8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790

General

Target

8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
Size

294KB
MD5

ba2d09f4b56c09f68416152ca02a0d95
SHA1

b304a2913d3bdbc119f14b7b9f3bc603d3ab3aa2
SHA256

8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790
SHA512

959dc29480d5fd4d5c89e09d6f8f7f22931a80983cfa2e6345c17b92d8a8f40687430cfdbf3ece46c19c9d8eb069b2013919d4daedfb9097979702e42ba1bb40
SSDEEP

6144:wFBLHT/5oGFJl6FkNzxx97o6TcezG+BwLOULGQe73IV2:w/v/5oGrl6FGpo2huKB73+2

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

xolu.exe

pid process

1956 xolu.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

468 cmd.exe

pid	process
468	cmd.exe

Loads dropped DLL 2 IoCs

Processes:

8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe

pid	process
1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

xolu.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\Currentversion\Run	xolu.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Windows\CurrentVersion\Run\{8BF65479-FF1A-441F-0965-13905E0B66D1} = "C:\\Users\\Admin\\AppData\\Roaming\\Hube\\xolu.exe"	xolu.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exexolu.exe

pid process

1584 8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
1956 xolu.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe

description pid process target process

PID 1584 set thread context of 468 1584 8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe cmd.exe

description	pid	process	target process
PID 1584 set thread context of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Privacy	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe

NTFS ADS 1 IoCs

Processes:

WinMail.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\6D9D405F-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

Processes:

xolu.exe

pid	process
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe
1956	xolu.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exeWinMail.execmd.exe

description	pid	process
Token: SeSecurityPrivilege	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
Token: SeSecurityPrivilege	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
Token: SeSecurityPrivilege	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
Token: SeManageVolumePrivilege	520	WinMail.exe
Token: SeSecurityPrivilege	468	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

WinMail.exe

pid process

520 WinMail.exe

pid	process
520	WinMail.exe

Suspicious use of WriteProcessMemory 58 IoCs

Processes:

8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exexolu.exe

description	pid	process	target process
PID 1584 wrote to memory of 1956	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	xolu.exe
PID 1584 wrote to memory of 1956	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	xolu.exe
PID 1584 wrote to memory of 1956	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	xolu.exe
PID 1584 wrote to memory of 1956	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	xolu.exe
PID 1956 wrote to memory of 1256	1956	xolu.exe	taskhost.exe
PID 1956 wrote to memory of 1256	1956	xolu.exe	taskhost.exe
PID 1956 wrote to memory of 1256	1956	xolu.exe	taskhost.exe
PID 1956 wrote to memory of 1256	1956	xolu.exe	taskhost.exe
PID 1956 wrote to memory of 1256	1956	xolu.exe	taskhost.exe
PID 1956 wrote to memory of 1340	1956	xolu.exe	Dwm.exe
PID 1956 wrote to memory of 1340	1956	xolu.exe	Dwm.exe
PID 1956 wrote to memory of 1340	1956	xolu.exe	Dwm.exe
PID 1956 wrote to memory of 1340	1956	xolu.exe	Dwm.exe
PID 1956 wrote to memory of 1340	1956	xolu.exe	Dwm.exe
PID 1956 wrote to memory of 1412	1956	xolu.exe	Explorer.EXE
PID 1956 wrote to memory of 1412	1956	xolu.exe	Explorer.EXE
PID 1956 wrote to memory of 1412	1956	xolu.exe	Explorer.EXE
PID 1956 wrote to memory of 1412	1956	xolu.exe	Explorer.EXE
PID 1956 wrote to memory of 1412	1956	xolu.exe	Explorer.EXE
PID 1956 wrote to memory of 1584	1956	xolu.exe	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
PID 1956 wrote to memory of 1584	1956	xolu.exe	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
PID 1956 wrote to memory of 1584	1956	xolu.exe	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
PID 1956 wrote to memory of 1584	1956	xolu.exe	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
PID 1956 wrote to memory of 1584	1956	xolu.exe	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
PID 1956 wrote to memory of 520	1956	xolu.exe	WinMail.exe
PID 1956 wrote to memory of 520	1956	xolu.exe	WinMail.exe
PID 1956 wrote to memory of 520	1956	xolu.exe	WinMail.exe
PID 1956 wrote to memory of 520	1956	xolu.exe	WinMail.exe
PID 1956 wrote to memory of 520	1956	xolu.exe	WinMail.exe
PID 1584 wrote to memory of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe
PID 1584 wrote to memory of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe
PID 1584 wrote to memory of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe
PID 1584 wrote to memory of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe
PID 1584 wrote to memory of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe
PID 1584 wrote to memory of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe
PID 1584 wrote to memory of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe
PID 1584 wrote to memory of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe
PID 1584 wrote to memory of 468	1584	8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe	cmd.exe
PID 1956 wrote to memory of 1744	1956	xolu.exe	conhost.exe
PID 1956 wrote to memory of 1744	1956	xolu.exe	conhost.exe
PID 1956 wrote to memory of 1744	1956	xolu.exe	conhost.exe
PID 1956 wrote to memory of 1744	1956	xolu.exe	conhost.exe
PID 1956 wrote to memory of 1744	1956	xolu.exe	conhost.exe
PID 1956 wrote to memory of 2008	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 2008	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 2008	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 2008	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 2008	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 676	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 676	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 676	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 676	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 676	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 364	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 364	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 364	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 364	1956	xolu.exe	DllHost.exe
PID 1956 wrote to memory of 364	1956	xolu.exe	DllHost.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1412

C:\Users\Admin\AppData\Local\Temp\8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe
"C:\Users\Admin\AppData\Local\Temp\8bea94c9bd9a93e0edf79f1a7273000ac409f8b60ba4baa69dcc6b18ceb10790.exe"
2⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1584

C:\Users\Admin\AppData\Roaming\Hube\xolu.exe
"C:\Users\Admin\AppData\Roaming\Hube\xolu.exe"
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1956

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpdac86d7e.bat"
3⤵
- Deletes itself
- Suspicious use of AdjustPrivilegeToken
PID:468

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1340

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1256

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:520

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "619069528-912207376-14852440948230153071421395916-420233857-221001281-524171656"
1⤵
PID:1744

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2008

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:676

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:364

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpdac86d7e.bat
Filesize
307B

MD5
98da19e436152d8ab0f7b4c4be874923

SHA1
2cd4100a75b46413b7b52701ed5ba3ea65e77b57

SHA256
c26f9f1dab51892a6bcc948620cdb85cd16b3916adf4517fc9940dfb6e44da03

SHA512
773db3a29feed17a8793c0fc053f2cb74642b9025322ac019b21de9a53a0b7d2de5f12cb00087d894caf125dbe5d18ff8535f65b44e94819589181946b7ab44f

Download Submit
C:\Users\Admin\AppData\Roaming\Hikeub\rivo.ipy
Filesize
398B

MD5
22718e0028ae01f8f60628deccf36ea6

SHA1
5070e6d9f302f8d327be3bb20e696a0eac56048e

SHA256
597b90bec2033434843691295a9bf965de424f9e9af425728f0048f13c094c9b

SHA512
6c0a948e64b423d75a4bf32f058bb34da8af2094772b6adfc1fe868333b961709ca71bd7d7076ecbbbb95e9e27c29e09615e7a8b3a539eb31b3c8840bd4ec78b

Download Submit
C:\Users\Admin\AppData\Roaming\Hube\xolu.exe
Filesize
294KB

MD5
d917da58cdd444ea76f7f10f3035ebd0

SHA1
4db4337416e941c6c2f53d4c3c77defb1b8aba79

SHA256
39a82a4d0e68e2fd1703aadcc2657bc2aa7714195c114ad43b78fec5441217e7

SHA512
36422e9a25fbaa54b56582b370b760eed86244f1f4879fca2823167341c3a72981a67f7e3d2cd990104bf999b68f93126e268a773c247816511a025db43f39be

Download Submit
C:\Users\Admin\AppData\Roaming\Hube\xolu.exe
Filesize
294KB

MD5
d917da58cdd444ea76f7f10f3035ebd0

SHA1
4db4337416e941c6c2f53d4c3c77defb1b8aba79

SHA256
39a82a4d0e68e2fd1703aadcc2657bc2aa7714195c114ad43b78fec5441217e7

SHA512
36422e9a25fbaa54b56582b370b760eed86244f1f4879fca2823167341c3a72981a67f7e3d2cd990104bf999b68f93126e268a773c247816511a025db43f39be

Download Submit
\Users\Admin\AppData\Roaming\Hube\xolu.exe
Filesize
294KB

MD5
d917da58cdd444ea76f7f10f3035ebd0

SHA1
4db4337416e941c6c2f53d4c3c77defb1b8aba79

SHA256
39a82a4d0e68e2fd1703aadcc2657bc2aa7714195c114ad43b78fec5441217e7

SHA512
36422e9a25fbaa54b56582b370b760eed86244f1f4879fca2823167341c3a72981a67f7e3d2cd990104bf999b68f93126e268a773c247816511a025db43f39be

Download Submit
\Users\Admin\AppData\Roaming\Hube\xolu.exe
Filesize
294KB

MD5
d917da58cdd444ea76f7f10f3035ebd0

SHA1
4db4337416e941c6c2f53d4c3c77defb1b8aba79

SHA256
39a82a4d0e68e2fd1703aadcc2657bc2aa7714195c114ad43b78fec5441217e7

SHA512
36422e9a25fbaa54b56582b370b760eed86244f1f4879fca2823167341c3a72981a67f7e3d2cd990104bf999b68f93126e268a773c247816511a025db43f39be

Download Submit
memory/468-117-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/468-122-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/468-118-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/468-120-0x0000000000062CBA-mapping.dmp

Download
memory/468-119-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/468-115-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/520-108-0x0000000003BF0000-0x0000000003C17000-memory.dmp

Filesize
156KB

Download
memory/520-92-0x000007FEFB7D1000-0x000007FEFB7D3000-memory.dmp

Filesize
8KB

Download
memory/520-109-0x0000000003BF0000-0x0000000003C17000-memory.dmp

Filesize
156KB

Download
memory/520-111-0x0000000003BF0000-0x0000000003C17000-memory.dmp

Filesize
156KB

Download
memory/520-110-0x0000000003BF0000-0x0000000003C17000-memory.dmp

Filesize
156KB

Download
memory/520-100-0x0000000002750000-0x0000000002760000-memory.dmp

Filesize
64KB

Download
memory/520-94-0x00000000023B0000-0x00000000023C0000-memory.dmp

Filesize
64KB

Download
memory/520-93-0x000007FEF61F1000-0x000007FEF61F3000-memory.dmp

Filesize
8KB

Download
memory/1256-70-0x0000000001BC0000-0x0000000001BE7000-memory.dmp

Filesize
156KB

Download
memory/1256-64-0x0000000001BC0000-0x0000000001BE7000-memory.dmp

Filesize
156KB

Download
memory/1256-66-0x0000000001BC0000-0x0000000001BE7000-memory.dmp

Filesize
156KB

Download
memory/1256-69-0x0000000001BC0000-0x0000000001BE7000-memory.dmp

Filesize
156KB

Download
memory/1256-67-0x0000000001BC0000-0x0000000001BE7000-memory.dmp

Filesize
156KB

Download
memory/1340-77-0x00000000002A0000-0x00000000002C7000-memory.dmp

Filesize
156KB

Download
memory/1340-74-0x00000000002A0000-0x00000000002C7000-memory.dmp

Filesize
156KB

Download
memory/1340-76-0x00000000002A0000-0x00000000002C7000-memory.dmp

Filesize
156KB

Download
memory/1340-78-0x00000000002A0000-0x00000000002C7000-memory.dmp

Filesize
156KB

Download
memory/1412-82-0x00000000025A0000-0x00000000025C7000-memory.dmp

Filesize
156KB

Download
memory/1412-83-0x00000000025A0000-0x00000000025C7000-memory.dmp

Filesize
156KB

Download
memory/1412-84-0x00000000025A0000-0x00000000025C7000-memory.dmp

Filesize
156KB

Download
memory/1412-81-0x00000000025A0000-0x00000000025C7000-memory.dmp

Filesize
156KB

Download
memory/1584-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/1584-56-0x0000000000400000-0x00000000022C8000-memory.dmp

Filesize
30.8MB

Download
memory/1584-72-0x00000000044F0000-0x00000000063B8000-memory.dmp

Filesize
30.8MB

Download
memory/1584-91-0x0000000003BA0000-0x0000000003BC7000-memory.dmp

Filesize
156KB

Download
memory/1584-90-0x0000000003BA0000-0x0000000003BC7000-memory.dmp

Filesize
156KB

Download
memory/1584-89-0x0000000003BA0000-0x0000000003BC7000-memory.dmp

Filesize
156KB

Download
memory/1584-68-0x00000000044F0000-0x00000000063B8000-memory.dmp

Filesize
30.8MB

Download
memory/1584-88-0x0000000003BA0000-0x0000000003BC7000-memory.dmp

Filesize
156KB

Download
memory/1584-87-0x0000000003BA0000-0x0000000003BC7000-memory.dmp

Filesize
156KB

Download
memory/1584-55-0x0000000000400000-0x00000000022C8000-memory.dmp

Filesize
30.8MB

Download
memory/1584-57-0x0000000000400000-0x00000000022C8000-memory.dmp

Filesize
30.8MB

Download
memory/1584-123-0x0000000000400000-0x00000000022C8000-memory.dmp

Filesize
30.8MB

Download
memory/1744-126-0x0000000001C10000-0x0000000001C37000-memory.dmp

Filesize
156KB

Download
memory/1744-129-0x0000000001C10000-0x0000000001C37000-memory.dmp

Filesize
156KB

Download
memory/1744-128-0x0000000001C10000-0x0000000001C37000-memory.dmp

Filesize
156KB

Download
memory/1744-127-0x0000000001C10000-0x0000000001C37000-memory.dmp

Filesize
156KB

Download
memory/1956-75-0x0000000000400000-0x00000000022C8000-memory.dmp

Filesize
30.8MB

Download
memory/1956-130-0x0000000000400000-0x00000000022C8000-memory.dmp

Filesize
30.8MB

Download
memory/1956-60-0x0000000000000000-mapping.dmp

Download
memory/2008-134-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download
memory/2008-133-0x0000000000310000-0x0000000000337000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads