darkcomet | 691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52

General

Target

691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
Size

841KB
MD5

e6d83128c82968d936bf489a3a9ff015
SHA1

107d4055d83a6d4615117d1f5016d760e2f1c715
SHA256

691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52
SHA512

1aca1faca7bc226712f6dffd3e936600ab916c85caf8bca231e2872f259df4519ed8e43daf317b1ef286b644bcd83fbb74fe5136da5f4430d5f042e269e65e76
SSDEEP

24576:Bz6ctR5gNykgh/rmjMrfNYx5M8KCu+y5H8J0ffFjg:p7D2qu2VYfNwqsFjg

Score

10^/10

darkcomet members persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Members

C2

emkadns.uni.me:2121

Mutex

DCMIN_MUTEX-LBZLRNM

Attributes

gencode
mCrAswFlmnAx
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Executes dropped EXE 2 IoCs

Processes:

WUDHost.exeAcctres.exe

pid process

336 WUDHost.exe
828 Acctres.exe
Loads dropped DLL 2 IoCs

Processes:

691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exeWUDHost.exe

pid process

1176 691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
336 WUDHost.exe
Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

pid	process
336	WUDHost.exe
828	Acctres.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

WUDHost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3406023954-474543476-3319432036-1000\Software\Microsoft\Windows\CurrentVersion\Run\Boot File Servicing Utility = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\WUDHost.exe"	WUDHost.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exeAcctres.exe

description	pid	process	target process
PID 1176 set thread context of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 828 set thread context of 928	828	Acctres.exe	vbc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exeWUDHost.exe

pid	process
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
336	WUDHost.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
336	WUDHost.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
336	WUDHost.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
336	WUDHost.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
336	WUDHost.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
336	WUDHost.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe

Suspicious use of AdjustPrivilegeToken 53 IoCs

Processes:

691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exevbc.exeWUDHost.exeAcctres.exevbc.exe

description	pid	process
Token: SeDebugPrivilege	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
Token: 33	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
Token: SeIncBasePriorityPrivilege	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
Token: SeIncreaseQuotaPrivilege	992	vbc.exe
Token: SeSecurityPrivilege	992	vbc.exe
Token: SeTakeOwnershipPrivilege	992	vbc.exe
Token: SeLoadDriverPrivilege	992	vbc.exe
Token: SeSystemProfilePrivilege	992	vbc.exe
Token: SeSystemtimePrivilege	992	vbc.exe
Token: SeProfSingleProcessPrivilege	992	vbc.exe
Token: SeIncBasePriorityPrivilege	992	vbc.exe
Token: SeCreatePagefilePrivilege	992	vbc.exe
Token: SeBackupPrivilege	992	vbc.exe
Token: SeRestorePrivilege	992	vbc.exe
Token: SeShutdownPrivilege	992	vbc.exe
Token: SeDebugPrivilege	992	vbc.exe
Token: SeSystemEnvironmentPrivilege	992	vbc.exe
Token: SeChangeNotifyPrivilege	992	vbc.exe
Token: SeRemoteShutdownPrivilege	992	vbc.exe
Token: SeUndockPrivilege	992	vbc.exe
Token: SeManageVolumePrivilege	992	vbc.exe
Token: SeImpersonatePrivilege	992	vbc.exe
Token: SeCreateGlobalPrivilege	992	vbc.exe
Token: 33	992	vbc.exe
Token: 34	992	vbc.exe
Token: 35	992	vbc.exe
Token: SeDebugPrivilege	336	WUDHost.exe
Token: SeDebugPrivilege	828	Acctres.exe
Token: 33	828	Acctres.exe
Token: SeIncBasePriorityPrivilege	828	Acctres.exe
Token: SeIncreaseQuotaPrivilege	928	vbc.exe
Token: SeSecurityPrivilege	928	vbc.exe
Token: SeTakeOwnershipPrivilege	928	vbc.exe
Token: SeLoadDriverPrivilege	928	vbc.exe
Token: SeSystemProfilePrivilege	928	vbc.exe
Token: SeSystemtimePrivilege	928	vbc.exe
Token: SeProfSingleProcessPrivilege	928	vbc.exe
Token: SeIncBasePriorityPrivilege	928	vbc.exe
Token: SeCreatePagefilePrivilege	928	vbc.exe
Token: SeBackupPrivilege	928	vbc.exe
Token: SeRestorePrivilege	928	vbc.exe
Token: SeShutdownPrivilege	928	vbc.exe
Token: SeDebugPrivilege	928	vbc.exe
Token: SeSystemEnvironmentPrivilege	928	vbc.exe
Token: SeChangeNotifyPrivilege	928	vbc.exe
Token: SeRemoteShutdownPrivilege	928	vbc.exe
Token: SeUndockPrivilege	928	vbc.exe
Token: SeManageVolumePrivilege	928	vbc.exe
Token: SeImpersonatePrivilege	928	vbc.exe
Token: SeCreateGlobalPrivilege	928	vbc.exe
Token: 33	928	vbc.exe
Token: 34	928	vbc.exe
Token: 35	928	vbc.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

vbc.exe

pid process

992 vbc.exe

pid	process
992	vbc.exe

Suspicious use of WriteProcessMemory 34 IoCs

Processes:

691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exeWUDHost.exeAcctres.exe

description	pid	process	target process
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 992	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	vbc.exe
PID 1176 wrote to memory of 336	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	WUDHost.exe
PID 1176 wrote to memory of 336	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	WUDHost.exe
PID 1176 wrote to memory of 336	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	WUDHost.exe
PID 1176 wrote to memory of 336	1176	691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe	WUDHost.exe
PID 336 wrote to memory of 828	336	WUDHost.exe	Acctres.exe
PID 336 wrote to memory of 828	336	WUDHost.exe	Acctres.exe
PID 336 wrote to memory of 828	336	WUDHost.exe	Acctres.exe
PID 336 wrote to memory of 828	336	WUDHost.exe	Acctres.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe
PID 828 wrote to memory of 928	828	Acctres.exe	vbc.exe

C:\Users\Admin\AppData\Local\Temp\691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe
"C:\Users\Admin\AppData\Local\Temp\691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:992
- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\WUDHost.exe
  "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\WUDHost.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:336
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe
    C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:828
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:928

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe

Filesize
841KB

MD5
e6d83128c82968d936bf489a3a9ff015

SHA1
107d4055d83a6d4615117d1f5016d760e2f1c715

SHA256
691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52

SHA512
1aca1faca7bc226712f6dffd3e936600ab916c85caf8bca231e2872f259df4519ed8e43daf317b1ef286b644bcd83fbb74fe5136da5f4430d5f042e269e65e76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe

Filesize
841KB

MD5
e6d83128c82968d936bf489a3a9ff015

SHA1
107d4055d83a6d4615117d1f5016d760e2f1c715

SHA256
691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52

SHA512
1aca1faca7bc226712f6dffd3e936600ab916c85caf8bca231e2872f259df4519ed8e43daf317b1ef286b644bcd83fbb74fe5136da5f4430d5f042e269e65e76

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\WUDHost.exe

Filesize
8KB

MD5
203abaf3a0b4387f8c83b8df44b52be4

SHA1
f298f77bf98b2941d4c7473c8fe0e8feedaaca6f

SHA256
4b5118a6792cf0fec015c0db676d42049333f725f9d10f4d36df95a41003ae38

SHA512
475e350bca4c5273779fe58e17bfe18a713572e17e417f700aa6418196c2830ae003f7fa9f8eb956ebea06e32fe35b47e967d5f1bff9b3a920585562360b0b50

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\WUDHost.exe

Filesize
8KB

MD5
203abaf3a0b4387f8c83b8df44b52be4

SHA1
f298f77bf98b2941d4c7473c8fe0e8feedaaca6f

SHA256
4b5118a6792cf0fec015c0db676d42049333f725f9d10f4d36df95a41003ae38

SHA512
475e350bca4c5273779fe58e17bfe18a713572e17e417f700aa6418196c2830ae003f7fa9f8eb956ebea06e32fe35b47e967d5f1bff9b3a920585562360b0b50

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\Acctres.exe

Filesize
841KB

MD5
e6d83128c82968d936bf489a3a9ff015

SHA1
107d4055d83a6d4615117d1f5016d760e2f1c715

SHA256
691288b116752d6a5ee205c9f79109fd15f1100c385bb18e0566c9482b6fbd52

SHA512
1aca1faca7bc226712f6dffd3e936600ab916c85caf8bca231e2872f259df4519ed8e43daf317b1ef286b644bcd83fbb74fe5136da5f4430d5f042e269e65e76

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\WUDHost.exe

Filesize
8KB

MD5
203abaf3a0b4387f8c83b8df44b52be4

SHA1
f298f77bf98b2941d4c7473c8fe0e8feedaaca6f

SHA256
4b5118a6792cf0fec015c0db676d42049333f725f9d10f4d36df95a41003ae38

SHA512
475e350bca4c5273779fe58e17bfe18a713572e17e417f700aa6418196c2830ae003f7fa9f8eb956ebea06e32fe35b47e967d5f1bff9b3a920585562360b0b50

Download Submit
memory/336-84-0x0000000074220000-0x00000000747CB000-memory.dmp

Filesize
5.7MB

Download
memory/336-77-0x0000000000000000-mapping.dmp

Download
memory/336-82-0x0000000074220000-0x00000000747CB000-memory.dmp

Filesize
5.7MB

Download
memory/828-87-0x0000000000000000-mapping.dmp

Download
memory/828-90-0x0000000074220000-0x00000000747CB000-memory.dmp

Filesize
5.7MB

Download
memory/828-91-0x0000000074220000-0x00000000747CB000-memory.dmp

Filesize
5.7MB

Download
memory/928-107-0x000000000048F888-mapping.dmp

Download
memory/928-111-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-75-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-66-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-73-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-72-0x000000000048F888-mapping.dmp

Download
memory/992-71-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-81-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-69-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-83-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-67-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-57-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-64-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-62-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-60-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/992-58-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1176-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1176-56-0x0000000074220000-0x00000000747CB000-memory.dmp

Filesize
5.7MB

Download
memory/1176-55-0x0000000074220000-0x00000000747CB000-memory.dmp

Filesize
5.7MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads