82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3

General

Target

82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Size

172KB
MD5

5ccecef24e3f696769cd2a93eedbf3d1
SHA1

9178aedf82ac47a2f85436a9075e3bfd97596a92
SHA256

82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3
SHA512

ac4136ce8b64645034f39533b5a0c8f7f3772c73c3294828d2d1c22a68ad548ff87a1aed52ab6222b34b1c4bfc85e570967c528c8f68bbed16237425f200ad64
SSDEEP

3072:iOvYX/j8uGJRsBk7DccKs+gtTLjn7TwndWERRJqqEV4wYoUzI7NE:/RuGkBkEcKs5/T9qLzK+lza

Score

8^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

masu.exe

pid process

1132 masu.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1816 cmd.exe

pid	process
1816	cmd.exe

Loads dropped DLL 2 IoCs

Processes:

82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe

pid	process
1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

masu.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\Currentversion\Run	masu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\Iceko = "C:\\Users\\Admin\\AppData\\Roaming\\Acryb\\masu.exe"	masu.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of SetThreadContext 1 IoCs

Processes:

82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe

description	pid	process	target process
PID 1112 set thread context of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Privacy	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe

NTFS ADS 1 IoCs

Processes:

WinMail.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\0207776A-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

Processes:

masu.exe

pid	process
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe
1132	masu.exe

Suspicious use of AdjustPrivilegeToken 18 IoCs

Processes:

82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exeWinMail.execmd.exe

description	pid	process
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeSecurityPrivilege	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
Token: SeManageVolumePrivilege	1768	WinMail.exe
Token: SeSecurityPrivilege	1816	cmd.exe
Token: SeSecurityPrivilege	1816	cmd.exe
Token: SeSecurityPrivilege	1816	cmd.exe
Token: SeSecurityPrivilege	1816	cmd.exe
Token: SeSecurityPrivilege	1816	cmd.exe
Token: SeSecurityPrivilege	1816	cmd.exe
Token: SeSecurityPrivilege	1816	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

WinMail.exe

pid process

1768 WinMail.exe

pid	process
1768	WinMail.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exemasu.exe

description	pid	process	target process
PID 1112 wrote to memory of 1132	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	masu.exe
PID 1112 wrote to memory of 1132	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	masu.exe
PID 1112 wrote to memory of 1132	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	masu.exe
PID 1112 wrote to memory of 1132	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	masu.exe
PID 1132 wrote to memory of 1300	1132	masu.exe	taskhost.exe
PID 1132 wrote to memory of 1300	1132	masu.exe	taskhost.exe
PID 1132 wrote to memory of 1300	1132	masu.exe	taskhost.exe
PID 1132 wrote to memory of 1300	1132	masu.exe	taskhost.exe
PID 1132 wrote to memory of 1300	1132	masu.exe	taskhost.exe
PID 1132 wrote to memory of 1404	1132	masu.exe	Dwm.exe
PID 1132 wrote to memory of 1404	1132	masu.exe	Dwm.exe
PID 1132 wrote to memory of 1404	1132	masu.exe	Dwm.exe
PID 1132 wrote to memory of 1404	1132	masu.exe	Dwm.exe
PID 1132 wrote to memory of 1404	1132	masu.exe	Dwm.exe
PID 1132 wrote to memory of 1444	1132	masu.exe	Explorer.EXE
PID 1132 wrote to memory of 1444	1132	masu.exe	Explorer.EXE
PID 1132 wrote to memory of 1444	1132	masu.exe	Explorer.EXE
PID 1132 wrote to memory of 1444	1132	masu.exe	Explorer.EXE
PID 1132 wrote to memory of 1444	1132	masu.exe	Explorer.EXE
PID 1132 wrote to memory of 1112	1132	masu.exe	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
PID 1132 wrote to memory of 1112	1132	masu.exe	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
PID 1132 wrote to memory of 1112	1132	masu.exe	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
PID 1132 wrote to memory of 1112	1132	masu.exe	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
PID 1132 wrote to memory of 1112	1132	masu.exe	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
PID 1132 wrote to memory of 1768	1132	masu.exe	WinMail.exe
PID 1132 wrote to memory of 1768	1132	masu.exe	WinMail.exe
PID 1132 wrote to memory of 1768	1132	masu.exe	WinMail.exe
PID 1132 wrote to memory of 1768	1132	masu.exe	WinMail.exe
PID 1132 wrote to memory of 1768	1132	masu.exe	WinMail.exe
PID 1112 wrote to memory of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe
PID 1112 wrote to memory of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe
PID 1112 wrote to memory of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe
PID 1112 wrote to memory of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe
PID 1112 wrote to memory of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe
PID 1112 wrote to memory of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe
PID 1112 wrote to memory of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe
PID 1112 wrote to memory of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe
PID 1112 wrote to memory of 1816	1112	82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe	cmd.exe
PID 1132 wrote to memory of 544	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 544	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 544	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 544	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 544	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1432	1132	masu.exe	conhost.exe
PID 1132 wrote to memory of 1432	1132	masu.exe	conhost.exe
PID 1132 wrote to memory of 1432	1132	masu.exe	conhost.exe
PID 1132 wrote to memory of 1432	1132	masu.exe	conhost.exe
PID 1132 wrote to memory of 1432	1132	masu.exe	conhost.exe
PID 1132 wrote to memory of 1652	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1652	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1652	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1652	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1652	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1348	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1348	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1348	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1348	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1348	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 636	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 636	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 636	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 636	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 636	1132	masu.exe	DllHost.exe
PID 1132 wrote to memory of 1636	1132	masu.exe	DllHost.exe

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1300

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe
"C:\Users\Admin\AppData\Local\Temp\82ae76be0256c376f07656f2ba0635abaf1c1b6159480ed8ceca36894f51f0d3.exe"
2⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1112

C:\Users\Admin\AppData\Roaming\Acryb\masu.exe
"C:\Users\Admin\AppData\Roaming\Acryb\masu.exe"
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1132

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp459cb4de.bat"
3⤵
- Deletes itself
- Suspicious use of AdjustPrivilegeToken
PID:1816

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1404

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:544

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "141968072198778339-1236138057-27291922-1158242217-7435428931440222751505185601"
1⤵
PID:1432

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1652

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1348

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:636

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1636

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2044

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp459cb4de.bat
Filesize
307B

MD5
55c61b240e650c917755b542d4f6dee4

SHA1
3b91c74aa7afaab99b2c98e01503eb9398c487be

SHA256
e0077e8b8170415cfd317bdebc230048b7abf3e685f39ff10d2041c1a2847835

SHA512
c8bcdeb96ff765b03144afee0253aca1d9ab7e1f2cd0ce8ece51b9c270f527cb96309f01c8031dccc8065aa68eeaea45a6cd8a5085ca88dddb7dc8a80f44b942

Download Submit
C:\Users\Admin\AppData\Roaming\Acryb\masu.exe
Filesize
172KB

MD5
8ef7a9fd1c748545bdd8fa1f8d7a8ca3

SHA1
171c3075900b3092dbc29ea5273de2481850259c

SHA256
1cee1a014fde8f53c74b5ad8374381294aab86fb78a3884955ddbfc3a22530d7

SHA512
50d6d655dcb638ad0bd258c5261610c28bc7f7a583b71c8765c8d4134473c28d60ff0446dd9db7ac39d9f2553c26a7c5c8bf1fd2c88ba98195c62cb9e4b5b954

Download Submit
C:\Users\Admin\AppData\Roaming\Acryb\masu.exe
Filesize
172KB

MD5
8ef7a9fd1c748545bdd8fa1f8d7a8ca3

SHA1
171c3075900b3092dbc29ea5273de2481850259c

SHA256
1cee1a014fde8f53c74b5ad8374381294aab86fb78a3884955ddbfc3a22530d7

SHA512
50d6d655dcb638ad0bd258c5261610c28bc7f7a583b71c8765c8d4134473c28d60ff0446dd9db7ac39d9f2553c26a7c5c8bf1fd2c88ba98195c62cb9e4b5b954

Download Submit
C:\Users\Admin\AppData\Roaming\Nudua\becux.ahf
Filesize
4KB

MD5
bd26f8310825a53502f18440417c678c

SHA1
4211f1340cea2954ca4fdff73d4219d28ef863bd

SHA256
6343cadfd8d4eda8d110e6c4379063a077d4ffbe76f861418e0c92b2b5dc0072

SHA512
55b498ae0a1e7f9d160623a2832ef39880fc18decfac33ad77aa79446ecdd5c9ac20ed7a7ed2caa8fb807244bb6fc48bc74626af4330a23a5fea40e1120819a8

Download Submit
\Users\Admin\AppData\Roaming\Acryb\masu.exe
Filesize
172KB

MD5
8ef7a9fd1c748545bdd8fa1f8d7a8ca3

SHA1
171c3075900b3092dbc29ea5273de2481850259c

SHA256
1cee1a014fde8f53c74b5ad8374381294aab86fb78a3884955ddbfc3a22530d7

SHA512
50d6d655dcb638ad0bd258c5261610c28bc7f7a583b71c8765c8d4134473c28d60ff0446dd9db7ac39d9f2553c26a7c5c8bf1fd2c88ba98195c62cb9e4b5b954

Download Submit
\Users\Admin\AppData\Roaming\Acryb\masu.exe
Filesize
172KB

MD5
8ef7a9fd1c748545bdd8fa1f8d7a8ca3

SHA1
171c3075900b3092dbc29ea5273de2481850259c

SHA256
1cee1a014fde8f53c74b5ad8374381294aab86fb78a3884955ddbfc3a22530d7

SHA512
50d6d655dcb638ad0bd258c5261610c28bc7f7a583b71c8765c8d4134473c28d60ff0446dd9db7ac39d9f2553c26a7c5c8bf1fd2c88ba98195c62cb9e4b5b954

Download Submit
memory/1112-119-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-90-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-103-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-105-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-107-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-57-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1112-109-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-127-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-54-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1112-123-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-125-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-55-0x0000000000270000-0x00000000002CB000-memory.dmp

Filesize
364KB

Download
memory/1112-121-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-115-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-99-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-88-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-87-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-374-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-373-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1112-101-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-56-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download
memory/1112-216-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-89-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-91-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-97-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-95-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-93-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-218-0x0000000000270000-0x00000000002CB000-memory.dmp

Filesize
364KB

Download
memory/1112-217-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1112-111-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-113-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1112-117-0x0000000000330000-0x0000000000366000-memory.dmp

Filesize
216KB

Download
memory/1132-60-0x0000000000000000-mapping.dmp

Download
memory/1132-376-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1132-65-0x0000000000460000-0x00000000004BB000-memory.dmp

Filesize
364KB

Download
memory/1132-64-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1132-63-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1132-215-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1300-72-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/1300-71-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/1300-70-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/1300-69-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/1300-67-0x0000000000190000-0x00000000001C6000-memory.dmp

Filesize
216KB

Download
memory/1404-76-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/1404-75-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/1404-77-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/1404-78-0x0000000000120000-0x0000000000156000-memory.dmp

Filesize
216KB

Download
memory/1444-81-0x0000000002530000-0x0000000002566000-memory.dmp

Filesize
216KB

Download
memory/1444-82-0x0000000002530000-0x0000000002566000-memory.dmp

Filesize
216KB

Download
memory/1444-83-0x0000000002530000-0x0000000002566000-memory.dmp

Filesize
216KB

Download
memory/1444-84-0x0000000002530000-0x0000000002566000-memory.dmp

Filesize
216KB

Download
memory/1816-247-0x000000000005AD6D-mapping.dmp

Download
memory/1816-375-0x0000000000050000-0x0000000000086000-memory.dmp

Filesize
216KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads