d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0

General

Target

d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
Size

152KB
MD5

42d3f8095ee81957884ace52a36da770
SHA1

576d8e441be5159240c8a42568518f09a8f7963c
SHA256

d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0
SHA512

be33e69fecdc4607b9adf8f4bb733b099cbd806bb5a91835b00fd94e765c225a58c63f25b1b5132354bcd88f69568793bd3d77c360772c566af4a6b50d860a6d
SSDEEP

1536:ryUhRUuyTgLMk2DaTvLvpH+hhTQ2+7Sn7qdZ9h4MVSDoL:rBsh0gJavYv+7oqdZ3HVS

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Zyxixh.exeZyxixh.exe

pid process

1648 Zyxixh.exe
580 Zyxixh.exe

pid	process
1648	Zyxixh.exe
580	Zyxixh.exe

Loads dropped DLL 2 IoCs

Processes:

d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe

pid	process
872	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
872	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Windows\CurrentVersion\Run	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Windows\CurrentVersion\Run\Zyxixh = "C:\\Users\\Admin\\AppData\\Roaming\\Zyxixh.exe"	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exeZyxixh.exe

description	pid	process	target process
PID 1748 set thread context of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1648 set thread context of 580	1648	Zyxixh.exe	Zyxixh.exe

Modifies Internet Explorer settings 1 TTPs 30 IoCs

adware spyware

Modify Registry

T1112

Processes:

IEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{B9E813A1-6B77-11ED-B875-663367632C22} = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376004743"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-575491160-2295418218-1540667289-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe

pid process

872 d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

Zyxixh.exeIEXPLORE.EXE

description pid process

Token: SeDebugPrivilege 580 Zyxixh.exe
Token: SeDebugPrivilege 940 IEXPLORE.EXE
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

IEXPLORE.EXE

pid process

1776 IEXPLORE.EXE
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

IEXPLORE.EXEIEXPLORE.EXE

pid process

1776 IEXPLORE.EXE
1776 IEXPLORE.EXE
940 IEXPLORE.EXE
940 IEXPLORE.EXE
940 IEXPLORE.EXE
940 IEXPLORE.EXE

description	pid	process
Token: SeDebugPrivilege	580	Zyxixh.exe
Token: SeDebugPrivilege	940	IEXPLORE.EXE

pid	process
1776	IEXPLORE.EXE

pid	process
1776	IEXPLORE.EXE
1776	IEXPLORE.EXE
940	IEXPLORE.EXE
940	IEXPLORE.EXE
940	IEXPLORE.EXE
940	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 38 IoCs

Processes:

d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exed8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exeZyxixh.exeZyxixh.exeiexplore.exeIEXPLORE.EXE

description	pid	process	target process
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 1748 wrote to memory of 872	1748	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
PID 872 wrote to memory of 1648	872	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	Zyxixh.exe
PID 872 wrote to memory of 1648	872	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	Zyxixh.exe
PID 872 wrote to memory of 1648	872	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	Zyxixh.exe
PID 872 wrote to memory of 1648	872	d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 1648 wrote to memory of 580	1648	Zyxixh.exe	Zyxixh.exe
PID 580 wrote to memory of 1108	580	Zyxixh.exe	iexplore.exe
PID 580 wrote to memory of 1108	580	Zyxixh.exe	iexplore.exe
PID 580 wrote to memory of 1108	580	Zyxixh.exe	iexplore.exe
PID 580 wrote to memory of 1108	580	Zyxixh.exe	iexplore.exe
PID 1108 wrote to memory of 1776	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 1776	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 1776	1108	iexplore.exe	IEXPLORE.EXE
PID 1108 wrote to memory of 1776	1108	iexplore.exe	IEXPLORE.EXE
PID 1776 wrote to memory of 940	1776	IEXPLORE.EXE	IEXPLORE.EXE
PID 1776 wrote to memory of 940	1776	IEXPLORE.EXE	IEXPLORE.EXE
PID 1776 wrote to memory of 940	1776	IEXPLORE.EXE	IEXPLORE.EXE
PID 1776 wrote to memory of 940	1776	IEXPLORE.EXE	IEXPLORE.EXE
PID 580 wrote to memory of 940	580	Zyxixh.exe	IEXPLORE.EXE
PID 580 wrote to memory of 940	580	Zyxixh.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
"C:\Users\Admin\AppData\Local\Temp\d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1748

C:\Users\Admin\AppData\Local\Temp\d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe
"C:\Users\Admin\AppData\Local\Temp\d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0.exe"
2⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:872

C:\Users\Admin\AppData\Roaming\Zyxixh.exe
"C:\Users\Admin\AppData\Roaming\Zyxixh.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1648

C:\Users\Admin\AppData\Roaming\Zyxixh.exe
"C:\Users\Admin\AppData\Roaming\Zyxixh.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:580

C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
5⤵
- Suspicious use of WriteProcessMemory
PID:1108

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"
6⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1776

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:275457 /prefetch:2
7⤵
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:940

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\X61QLO2V.txt

Filesize
608B

MD5
7315b79b19811d018793155f0c4be36e

SHA1
8ae4959a6a7650b77cd13c71793e252d00eb2235

SHA256
acfd0bff5b629bb533258a64a8010d6ccb5640977d1546be8bbdac6073982974

SHA512
f88952099d8d09c2399e92adde59ff01cbd092c533d520436096c3c12aa92e3df3d741098fb76f6f4ec669f2fa9e54769b11c3117bded4a63ffee0339f879b3b

Download Submit
C:\Users\Admin\AppData\Roaming\Zyxixh.exe

Filesize
152KB

MD5
42d3f8095ee81957884ace52a36da770

SHA1
576d8e441be5159240c8a42568518f09a8f7963c

SHA256
d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0

SHA512
be33e69fecdc4607b9adf8f4bb733b099cbd806bb5a91835b00fd94e765c225a58c63f25b1b5132354bcd88f69568793bd3d77c360772c566af4a6b50d860a6d

Download Submit
C:\Users\Admin\AppData\Roaming\Zyxixh.exe

Filesize
152KB

MD5
42d3f8095ee81957884ace52a36da770

SHA1
576d8e441be5159240c8a42568518f09a8f7963c

SHA256
d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0

SHA512
be33e69fecdc4607b9adf8f4bb733b099cbd806bb5a91835b00fd94e765c225a58c63f25b1b5132354bcd88f69568793bd3d77c360772c566af4a6b50d860a6d

Download Submit
C:\Users\Admin\AppData\Roaming\Zyxixh.exe

Filesize
152KB

MD5
42d3f8095ee81957884ace52a36da770

SHA1
576d8e441be5159240c8a42568518f09a8f7963c

SHA256
d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0

SHA512
be33e69fecdc4607b9adf8f4bb733b099cbd806bb5a91835b00fd94e765c225a58c63f25b1b5132354bcd88f69568793bd3d77c360772c566af4a6b50d860a6d

Download Submit
\Users\Admin\AppData\Roaming\Zyxixh.exe

Filesize
152KB

MD5
42d3f8095ee81957884ace52a36da770

SHA1
576d8e441be5159240c8a42568518f09a8f7963c

SHA256
d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0

SHA512
be33e69fecdc4607b9adf8f4bb733b099cbd806bb5a91835b00fd94e765c225a58c63f25b1b5132354bcd88f69568793bd3d77c360772c566af4a6b50d860a6d

Download Submit
\Users\Admin\AppData\Roaming\Zyxixh.exe

Filesize
152KB

MD5
42d3f8095ee81957884ace52a36da770

SHA1
576d8e441be5159240c8a42568518f09a8f7963c

SHA256
d8fdba6e9834965a9e0a63a471bcb6f63449fbe5fe049fd9d3ac99d06b011fa0

SHA512
be33e69fecdc4607b9adf8f4bb733b099cbd806bb5a91835b00fd94e765c225a58c63f25b1b5132354bcd88f69568793bd3d77c360772c566af4a6b50d860a6d

Download Submit
memory/580-93-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/580-92-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/580-86-0x000000000040B200-mapping.dmp

Download
memory/872-69-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/872-64-0x000000000040B200-mapping.dmp

Download
memory/872-68-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/872-55-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/872-67-0x0000000076191000-0x0000000076193000-memory.dmp

Filesize
8KB

Download
memory/872-57-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/872-74-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/872-54-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/872-63-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/872-59-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/872-61-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1648-88-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/1648-72-0x0000000000000000-mapping.dmp

Download
memory/1748-65-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads