trickbot | 5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4

General

Target

5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
Size

362KB
MD5

cbb0ce54b5eec9de6ed74a9d5f0ac537
SHA1

2be319bb3d27cdee6b021f54de20eb5ea7d9009d
SHA256

5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4
SHA512

afd926f78c36f8901eca187aee43c24ab02f0e954658defe192b122422112aaa0e7b82e62509a8b54ae4dfc99a79c5b49a82286247ba30fabde69a79de7cc353

Score

10^/10

trickbot lib239 banker persistence trojan

Malware Config

Extracted

Family

trickbot

Version

1000206

Botnet

lib239

C2

93.109.242.134:443

46.47.50.44:443

190.7.199.42:443

158.58.131.54:443

86.125.39.173:443

208.75.117.70:443

185.168.185.218:443

109.86.227.152:443

185.129.78.167:443

190.4.189.129:443

65.30.201.40:443

66.232.212.59:443

80.53.57.146:443

92.55.251.211:449

94.112.52.197:449

209.121.142.202:449

5.102.177.205:449

209.121.142.214:449

95.161.180.42:449

185.42.192.194:449

Attributes

autorun
Control:GetSystemInfo
Name:systeminfo
Name:injectDll

ecc_pubkey.base64

Signatures

Trickbot
Developed in 2016, TrickBot is one of the more recent banking Trojans.
trojan banker trickbot

Trickbot x86 loader 4 IoCs

Detected Trickbot's x86 loader that unpacks the x86 payload.

Processes:

resource	yara_rule
behavioral2/memory/3260-131-0x0000000000400000-0x000000000043B000-memory.dmp	trickbot_loader32
behavioral2/memory/3260-136-0x0000000000400000-0x000000000043B000-memory.dmp	trickbot_loader32
behavioral2/memory/116-144-0x0000000000400000-0x000000000043B000-memory.dmp	trickbot_loader32
behavioral2/memory/116-153-0x0000000000400000-0x000000000043B000-memory.dmp	trickbot_loader32

Executes dropped EXE 2 IoCs

Processes:

6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe

pid	process
4056	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

svchost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\C:\Users\Admin\AppData\Roaming\freenet\6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe = "C:\\Users\\Admin\\AppData\\Roaming\\freenet\\6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-2372564722-193526734-2636556182-1000\Software\Microsoft\Windows\CurrentVersion\Run	svchost.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

47 icanhazip.com

flow	ioc
47	icanhazip.com

Suspicious use of SetThreadContext 2 IoCs

Processes:

5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe

description	pid	process	target process
PID 2964 set thread context of 3260	2964	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
PID 4056 set thread context of 116	4056	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe

description	pid	process	target process
PID 2964 wrote to memory of 3260	2964	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
PID 2964 wrote to memory of 3260	2964	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
PID 2964 wrote to memory of 3260	2964	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
PID 2964 wrote to memory of 3260	2964	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
PID 2964 wrote to memory of 3260	2964	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
PID 2964 wrote to memory of 3260	2964	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
PID 2964 wrote to memory of 3260	2964	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
PID 3260 wrote to memory of 4056	3260	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 3260 wrote to memory of 4056	3260	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 3260 wrote to memory of 4056	3260	5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 4056 wrote to memory of 116	4056	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 4056 wrote to memory of 116	4056	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 4056 wrote to memory of 116	4056	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 4056 wrote to memory of 116	4056	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 4056 wrote to memory of 116	4056	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 4056 wrote to memory of 116	4056	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 4056 wrote to memory of 116	4056	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe
PID 116 wrote to memory of 4688	116	6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe	svchost.exe

C:\Users\Admin\AppData\Local\Temp\5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
"C:\Users\Admin\AppData\Local\Temp\5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2964

C:\Users\Admin\AppData\Local\Temp\5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe
"C:\Users\Admin\AppData\Local\Temp\5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:3260

C:\Users\Admin\AppData\Roaming\freenet\6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
C:\Users\Admin\AppData\Roaming\freenet\6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4056

C:\Users\Admin\AppData\Roaming\freenet\6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
"C:\Users\Admin\AppData\Roaming\freenet\6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe"
4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
5⤵
- Adds Run key to start application
PID:4688

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Crypt.exe
Filesize
228KB

MD5
1a2a2752048adc035bf63a848ebbc356

SHA1
af006508b716c9f0d43c4646ba7ffccaad7790a6

SHA256
eae84a99d71dcc939db9e809f6fbd5803083c1d4d7728dc7adb2a1214c1a068d

SHA512
2aae63e438c56b4d0bdc1547b2bd35bdad12924a8aeeb91396d16a31307a937dc69ac628b31656ed61f75a216f1cf9249f9e2b7585d2ecf40db0276ded92c9a6

Download Submit
C:\Users\Admin\AppData\Roaming\freenet\6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
Filesize
362KB

MD5
cbb0ce54b5eec9de6ed74a9d5f0ac537

SHA1
2be319bb3d27cdee6b021f54de20eb5ea7d9009d

SHA256
5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4

SHA512
afd926f78c36f8901eca187aee43c24ab02f0e954658defe192b122422112aaa0e7b82e62509a8b54ae4dfc99a79c5b49a82286247ba30fabde69a79de7cc353

Download Submit
C:\Users\Admin\AppData\Roaming\freenet\6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
Filesize
362KB

MD5
cbb0ce54b5eec9de6ed74a9d5f0ac537

SHA1
2be319bb3d27cdee6b021f54de20eb5ea7d9009d

SHA256
5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4

SHA512
afd926f78c36f8901eca187aee43c24ab02f0e954658defe192b122422112aaa0e7b82e62509a8b54ae4dfc99a79c5b49a82286247ba30fabde69a79de7cc353

Download Submit
C:\Users\Admin\AppData\Roaming\freenet\6cb192d4f88cfa608a4ca9dbd69d9310d2deb3cc7326a60ab248b9a7689d91f4.exe
Filesize
362KB

MD5
cbb0ce54b5eec9de6ed74a9d5f0ac537

SHA1
2be319bb3d27cdee6b021f54de20eb5ea7d9009d

SHA256
5cb182d4f77cfa507a4ca9dbd59d8310d2deb3cc6325a50ab247b8a6578d91f4

SHA512
afd926f78c36f8901eca187aee43c24ab02f0e954658defe192b122422112aaa0e7b82e62509a8b54ae4dfc99a79c5b49a82286247ba30fabde69a79de7cc353

Download Submit
memory/116-141-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download
memory/116-137-0x0000000000000000-mapping.dmp

Download
memory/116-144-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/116-153-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3260-136-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3260-131-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3260-130-0x0000000000000000-mapping.dmp

Download
memory/4056-132-0x0000000000000000-mapping.dmp

Download
memory/4688-145-0x0000000000000000-mapping.dmp

Download
memory/4688-147-0x0000000140000000-0x0000000140035000-memory.dmp

Filesize
212KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads