6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f

General

Target

6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
Size

751KB
MD5

293bfccd25b23eeef29920ef1f6b7276
SHA1

264833a8cf7930c7a4488caa95b16496e79c77f0
SHA256

6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f
SHA512

c8310ca9023b90409843285d1651d6a10acecda57de16f8a95049c6c707449ad1e06c3b60fdc7d446b2e20c2b398e8d0e8516a5fed3578633661ed667e251e77
SSDEEP

12288:iPOmVOkVx4x2aSqcvxoK/VlvUVbrbh1fBuFTrTU4+N+JHpgRUyazgO3/mPFYUkD:iRVx4x2aSqc5EVkTrwAJJ4Uya0TYUkD

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Logo1_.exe6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

pid process

1352 Logo1_.exe
1136 6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1968 cmd.exe
Loads dropped DLL 2 IoCs

Processes:

cmd.exe

pid process

1968 cmd.exe
1968 cmd.exe

pid	process
1968	cmd.exe

pid	process
1968	cmd.exe
1968	cmd.exe

Enumerates connected drives 3 TTPs 22 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Logo1_.exe

description	ioc	process
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\F:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

Processes:

Logo1_.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Photo Viewer\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\bin\tnameserv.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nl\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\brx\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\_desktop.ini	Logo1_.exe
File created	C:\Program Files\MSBuild\Microsoft\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\mux\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\Chess.exe	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\defaults\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

Processes:

Logo1_.exe6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

description	ioc	process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
File created	C:\Windows\Logo1_.exe	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

Logo1_.exe

pid	process
1352	Logo1_.exe
1352	Logo1_.exe
1352	Logo1_.exe
1352	Logo1_.exe
1352	Logo1_.exe
1352	Logo1_.exe
1352	Logo1_.exe
1352	Logo1_.exe
1352	Logo1_.exe
1352	Logo1_.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

pid process

1136 6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

pid process

1136 6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

pid	process
1136	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

pid	process
1136	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.execmd.exeLogo1_.exenet.exe

description	pid	process	target process
PID 1976 wrote to memory of 1968	1976	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe	cmd.exe
PID 1976 wrote to memory of 1968	1976	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe	cmd.exe
PID 1976 wrote to memory of 1968	1976	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe	cmd.exe
PID 1976 wrote to memory of 1968	1976	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe	cmd.exe
PID 1976 wrote to memory of 1352	1976	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe	Logo1_.exe
PID 1976 wrote to memory of 1352	1976	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe	Logo1_.exe
PID 1976 wrote to memory of 1352	1976	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe	Logo1_.exe
PID 1976 wrote to memory of 1352	1976	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe	Logo1_.exe
PID 1968 wrote to memory of 1136	1968	cmd.exe	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
PID 1968 wrote to memory of 1136	1968	cmd.exe	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
PID 1968 wrote to memory of 1136	1968	cmd.exe	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
PID 1968 wrote to memory of 1136	1968	cmd.exe	6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
PID 1352 wrote to memory of 828	1352	Logo1_.exe	net.exe
PID 1352 wrote to memory of 828	1352	Logo1_.exe	net.exe
PID 1352 wrote to memory of 828	1352	Logo1_.exe	net.exe
PID 1352 wrote to memory of 828	1352	Logo1_.exe	net.exe
PID 828 wrote to memory of 932	828	net.exe	net1.exe
PID 828 wrote to memory of 932	828	net.exe	net1.exe
PID 828 wrote to memory of 932	828	net.exe	net1.exe
PID 828 wrote to memory of 932	828	net.exe	net1.exe
PID 1352 wrote to memory of 1232	1352	Logo1_.exe	Explorer.EXE
PID 1352 wrote to memory of 1232	1352	Logo1_.exe	Explorer.EXE

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
"C:\Users\Admin\AppData\Local\Temp\6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe"
2⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1976

C:\Windows\SysWOW64\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\$$a66FE.bat
3⤵
- Deletes itself
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1968

C:\Users\Admin\AppData\Local\Temp\6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe
"C:\Users\Admin\AppData\Local\Temp\6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe"
4⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1136

C:\Windows\Logo1_.exe
C:\Windows\Logo1_.exe
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1352

C:\Windows\SysWOW64\net.exe
net stop "Kingsoft AntiVirus Service"
4⤵
- Suspicious use of WriteProcessMemory
PID:828

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
5⤵
PID:932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$$a66FE.bat

Filesize
722B

MD5
7368dc961955a10cd0fe67afb20665e0

SHA1
e6e39c9606a0d0aeec4b695da8eb9122db3a110a

SHA256
23a8969a895f01df898445148d59824ac2208a6a9a3eff4f48095f0a88c85c7d

SHA512
ef225b2c7cf06b13f944b43f19a479edaa5a24629a1ec3ddedaa0f9cb64e6de95e06afa2d617c39393cc99c3ca9ad548a2ce0a444bcdc6aff85ab8858a78dbbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

Filesize
721KB

MD5
1c1c6abbc3408a373c731ec3f41eae16

SHA1
55eb7aa906668aaac125327a34ee12e51991ce8f

SHA256
bda7a5a5f6eca4c51a8666d7c1f9de9d4590ea38f6fd85baeb251824b9674562

SHA512
f15c4c7ec3f99de0a45655f182d0db162d724537c4d9faac760d6c371a0a06e1476ad9021c981f2511d21952ec33c84b17adcc93956b9e3812df8a3eeab93dbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe.exe

Filesize
721KB

MD5
1c1c6abbc3408a373c731ec3f41eae16

SHA1
55eb7aa906668aaac125327a34ee12e51991ce8f

SHA256
bda7a5a5f6eca4c51a8666d7c1f9de9d4590ea38f6fd85baeb251824b9674562

SHA512
f15c4c7ec3f99de0a45655f182d0db162d724537c4d9faac760d6c371a0a06e1476ad9021c981f2511d21952ec33c84b17adcc93956b9e3812df8a3eeab93dbd

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
df3057b4c462bfec37b55490816a017f

SHA1
4a6c3b5417790f8461b6f570d5ba2acff85a99d9

SHA256
88dd8dc62fb4a16383e6c2bcafa63b7581d5725bc8ef56adc4809364534856e9

SHA512
0bc927ee3b61b90c659a51f7ad5481c6b2d4f432ab76c648e394015f27a529d119b8ebc66667d31103d36653440cdb7d7da7541e65f7eca1fea3f90377c08ed0

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
df3057b4c462bfec37b55490816a017f

SHA1
4a6c3b5417790f8461b6f570d5ba2acff85a99d9

SHA256
88dd8dc62fb4a16383e6c2bcafa63b7581d5725bc8ef56adc4809364534856e9

SHA512
0bc927ee3b61b90c659a51f7ad5481c6b2d4f432ab76c648e394015f27a529d119b8ebc66667d31103d36653440cdb7d7da7541e65f7eca1fea3f90377c08ed0

Download Submit
C:\Windows\rundl132.exe

Filesize
29KB

MD5
df3057b4c462bfec37b55490816a017f

SHA1
4a6c3b5417790f8461b6f570d5ba2acff85a99d9

SHA256
88dd8dc62fb4a16383e6c2bcafa63b7581d5725bc8ef56adc4809364534856e9

SHA512
0bc927ee3b61b90c659a51f7ad5481c6b2d4f432ab76c648e394015f27a529d119b8ebc66667d31103d36653440cdb7d7da7541e65f7eca1fea3f90377c08ed0

Download Submit
\Users\Admin\AppData\Local\Temp\6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

Filesize
721KB

MD5
1c1c6abbc3408a373c731ec3f41eae16

SHA1
55eb7aa906668aaac125327a34ee12e51991ce8f

SHA256
bda7a5a5f6eca4c51a8666d7c1f9de9d4590ea38f6fd85baeb251824b9674562

SHA512
f15c4c7ec3f99de0a45655f182d0db162d724537c4d9faac760d6c371a0a06e1476ad9021c981f2511d21952ec33c84b17adcc93956b9e3812df8a3eeab93dbd

Download Submit
\Users\Admin\AppData\Local\Temp\6eaeb1b4d55e825c59eb5b21c5e73ce942caf108efea2f1935fd031fc52c566f.exe

Filesize
721KB

MD5
1c1c6abbc3408a373c731ec3f41eae16

SHA1
55eb7aa906668aaac125327a34ee12e51991ce8f

SHA256
bda7a5a5f6eca4c51a8666d7c1f9de9d4590ea38f6fd85baeb251824b9674562

SHA512
f15c4c7ec3f99de0a45655f182d0db162d724537c4d9faac760d6c371a0a06e1476ad9021c981f2511d21952ec33c84b17adcc93956b9e3812df8a3eeab93dbd

Download Submit
memory/828-68-0x0000000000000000-mapping.dmp

Download
memory/932-70-0x0000000000000000-mapping.dmp

Download
memory/1136-66-0x0000000000000000-mapping.dmp

Download
memory/1136-69-0x00000000754E1000-0x00000000754E3000-memory.dmp

Filesize
8KB

Download
memory/1352-56-0x0000000000000000-mapping.dmp

Download
memory/1352-61-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1352-73-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1968-55-0x0000000000000000-mapping.dmp

Download
memory/1976-58-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/1976-54-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads