adbbd78d5c79c11d3e5f723085b3d5d3fb2a34047a3e2a8791cdd764b78b08f7

General

Target

Remittance_Advice_BofA.xls
Size

129KB
MD5

ef647821a5b83276209b316934bad8ab
SHA1

1e01b86c162aad282434c34d13147dd404e8d59a
SHA256

adbbd78d5c79c11d3e5f723085b3d5d3fb2a34047a3e2a8791cdd764b78b08f7
SHA512

a2d6cb284376ac52fbeaf895b85e7924b17248b4af8b057c5c24990430963aa0a04a427a3aa2634e4d8594579c23411afa5bbc446933f2fee2bf65dd60e4f55c

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

WScript.exe

description	pid	pid_target	process	target process
Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process	1792	1972	WScript.exe	EXCEL.EXE

Office loads VBA resources, possible macro or embedded object present
Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

EXCEL.EXE

description ioc process

Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 31 IoCs

adware spyware

Modify Registry

T1112

Processes:

EXCEL.EXE

description	ioc	process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Internet Explorer\MenuExt	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\ = "&Edit"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Internet Explorer\Toolbar	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\COMMAND	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\COMMAND	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default HTML Editor\shell\edit\ = "&Edit"	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Default MHTML Editor\shell	EXCEL.EXE

Modifies registry class 64 IoCs

Processes:

EXCEL.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\ = "&Open"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\mhtmlfile	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit\command	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\ShellEx	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\ = "&Open"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\application\ = "Excel"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\ = "&Edit"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shellex\IconHandler	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Old Icon\htmlfile	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\WINWORD.EXE\" /n \"%1\""	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe\shell\edit\ddeexec	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Publisher\shell\edit\ = "&Open"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\ = "&Print"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\application\ = "Excel"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Print\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe\" /p %1"	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0057004f0052004400460069006c00650073003e00620069002400540021005600210030005a003d007b0050006b00300076006d007e0041005a00750020002f006e002000220025003100220000000000	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\command	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\InprocServer32\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohevi.dll"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\command	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Microsoft Excel\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b0045005800430045004c00460069006c00650073003e00560069006a00710042006f006600280059003800270077002100460049006400310067004c00510020002f0064006400650000000000	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe\shell\edit\command\ = "\"C:\\Program Files (x86)\\Microsoft Office\\Office14\\MSPUB.EXE\" %1"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\DefaultIcon	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Edit	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Word\shell\edit\ = "&Open"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\Excel.exe	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Excel.exe\shell\edit\ddeexec\topic\ = "system"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\MSPub.exe	EXCEL.EXE
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\mhtmlfile\shell\Edit\command	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\ShellEx	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{42042206-2D85-11D3-8CFF-005004838597}\Version\14\ = "C:\\Program Files (x86)\\Microsoft Office\\Office14\\msohtmed.exe"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\WinWord.exe	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f44471a0359723fa74489c55595fe6b30ee0000	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\htmlfile\shell\Print\command	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\WinWord.exe\shell\edit\command	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Excel\shell\edit\ddeexec\topic\ = "system"	EXCEL.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\.htm\OpenWithList\Microsoft Publisher\shell\edit\command\command = 7800620027004200560035002100210021002100210021002100210021004d004b004b0053006b005000750062005000720069006d006100720079003e00520024006e0075006a0053005700460065003f007d0061004c00720052007000390078004000570020002500310000000000	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.mht\OpenWithList\MSPub.exe\shell\edit\command	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 52003100000000000c5596651020526f616d696e67003c0008000400efbe0c55db600c5596652a000000ec01000000000200000000000000000000000000000052006f0061006d0069006e006700000016000000	EXCEL.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2591564548-2301609547-1748242483-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

1972 EXCEL.EXE
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

EXCEL.EXE

pid process

1972 EXCEL.EXE
1972 EXCEL.EXE
1972 EXCEL.EXE

pid	process
1972	EXCEL.EXE

pid	process
1972	EXCEL.EXE
1972	EXCEL.EXE
1972	EXCEL.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

EXCEL.EXE

description	pid	process	target process
PID 1972 wrote to memory of 1792	1972	EXCEL.EXE	WScript.exe
PID 1972 wrote to memory of 1792	1972	EXCEL.EXE	WScript.exe
PID 1972 wrote to memory of 1792	1972	EXCEL.EXE	WScript.exe
PID 1972 wrote to memory of 1792	1972	EXCEL.EXE	WScript.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\Remittance_Advice_BofA.xls
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\rkWwH.js"
2⤵
- Process spawned unexpected child process
PID:1792

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\rkWwH.js
Filesize
695B

MD5
a51c8b5b1cc6760162e64ad7a78f2a58

SHA1
b77df00003a083c6ef6931814f22f396262d4d8b

SHA256
099c3c05d2bd26e2095a122aba20ec47a0710ecf7cc17b262419cfab6fc38381

SHA512
855e733e65c55c0f00b1df3fa3e6fe396a90eb9ea23efbd044c9c91eced84d96d8ae09eae65e67b9387af4e47e50d943f0f53f721875472b1fcc87d617a87828

Download Submit
memory/1792-79-0x0000000000000000-mapping.dmp

Download
memory/1972-68-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-58-0x0000000076761000-0x0000000076763000-memory.dmp

Filesize
8KB

Download
memory/1972-69-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-70-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-60-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-61-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-62-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-63-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-64-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-65-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-66-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-67-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-82-0x0000000072A7D000-0x0000000072A88000-memory.dmp

Filesize
44KB

Download
memory/1972-57-0x0000000072A7D000-0x0000000072A88000-memory.dmp

Filesize
44KB

Download
memory/1972-59-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-71-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-72-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-73-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-74-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-75-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-76-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-77-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-78-0x00000000004D7000-0x00000000004E2000-memory.dmp

Filesize
44KB

Download
memory/1972-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1972-55-0x0000000071A91000-0x0000000071A93000-memory.dmp

Filesize
8KB

Download
memory/1972-54-0x000000002FE11000-0x000000002FE14000-memory.dmp

Filesize
12KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads