ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f

General

Target

ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
Size

268KB
MD5

81ee65b94a361f37c560b8c1a57f502b
SHA1

27ad2f307bc46c4c210bc1f9218cd2625c3bb1be
SHA256

ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f
SHA512

84b6f4cc675e2eabcfcf36d1b0be0e25ccb14c579d2ea27d9427dd755e5f19508e1962dddade62c66ca3016270b2e2ce4de4a45fc783e30ad7babe7efd0c562a
SSDEEP

6144:2Ph8UWCp6ygCsTHzrrp3zMvEuFsSgnJE90/dtRl8Fl:2PVgC6lDMEuF3OEC/dtRlCl

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 6 IoCs

Processes:

koaggu.exekoaggu.exekoaggu.exekoaggu.exekoaggu.exekoaggu.exe

pid process

2868 koaggu.exe
2512 koaggu.exe
64 koaggu.exe
4848 koaggu.exe
2196 koaggu.exe
4832 koaggu.exe

pid	process
2868	koaggu.exe
2512	koaggu.exe
64	koaggu.exe
4848	koaggu.exe
2196	koaggu.exe
4832	koaggu.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

koaggu.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	koaggu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Koaggu = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Cisee\\koaggu.exe"	koaggu.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exekoaggu.exe

description	pid	process	target process
PID 4808 set thread context of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 2868 set thread context of 4832	2868	koaggu.exe	koaggu.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exekoaggu.exe

pid	process
4500	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
4500	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe
4832	koaggu.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.execcba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exekoaggu.exekoaggu.exe

description	pid	process	target process
PID 4808 wrote to memory of 1500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 1500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 1500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4808 wrote to memory of 4500	4808	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
PID 4500 wrote to memory of 2868	4500	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	koaggu.exe
PID 4500 wrote to memory of 2868	4500	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	koaggu.exe
PID 4500 wrote to memory of 2868	4500	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	koaggu.exe
PID 2868 wrote to memory of 2512	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 2512	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 2512	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 64	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 64	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 64	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4848	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4848	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4848	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 2196	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 2196	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 2196	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4832	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4832	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4832	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4832	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4832	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4832	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4832	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4832	2868	koaggu.exe	koaggu.exe
PID 2868 wrote to memory of 4832	2868	koaggu.exe	koaggu.exe
PID 4500 wrote to memory of 4312	4500	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	cmd.exe
PID 4500 wrote to memory of 4312	4500	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	cmd.exe
PID 4500 wrote to memory of 4312	4500	ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe	cmd.exe
PID 4832 wrote to memory of 2852	4832	koaggu.exe	sihost.exe
PID 4832 wrote to memory of 2852	4832	koaggu.exe	sihost.exe
PID 4832 wrote to memory of 2852	4832	koaggu.exe	sihost.exe
PID 4832 wrote to memory of 2852	4832	koaggu.exe	sihost.exe
PID 4832 wrote to memory of 2852	4832	koaggu.exe	sihost.exe
PID 4832 wrote to memory of 2876	4832	koaggu.exe	svchost.exe
PID 4832 wrote to memory of 2876	4832	koaggu.exe	svchost.exe
PID 4832 wrote to memory of 2876	4832	koaggu.exe	svchost.exe
PID 4832 wrote to memory of 2876	4832	koaggu.exe	svchost.exe
PID 4832 wrote to memory of 2876	4832	koaggu.exe	svchost.exe
PID 4832 wrote to memory of 2952	4832	koaggu.exe	taskhostw.exe
PID 4832 wrote to memory of 2952	4832	koaggu.exe	taskhostw.exe
PID 4832 wrote to memory of 2952	4832	koaggu.exe	taskhostw.exe
PID 4832 wrote to memory of 2952	4832	koaggu.exe	taskhostw.exe
PID 4832 wrote to memory of 2952	4832	koaggu.exe	taskhostw.exe
PID 4832 wrote to memory of 1272	4832	koaggu.exe	Explorer.EXE
PID 4832 wrote to memory of 1272	4832	koaggu.exe	Explorer.EXE
PID 4832 wrote to memory of 1272	4832	koaggu.exe	Explorer.EXE
PID 4832 wrote to memory of 1272	4832	koaggu.exe	Explorer.EXE
PID 4832 wrote to memory of 1272	4832	koaggu.exe	Explorer.EXE
PID 4832 wrote to memory of 3120	4832	koaggu.exe	svchost.exe
PID 4832 wrote to memory of 3120	4832	koaggu.exe	svchost.exe
PID 4832 wrote to memory of 3120	4832	koaggu.exe	svchost.exe
PID 4832 wrote to memory of 3120	4832	koaggu.exe	svchost.exe
PID 4832 wrote to memory of 3120	4832	koaggu.exe	svchost.exe

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3780

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3588

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:3412

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3120

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
"C:\Users\Admin\AppData\Local\Temp\ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:4808

C:\Users\Admin\AppData\Local\Temp\ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
"C:\Users\Admin\AppData\Local\Temp\ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe"
3⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe
"C:\Users\Admin\AppData\Local\Temp\ccba12127834c43a3a78f4c1c22a3a5233dda08631dde762bf0ab3451eb4699f.exe"
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4500

C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe
"C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2868

C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe
"C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe"
5⤵
- Executes dropped EXE
PID:2512

C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe
"C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe"
5⤵
- Executes dropped EXE
PID:64

C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe
"C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe"
5⤵
- Executes dropped EXE
PID:4848

C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe
"C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe"
5⤵
- Executes dropped EXE
PID:2196

C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe
"C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe"
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4832

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\JNG245E.bat"
4⤵
PID:4312

C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
5⤵
PID:4132

C:\Windows\system32\taskhostw.exe
taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
1⤵
PID:2952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2876

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe

Filesize
268KB

MD5
6c6d6d2d36e8feeb2ff4dcccf1db8cfe

SHA1
7597c4df9e4ef4bb2f9ed39534aa720874cbbd0d

SHA256
b479f8cc2b0469a262ca2d53208aa7313e91120804a8244f3eb7cd0ec5fda4f2

SHA512
a7657537cd78c9b5167d8ff293fb002170b1b7c524ddcdcc6bbbc2848683883742c17b088211d84b1972b1c68710ccdf7d917ba5c5d07778c17b5560f902f5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe

Filesize
268KB

MD5
6c6d6d2d36e8feeb2ff4dcccf1db8cfe

SHA1
7597c4df9e4ef4bb2f9ed39534aa720874cbbd0d

SHA256
b479f8cc2b0469a262ca2d53208aa7313e91120804a8244f3eb7cd0ec5fda4f2

SHA512
a7657537cd78c9b5167d8ff293fb002170b1b7c524ddcdcc6bbbc2848683883742c17b088211d84b1972b1c68710ccdf7d917ba5c5d07778c17b5560f902f5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe

Filesize
268KB

MD5
6c6d6d2d36e8feeb2ff4dcccf1db8cfe

SHA1
7597c4df9e4ef4bb2f9ed39534aa720874cbbd0d

SHA256
b479f8cc2b0469a262ca2d53208aa7313e91120804a8244f3eb7cd0ec5fda4f2

SHA512
a7657537cd78c9b5167d8ff293fb002170b1b7c524ddcdcc6bbbc2848683883742c17b088211d84b1972b1c68710ccdf7d917ba5c5d07778c17b5560f902f5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe

Filesize
268KB

MD5
6c6d6d2d36e8feeb2ff4dcccf1db8cfe

SHA1
7597c4df9e4ef4bb2f9ed39534aa720874cbbd0d

SHA256
b479f8cc2b0469a262ca2d53208aa7313e91120804a8244f3eb7cd0ec5fda4f2

SHA512
a7657537cd78c9b5167d8ff293fb002170b1b7c524ddcdcc6bbbc2848683883742c17b088211d84b1972b1c68710ccdf7d917ba5c5d07778c17b5560f902f5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe

Filesize
268KB

MD5
6c6d6d2d36e8feeb2ff4dcccf1db8cfe

SHA1
7597c4df9e4ef4bb2f9ed39534aa720874cbbd0d

SHA256
b479f8cc2b0469a262ca2d53208aa7313e91120804a8244f3eb7cd0ec5fda4f2

SHA512
a7657537cd78c9b5167d8ff293fb002170b1b7c524ddcdcc6bbbc2848683883742c17b088211d84b1972b1c68710ccdf7d917ba5c5d07778c17b5560f902f5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe

Filesize
268KB

MD5
6c6d6d2d36e8feeb2ff4dcccf1db8cfe

SHA1
7597c4df9e4ef4bb2f9ed39534aa720874cbbd0d

SHA256
b479f8cc2b0469a262ca2d53208aa7313e91120804a8244f3eb7cd0ec5fda4f2

SHA512
a7657537cd78c9b5167d8ff293fb002170b1b7c524ddcdcc6bbbc2848683883742c17b088211d84b1972b1c68710ccdf7d917ba5c5d07778c17b5560f902f5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cisee\koaggu.exe

Filesize
268KB

MD5
6c6d6d2d36e8feeb2ff4dcccf1db8cfe

SHA1
7597c4df9e4ef4bb2f9ed39534aa720874cbbd0d

SHA256
b479f8cc2b0469a262ca2d53208aa7313e91120804a8244f3eb7cd0ec5fda4f2

SHA512
a7657537cd78c9b5167d8ff293fb002170b1b7c524ddcdcc6bbbc2848683883742c17b088211d84b1972b1c68710ccdf7d917ba5c5d07778c17b5560f902f5c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\JNG245E.bat

Filesize
278B

MD5
e0fb4f14c4d1dec253f33a5a98a7dfc1

SHA1
1835892dbdf74cda6fa1daf2f2585670ef3148a4

SHA256
07d9582f41134e4d07540065141e749880fc403614c4bdf2474855f54beb52b1

SHA512
d7591fb183c120120d4cbd838f7f528c5478e953087f6a6d1e4571e7cb072abb9ae51e81f037c78b6bd78dadc9dfe72b730b28d77c2a5558f9e7b69242cc5a0d

Download Submit
memory/2868-152-0x0000000074A80000-0x0000000075031000-memory.dmp

Filesize
5.7MB

Download
memory/2868-143-0x00000000011E6000-0x00000000011EB000-memory.dmp

Filesize
20KB

Download
memory/2868-140-0x0000000000000000-mapping.dmp

Download
memory/4312-153-0x0000000000000000-mapping.dmp

Download
memory/4312-157-0x0000000000C00000-0x0000000000C42000-memory.dmp

Filesize
264KB

Download
memory/4500-133-0x0000000000000000-mapping.dmp

Download
memory/4500-138-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4500-154-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4500-139-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4500-135-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4500-134-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4808-132-0x0000000000924000-0x0000000000927000-memory.dmp

Filesize
12KB

Download
memory/4808-136-0x0000000000924000-0x0000000000927000-memory.dmp

Filesize
12KB

Download
memory/4808-137-0x0000000074B10000-0x00000000750C1000-memory.dmp

Filesize
5.7MB

Download
memory/4832-148-0x0000000000000000-mapping.dmp

Download
memory/4832-155-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4832-151-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4832-150-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4832-158-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads