ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488

Resubmissions

24-08-2022 10:54

220824-mzk5ascdck 10

24-08-2022 10:49

220824-mwqklsdch4 10

24-08-2022 10:43

220824-mshetsdcc7 10

Analysis

max time kernel
218s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
24-08-2022 10:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Ransomware.WannaCry_Plus.zip
Size

2.3MB
MD5

5641d280a62b66943bf2d05a72a972c7
SHA1

c857f1162c316a25eeff6116e249a97b59538585
SHA256

ab14c3f5741c06ad40632447b2fc10662d151afb32066a507aab4ec866ffd488
SHA512

0633bc32fa6d31b4c6f04171002ad5da6bb83571b9766e5c8d81002037b4bc96e86eb059d35cf5ce17a1a75767461ba5ac0a89267c3d0e5ce165719ca2af1752
SSDEEP

49152:9mqR0GTCRh8C9PYUYwm79evoBD2HSypKLZ5u/KU940CwmWtSQX5ddmL6T:RA8GY3b9ev62yypKLlUVCpSSQX5ddmeT

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

taskmgr.exe

pid	process
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

taskmgr.exe

pid process

1168 taskmgr.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

AUDIODG.EXEtaskmgr.exe

description	pid	process
Token: 33	988	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	988	AUDIODG.EXE
Token: 33	988	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	988	AUDIODG.EXE
Token: SeDebugPrivilege	1168	taskmgr.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

msdt.exetaskmgr.exe

pid	process
316	msdt.exe
316	msdt.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe

Suspicious use of SendNotifyMessage 35 IoCs

Processes:

taskmgr.exe

pid	process
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe
1168	taskmgr.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

pcwrun.exesdiagnhost.execsc.execsc.execsc.exemsdt.exe

description	pid	process	target process
PID 976 wrote to memory of 316	976	pcwrun.exe	msdt.exe
PID 976 wrote to memory of 316	976	pcwrun.exe	msdt.exe
PID 976 wrote to memory of 316	976	pcwrun.exe	msdt.exe
PID 1356 wrote to memory of 1496	1356	sdiagnhost.exe	csc.exe
PID 1356 wrote to memory of 1496	1356	sdiagnhost.exe	csc.exe
PID 1356 wrote to memory of 1496	1356	sdiagnhost.exe	csc.exe
PID 1496 wrote to memory of 1620	1496	csc.exe	cvtres.exe
PID 1496 wrote to memory of 1620	1496	csc.exe	cvtres.exe
PID 1496 wrote to memory of 1620	1496	csc.exe	cvtres.exe
PID 1356 wrote to memory of 1600	1356	sdiagnhost.exe	csc.exe
PID 1356 wrote to memory of 1600	1356	sdiagnhost.exe	csc.exe
PID 1356 wrote to memory of 1600	1356	sdiagnhost.exe	csc.exe
PID 1600 wrote to memory of 1716	1600	csc.exe	cvtres.exe
PID 1600 wrote to memory of 1716	1600	csc.exe	cvtres.exe
PID 1600 wrote to memory of 1716	1600	csc.exe	cvtres.exe
PID 1356 wrote to memory of 1052	1356	sdiagnhost.exe	csc.exe
PID 1356 wrote to memory of 1052	1356	sdiagnhost.exe	csc.exe
PID 1356 wrote to memory of 1052	1356	sdiagnhost.exe	csc.exe
PID 1052 wrote to memory of 864	1052	csc.exe	cvtres.exe
PID 1052 wrote to memory of 864	1052	csc.exe	cvtres.exe
PID 1052 wrote to memory of 864	1052	csc.exe	cvtres.exe
PID 316 wrote to memory of 1412	316	msdt.exe	rundll32.exe
PID 316 wrote to memory of 1412	316	msdt.exe	rundll32.exe
PID 316 wrote to memory of 1412	316	msdt.exe	rundll32.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ransomware.WannaCry_Plus.zip
1⤵
PID:1496

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x564
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:988

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" shell32.dll,Options_RunDLL 0
1⤵
PID:980

C:\Windows\system32\pcwrun.exe
C:\Windows\system32\pcwrun.exe "C:\Users\Admin\Desktop\Win32.Wannacry.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:976

C:\Windows\System32\msdt.exe
C:\Windows\System32\msdt.exe -path C:\Windows\diagnostics\index\PCWDiagnostic.xml -af C:\Users\Admin\AppData\Local\Temp\PCWE947.xml /skip TRUE
2⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:316

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Windows\system32\pcwutl.dll,CreateAndRunTask -path "C:\Users\Admin\Desktop\Win32.Wannacry.exe"
3⤵
PID:1412

C:\Windows\System32\sdiagnhost.exe
C:\Windows\System32\sdiagnhost.exe -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:1356

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nflaann-.cmdline"
2⤵
- Suspicious use of WriteProcessMemory
PID:1496

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF901.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCF900.tmp"
3⤵
PID:1620

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\owwevim5.cmdline"
2⤵
- Suspicious use of WriteProcessMemory
PID:1600

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFA48.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFA47.tmp"
3⤵
PID:1716

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1pu2jnh6.cmdline"
2⤵
- Suspicious use of WriteProcessMemory
PID:1052

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESFBEE.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCFBED.tmp"
3⤵
PID:864

C:\Windows\system32\taskeng.exe
taskeng.exe {08146CEC-4E13-4F87-AFC0-6930E5E54E7F} S-1-5-21-2591564548-2301609547-1748242483-1000:JNHATGLZ\Admin:Interactive:[1]
1⤵
PID:876

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1168

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1pu2jnh6.dll
Filesize
6KB

MD5
d62a20d34994f50d181ce55298207d72

SHA1
e9df07d12abca8fdfb7227395304df418f9cff38

SHA256
0ae83b550be703663a1f54005a9d1af706fe72efecb35cad9792f691832f15ac

SHA512
ddcfc2376a771583055866babd489bb92bb221fe4ec70bbc1e9762c364a1c636f355a960b93942bb51607bd30e13507a33298703bcd111f6cda354b5aecfee8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\1pu2jnh6.pdb
Filesize
15KB

MD5
788c9c804d995484973ddb3c891a327b

SHA1
408530ed73e7e78cb09d7a181e95c04b24d451dd

SHA256
cb385d80b95a8bef7c8ac436b691831523d303adedfc81dee4608a54b2db9a17

SHA512
759510221f96dd60e448e540212948d5583628c8d8d2443437c1ffa067bef449344b864dd5b3cec1f25203c43adff43d8235aadb922222b81aebf2502083e8c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\PCWE947.xml
Filesize
722B

MD5
c6fe6b845c80a2636dc00f4625bdbd7c

SHA1
d3a192a2211174df08208abbc239dd7c28d8fefa

SHA256
08e4540c973f5bd3d3ebe61f6ad8e018e149d5e1b3da4716fbd7a7cbf0e9ff14

SHA512
c9030a0d3c49eb9722d6a7ccd0c5e3ad577e8ee6f57396ed0a9ceedaad17e380300a22cf950bb59b2f32e822ab08a1f74fa8cbee313771fba1f3a02c845107c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESF901.tmp
Filesize
1KB

MD5
4a8aca4cadddbbc2adc59fa500274096

SHA1
ff2010de40c3ef01c3a4bd9c144ce2a0cc93aa4c

SHA256
c21b8a76f0f4eb8440632dd8bd0f00e2a17058146b652d08bbb583f1d216a032

SHA512
fb3815b946da219e753a221466db83d6844c3ed738c88ddba749522bd27e6cc901349a446a94ad0f55fadc5160987e411f3397da64b2a81dee61f8b0690e1690

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESFA48.tmp
Filesize
1KB

MD5
56531a7cc6459098388adf028d6237cb

SHA1
54fd8fb4b562b67b0833bd075e12c7f9eda8f48f

SHA256
c7a1bf496f81ff20c2c254feab55743a86ade719731e55e7ca557c5deb57397d

SHA512
13b3a5fecb1198d8a96c2063319be5e5cdb359f2c9dcde6a1e3cff8fb06f3a5a7d39b1b5a4330731e7b7d934c9491512e3ae1b9bc0b147a5e4465079484f51fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESFBEE.tmp
Filesize
1KB

MD5
381d630475d72c89041511ec7ec7c56c

SHA1
edd744ba41300d17ea79c4abd41c9c8613588ae9

SHA256
d7c5dde93538918454867d523c137dbca1d0a7612dfc2188c56ab4103ac9a81e

SHA512
8490e59c0dff833bb3409f0803e00cd9a22a851b4f28820fb725651381640bebc58890b75e7b2c59c671dd71a18746f56b98003c3474e456b410da666e250b47

Download Submit
C:\Users\Admin\AppData\Local\Temp\nflaann-.dll
Filesize
4KB

MD5
eeca674514fc3b27b3ef1f496126e8d6

SHA1
7d15e366556a25bf4c0672f26be36b8289c87b3d

SHA256
f20833fa0f935be25610d3308dcfd73cc2fe55642ae5aa5693084df3743b2cb0

SHA512
090ea898bad45e593a75a93ddc0b5c6193d55100f7606146d17f5bdef4671e5d96701e962b0df1d56de13f6ea58ae901edf1f8da78d30bfbd7dc77774b8ff05d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nflaann-.pdb
Filesize
11KB

MD5
3c9e711a6b64a48ca6cf464727a11053

SHA1
f8465cdfca558771134c27cc88e2229daf6683fa

SHA256
f40897bdb1a768beb77bb44dce117c6b9ba2352611e4500bca3dd4267eb556d8

SHA512
d52c3af4ca20198b8891d9d0fb390c89960f1b36e4c4b77e4901a842f15d89ed8e6f48dd3bb523d664b2a3caff738a7feeb14830caa108dcbcde0d1ee6126177

Download Submit
C:\Users\Admin\AppData\Local\Temp\owwevim5.dll
Filesize
4KB

MD5
76153e852057689884626c5fae6d8b65

SHA1
83bfe5007537e7ead6995e391abd6e04f988d98d

SHA256
640aaf1003f9f7b1aae661c1bf3d32b83edad1ed7c77321bd900f63709dfee3a

SHA512
ae3f6016c07a9a3fb8a4f2a70e0c267b7ea0b1dc5328f98f37bca3e71b64d5a87c1a9081d0d117343e1f908e7cdfedff028ecd175e9aaff99c23803aa7253524

Download Submit
C:\Users\Admin\AppData\Local\Temp\owwevim5.pdb
Filesize
11KB

MD5
3f4ffd7a7cab43cf23f2f42c19025d92

SHA1
b42cbe8ac5af8d2d26ac7316828ba415e3621469

SHA256
d94105a408d1402027574a57a4aecfeb8a6d4f6c8e79d5fab95a6a7a967a0fa5

SHA512
bcf8604bd9e74cd89a98a75e530a34fd193784bd7fb64f47196fc9a8aa047c27b39bbae42799bdb1674e1dba027ef3c0febc3b881b1381c6d224ec84568cd195

Download Submit
C:\Windows\TEMP\SDIAG_03834f9c-8ff3-4f6c-80f9-54f66e0ea4c1\RS_ProgramCompatibilityWizard.ps1
Filesize
37KB

MD5
367fe5f4c6db87e1600f46687e5aac54

SHA1
9807dc03ea1ecf6ab12f36feec43e2a635ebe145

SHA256
177625ac9b07bbffcbbb47101c2d1121f47b03b42226861bfd7974b9cebc0c98

SHA512
694e1a2c2c508aa6105872d867981431ef895834703ab498c2483630a97a46cbc1ecff9a62857fbebeb85cf2ef9c4dc51e4b6f20cf74c65c1b67f68acabfa303

Download Submit
C:\Windows\TEMP\SDIAG_03834f9c-8ff3-4f6c-80f9-54f66e0ea4c1\TS_ProgramCompatibilityWizard.ps1
Filesize
9KB

MD5
46e22c2582b54be56d80d7a79fec9bb5

SHA1
604fac637a35f60f5c89d1367c695feb68255ccd

SHA256
459af2960b08e848573d45a7350223657adb2115f24a3c37e69ffe61dea647f9

SHA512
a9a24df3fb391738405d2ea32cd3ef8657d8d00d7366858a39c624dc9ebbf0b64d2817355d41eed6ad3cc7703d264d2921c8a2590ff95601d89f3cca72ba786f

Download Submit
C:\Windows\TEMP\SDIAG_03834f9c-8ff3-4f6c-80f9-54f66e0ea4c1\en-US\CL_LocalizationData.psd1
Filesize
6KB

MD5
5e03d8afb0fae97904a14d6b2d1cac9a

SHA1
78f401b1944ed92965d7a48dba036413688f949a

SHA256
538a5f22a12b0be59a7a83e0381c6ff661932f07643a87c2d3a542eade741671

SHA512
884c0494728dd9f1a4fc8092152b2253350304b745d6fc1e4b02c9cd2366bc8c92a169c549cd77bcd67e5e2e515d89d46c1d11de5eeb500d531d87839365cd19

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1pu2jnh6.0.cs
Filesize
5KB

MD5
252f38959fe104203e386334ad7affc2

SHA1
2c8d8a8f2952d79afbb9f1c39407aed139a6ca60

SHA256
32d6b5a428a39416d88b77bcb7569c68ece04d78805ee8200275ba37b4648216

SHA512
7a7cb397908f0b68255f44d13b56f24b98566445f48f609c04093e9f319b3b1e06df22a5a0783faa59c12e221d3597a8a950d1c10f5a3502ddb091ebdd362421

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1pu2jnh6.cmdline
Filesize
309B

MD5
9e8d1664dff69d3e7225f337261f38ea

SHA1
0ac4999ed41d1c86794d9949c2e0db8481c25eb0

SHA256
d07f0ea66b0673b2592dc0a73c8be39394f6ebd25961d1a5083759e64d7413f5

SHA512
240a3619a5543f50ffc3735bdadff1f7dfa1ff4502f8b7b322ab8f94931b5d530a20258d980fc4655c23d4a4fedaeb68df7db6ae3676f3b8de0516ca6c3911ae

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCF900.tmp
Filesize
652B

MD5
b513b31323475a66c98ef05654ce9d7d

SHA1
b9a5ae0413f03961d9c2c996d006c7a430513f8a

SHA256
4f6eef8b5389e6d63265566dda714145f922ec2bfca1afac008e059719658400

SHA512
a7ce4c31cf57d7a6883b11907b31fb39c09155cb940bb68d43097968b24b5b8ee220903998da1794987cdfa30562ec1262b32ef16db576782c1639ab7f053d2d

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCFA47.tmp
Filesize
652B

MD5
3fb762713a3315140a16129c152a7dc1

SHA1
7a931113f25bfcf18507adeb000440d144fe3fdd

SHA256
c64bce7cbaf92b5f4865b276151e0ce5284c52e864eb2fb49b3598b2a23e54ec

SHA512
7940eecec0c29e38d2fe68bdf55cd2fe8b207dfd884d7e67fbee50c0ec1a56c1bfd3fe0fb2c1f544c922f30b8c4ed3796b3e3ecd504fc492cfcf04cb55503912

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCFBED.tmp
Filesize
652B

MD5
c05473463c1f288cf7585b43f9dafa35

SHA1
7b150f5113beb63c17db0143ac79635a8150b462

SHA256
7209abc3c2e314062cf7adfd3ba00fd5767c5986c0d46c54f3a61b7ca663d306

SHA512
6cc19e4b45c38b15d8e5e1b8280e04275b482d972eded687516a1e96a54abea4a22ddeefc9720590e18036f36832413286f1a8f4e9d5601e5bdedc1d9714fad6

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\nflaann-.0.cs
Filesize
965B

MD5
b0dc59b099ca7c12fb8ad72d3c50c82c

SHA1
f19e28849921cf51e322824c5a8ae8bc00014cd1

SHA256
e75eaaa3d7908fb05000c0a957048d20091a0d2575e87d091d11cdb3a5b562e5

SHA512
852c937d36afe3b6df5826b9f1877d511259e2a0ffcdf229c8c655ced7346b36e526928537386121e3ecbc8b1285144dabe3b760db1873cb3baaf70a0f21c364

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\nflaann-.cmdline
Filesize
309B

MD5
a245d73f20b5822830c6577f59797426

SHA1
e99607e71ccb6b33ceb102a37d9606f57d269473

SHA256
0afa91bedbc320aafde24d0485c4d26c274ce3e6721ee8121413d44e8e8b8975

SHA512
a3accd4dfc0bf29321cd10de53955b3bcb6226dd0df9c36ffef7f0baa993f3577dddb06dee897a47f50ff1ad0420e3f751c065a149f4cb592c1364a12d121394

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\owwevim5.0.cs
Filesize
791B

MD5
3880de647b10555a534f34d5071fe461

SHA1
38b108ee6ea0f177b5dd52343e2ed74ca6134ca1

SHA256
f73390c091cd7e45dac07c22b26bf667054eacda31119513505390529744e15e

SHA512
2bf0a33982ade10ad49b368d313866677bca13074cd988e193b54ab0e1f507116d8218603b62b4e0561f481e8e7e72bdcda31259894552f1e3677627c12a9969

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\owwevim5.cmdline
Filesize
309B

MD5
a1eaf77cc53037d8971ccf3079065c56

SHA1
8b277c5025066e67896bc51a5a1b668b2f825e2c

SHA256
643a6fd3aa21e7acb3f1363fc61dec86b00f10b66c91efa820f600d9b4f9d4b5

SHA512
58f176603eb7ebc27d687e5c759509524cfe83e8bb5c646aa5a0975b8857e7d9307ff6d8edc96edd8100aea0e6f91d4b534c2c33556e0ad2c5ad3dc55f9fca6c

Download Submit
memory/316-54-0x0000000000000000-mapping.dmp

Download
memory/316-55-0x000007FEFC1E1000-0x000007FEFC1E3000-memory.dmp

Filesize
8KB

Download
memory/864-81-0x0000000000000000-mapping.dmp

Download
memory/1052-78-0x0000000000000000-mapping.dmp

Download
memory/1168-90-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1168-89-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1356-57-0x000007FEF37B0000-0x000007FEF41D3000-memory.dmp

Filesize
10.1MB

Download
memory/1356-58-0x000007FEF2C50000-0x000007FEF37AD000-memory.dmp

Filesize
11.4MB

Download
memory/1356-86-0x00000000028B6000-0x00000000028D5000-memory.dmp

Filesize
124KB

Download
memory/1356-91-0x00000000028B6000-0x00000000028D5000-memory.dmp

Filesize
124KB

Download
memory/1356-92-0x00000000028B6000-0x00000000028D5000-memory.dmp

Filesize
124KB

Download
memory/1412-87-0x0000000000000000-mapping.dmp

Download
memory/1496-61-0x0000000000000000-mapping.dmp

Download
memory/1600-69-0x0000000000000000-mapping.dmp

Download
memory/1620-64-0x0000000000000000-mapping.dmp

Download
memory/1716-72-0x0000000000000000-mapping.dmp

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads