000000020000000000106600000001000020000000030dcf601b2cb4fcb98b03be1b43f85255c33f8f56bb87f5a090096c825ce14e000000000e80000000020000200000001bdfc1a53c684567b754e2187651a20715782d9df91d787d760c22c5b585da93900000002deed5b1cb593aa02727e1646ea35f58e74f23e0bf9e9cca134f907b22dca86933b10387868fc2038135d8805c40db518b3b3b93aa1fa8cdc4ac2ccea4d5e840c746c7ca34e0e74be3f62f0edf1f8da0332c82f13bd282a59325e26730fcf28329504278ce62b2f7bc486b279dac17bec52bea5b812105003fc1c3fc5ca6964a0ab3e598851e90cca60701d7feba16a6400000007ce860a3b1e5bfaba6c1e1ded19ec8fd67c1ce2630c2635b9f3788e203c5799dbd7c667f9dee0271701ba5a822e119e73f79e3f6a69ec0bb3cde858189458e96	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{A0626451-F717-11EC-8312-7EDEB47CBF10} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b2ba76248bd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1083475884-596052423-1669053738-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe

pid process

656 fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeDllHost.exe

pid process

1692 iexplore.exe
928 DllHost.exe
Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exeiexplore.exeIEXPLORE.EXE

pid process

656 fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
1692 iexplore.exe
1692 iexplore.exe
1888 IEXPLORE.EXE
1888 IEXPLORE.EXE

pid	process
656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe

pid	process
1692	iexplore.exe
928	DllHost.exe

pid	process
656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
1692	iexplore.exe
1692	iexplore.exe
1888	IEXPLORE.EXE
1888	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 29 IoCs

Processes:

fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exefdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exeiexplore.exe

description	pid	process	target process
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 656 wrote to memory of 864	656	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
PID 864 wrote to memory of 1692	864	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	iexplore.exe
PID 864 wrote to memory of 1692	864	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	iexplore.exe
PID 864 wrote to memory of 1692	864	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	iexplore.exe
PID 864 wrote to memory of 1692	864	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	iexplore.exe
PID 1692 wrote to memory of 1888	1692	iexplore.exe	IEXPLORE.EXE
PID 1692 wrote to memory of 1888	1692	iexplore.exe	IEXPLORE.EXE
PID 1692 wrote to memory of 1888	1692	iexplore.exe	IEXPLORE.EXE
PID 1692 wrote to memory of 1888	1692	iexplore.exe	IEXPLORE.EXE
PID 864 wrote to memory of 1804	864	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	cmd.exe
PID 864 wrote to memory of 1804	864	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	cmd.exe
PID 864 wrote to memory of 1804	864	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	cmd.exe
PID 864 wrote to memory of 1804	864	fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
"C:\Users\Admin\AppData\Local\Temp\fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:656
- C:\Users\Admin\AppData\Local\Temp\fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
  C:\Users\Admin\AppData\Local\Temp\fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe
  2⤵
  - Sets desktop wallpaper using registry
  - Modifies Control Panel
  - Suspicious use of WriteProcessMemory
  PID:864
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\_WHAT_is.html
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1692
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1692 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1888
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\fdd5325bd1371068d7948d57e640cd01869e5281e1e15eeddafa20448618a89d.exe"
    3⤵
    - Deletes itself
    PID:1804

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:928

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

1

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BZX9WLIC.txt

Filesize
604B

MD5
cd2005003e94b497267139c1bbe17d26

SHA1
8910224c418f79cd2590868174acc077de1dfc33

SHA256
677743ab05efc44456a58ab1f45de975b9eacb6bc8ff8bf30470843a9181ecf9

SHA512
e3425a05da12c45c4fb48411adfae314866189c2b4ce6926d655c40da28cca139da5fbabc8f6b460393bf68d384f92f4c5e4384c5e3603bb97bfb9a276ff357b

Download Submit
C:\Users\Admin\Desktop\_WHAT_is.bmp

Filesize
3.7MB

MD5
862c55987d4e5cc13ee7f55a303817c5

SHA1
c26d8850810ccf1e899c25f09e451bd3dce6bee7

SHA256
0cebaf1a0686520e2dbe8e326a5b5a2cbeb2f7ff4da230282373f8c215ad728d

SHA512
ae171a51f78f564ff0159260e1946e9af170d3f4b04cea9a400af93759c49cc5435b2dfed37cbb1b7e9beb98fdd73fa08cc8fd2c1961a966b6245d085e4fb9d3

Download Submit
C:\Users\Admin\Desktop\_WHAT_is.html

Filesize
8KB

MD5
609c6cb286b3bedeae2f3eed79a59ca3

SHA1
899c5f60a809e510adc10ad1c0d86135e2997990

SHA256
4e5258ada4a78980396701a009868d624726e2f629444f50aa238c23583a4c98

SHA512
60f6f8ed2bb032826e4bd7b8a199d3a1f45742d10e3ffcf3f1805e05ec8afd0fbcad815790026c9d45c9d27a6ddf9ed5af6a4492866845a8e5ccfec64b0f7b81

Download Submit
memory/656-62-0x00000000001F0000-0x00000000001F5000-memory.dmp

Filesize
20KB

Download
memory/656-54-0x00000000755A1000-0x00000000755A3000-memory.dmp

Filesize
8KB

Download
memory/864-73-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-78-0x0000000000405673-mapping.dmp

Download
memory/864-64-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-66-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-67-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-69-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-71-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-59-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-75-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-61-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-77-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-81-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-82-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-84-0x00000000001D0000-0x00000000001F7000-memory.dmp

Filesize
156KB

Download
memory/864-83-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-55-0x0000000000300000-0x0000000000400000-memory.dmp

Filesize
1024KB

Download
memory/864-87-0x00000000001D0000-0x00000000001F7000-memory.dmp

Filesize
156KB

Download
memory/864-57-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/864-56-0x0000000000400000-0x000000000133C000-memory.dmp

Filesize
15.2MB

Download
memory/1804-86-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads