233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda

General

Target

233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
Size

340KB
MD5

dfe5de583f7ee03a2b61f38ba450105f
SHA1

7851004ed80541ff6aa95ab9cda560e375c5e300
SHA256

233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda
SHA512

1717fa1cbb9d2cced6dfd4dcd91594f30ef4111db979a15f241acd24ac99c07c7811213cbd0eb51f64d45cabd4e82e12139d8995139d45fb47c282487d61ce4c
SSDEEP

6144:5uexRuU/N8/EghMCd7OitRa88X9cQsso:5uev/N8//qCZ/CvXm/

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

sova.exesova.exe

pid process

1360 sova.exe
1348 sova.exe

pid	process
1360	sova.exe
1348	sova.exe

Loads dropped DLL 2 IoCs

Processes:

233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe

pid	process
576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

sova.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Windows\CurrentVersion\Run\{608E8EEB-BB8B-6D58-9E40-AA0B04ACF264} = "C:\\Users\\Admin\\AppData\\Roaming\\Unyztu\\sova.exe"	sova.exe
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Windows\Currentversion\Run	sova.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exesova.exe233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe

description	pid	process	target process
PID 768 set thread context of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 1360 set thread context of 1348	1360	sova.exe	sova.exe
PID 576 set thread context of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Privacy	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

sova.exe

pid	process
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe
1348	sova.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.execmd.exe

description	pid	process
Token: SeSecurityPrivilege	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
Token: SeSecurityPrivilege	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
Token: SeSecurityPrivilege	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
Token: SeSecurityPrivilege	956	cmd.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exesova.exeWinMail.exe

pid process

768 233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
1360 sova.exe
268 WinMail.exe

pid	process
768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
1360	sova.exe
268	WinMail.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exesova.exesova.exe

description	pid	process	target process
PID 768 wrote to memory of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 768 wrote to memory of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 768 wrote to memory of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 768 wrote to memory of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 768 wrote to memory of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 768 wrote to memory of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 768 wrote to memory of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 768 wrote to memory of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 768 wrote to memory of 576	768	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 576 wrote to memory of 1360	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	sova.exe
PID 576 wrote to memory of 1360	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	sova.exe
PID 576 wrote to memory of 1360	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	sova.exe
PID 576 wrote to memory of 1360	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	sova.exe
PID 1360 wrote to memory of 1348	1360	sova.exe	sova.exe
PID 1360 wrote to memory of 1348	1360	sova.exe	sova.exe
PID 1360 wrote to memory of 1348	1360	sova.exe	sova.exe
PID 1360 wrote to memory of 1348	1360	sova.exe	sova.exe
PID 1360 wrote to memory of 1348	1360	sova.exe	sova.exe
PID 1360 wrote to memory of 1348	1360	sova.exe	sova.exe
PID 1360 wrote to memory of 1348	1360	sova.exe	sova.exe
PID 1360 wrote to memory of 1348	1360	sova.exe	sova.exe
PID 1360 wrote to memory of 1348	1360	sova.exe	sova.exe
PID 1348 wrote to memory of 1124	1348	sova.exe	taskhost.exe
PID 1348 wrote to memory of 1124	1348	sova.exe	taskhost.exe
PID 1348 wrote to memory of 1124	1348	sova.exe	taskhost.exe
PID 1348 wrote to memory of 1124	1348	sova.exe	taskhost.exe
PID 1348 wrote to memory of 1124	1348	sova.exe	taskhost.exe
PID 1348 wrote to memory of 1192	1348	sova.exe	Dwm.exe
PID 1348 wrote to memory of 1192	1348	sova.exe	Dwm.exe
PID 1348 wrote to memory of 1192	1348	sova.exe	Dwm.exe
PID 1348 wrote to memory of 1192	1348	sova.exe	Dwm.exe
PID 1348 wrote to memory of 1192	1348	sova.exe	Dwm.exe
PID 1348 wrote to memory of 1228	1348	sova.exe	Explorer.EXE
PID 1348 wrote to memory of 1228	1348	sova.exe	Explorer.EXE
PID 1348 wrote to memory of 1228	1348	sova.exe	Explorer.EXE
PID 1348 wrote to memory of 1228	1348	sova.exe	Explorer.EXE
PID 1348 wrote to memory of 1228	1348	sova.exe	Explorer.EXE
PID 1348 wrote to memory of 576	1348	sova.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 1348 wrote to memory of 576	1348	sova.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 1348 wrote to memory of 576	1348	sova.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 1348 wrote to memory of 576	1348	sova.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 1348 wrote to memory of 576	1348	sova.exe	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
PID 576 wrote to memory of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe
PID 576 wrote to memory of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe
PID 576 wrote to memory of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe
PID 576 wrote to memory of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe
PID 576 wrote to memory of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe
PID 576 wrote to memory of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe
PID 576 wrote to memory of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe
PID 576 wrote to memory of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe
PID 576 wrote to memory of 956	576	233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe	cmd.exe
PID 1348 wrote to memory of 1916	1348	sova.exe	conhost.exe
PID 1348 wrote to memory of 1916	1348	sova.exe	conhost.exe
PID 1348 wrote to memory of 1916	1348	sova.exe	conhost.exe
PID 1348 wrote to memory of 1916	1348	sova.exe	conhost.exe
PID 1348 wrote to memory of 1916	1348	sova.exe	conhost.exe
PID 1348 wrote to memory of 1964	1348	sova.exe	DllHost.exe
PID 1348 wrote to memory of 1964	1348	sova.exe	DllHost.exe
PID 1348 wrote to memory of 1964	1348	sova.exe	DllHost.exe
PID 1348 wrote to memory of 1964	1348	sova.exe	DllHost.exe
PID 1348 wrote to memory of 1964	1348	sova.exe	DllHost.exe
PID 1348 wrote to memory of 832	1348	sova.exe	DllHost.exe
PID 1348 wrote to memory of 832	1348	sova.exe	DllHost.exe
PID 1348 wrote to memory of 832	1348	sova.exe	DllHost.exe

C:\Users\Admin\AppData\Local\Temp\233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
"C:\Users\Admin\AppData\Local\Temp\233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:768

C:\Users\Admin\AppData\Local\Temp\233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe
"C:\Users\Admin\AppData\Local\Temp\233738c5d3bd1a3ce8b1692b6ae580ca9beca6492280f6c50e889cfe15819dda.exe"
2⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:576

C:\Users\Admin\AppData\Roaming\Unyztu\sova.exe
"C:\Users\Admin\AppData\Roaming\Unyztu\sova.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360

C:\Users\Admin\AppData\Roaming\Unyztu\sova.exe
"C:\Users\Admin\AppData\Roaming\Unyztu\sova.exe"
4⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1348

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpde6b0232.bat"
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:956

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1228

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1192

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1124

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "708725119177871769-1147132788-17670117041827569752102856477-186287368861643224"
1⤵
PID:1916

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1964

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:832

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:268

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Unyztu\sova.exe
Filesize
340KB

MD5
29b0eb90ee39385264093cf11e004fa1

SHA1
6d345c51746137dd781c2c7f092db5e8cd78dc05

SHA256
6154811d640e9435eb518b80bd1dda2d60213019126f64bb19a43f7098c0c16f

SHA512
bd7f281d2bba087202f7f77404ee5676915f0131b7880ddcb8208ae05103025e1a87cee299a12c79a8a2c7115700797f6c4e647da5342300f824d2cb08e76569

Download Submit
C:\Users\Admin\AppData\Roaming\Unyztu\sova.exe
Filesize
340KB

MD5
29b0eb90ee39385264093cf11e004fa1

SHA1
6d345c51746137dd781c2c7f092db5e8cd78dc05

SHA256
6154811d640e9435eb518b80bd1dda2d60213019126f64bb19a43f7098c0c16f

SHA512
bd7f281d2bba087202f7f77404ee5676915f0131b7880ddcb8208ae05103025e1a87cee299a12c79a8a2c7115700797f6c4e647da5342300f824d2cb08e76569

Download Submit
C:\Users\Admin\AppData\Roaming\Unyztu\sova.exe
Filesize
340KB

MD5
29b0eb90ee39385264093cf11e004fa1

SHA1
6d345c51746137dd781c2c7f092db5e8cd78dc05

SHA256
6154811d640e9435eb518b80bd1dda2d60213019126f64bb19a43f7098c0c16f

SHA512
bd7f281d2bba087202f7f77404ee5676915f0131b7880ddcb8208ae05103025e1a87cee299a12c79a8a2c7115700797f6c4e647da5342300f824d2cb08e76569

Download Submit
C:\Users\Admin\AppData\Roaming\Yplyez\isuq.dyv
Filesize
398B

MD5
2eb9f9fc9ca0e862500910d51b383756

SHA1
d1acbb2c8021f3ad4c694d2d349237961639332a

SHA256
d06ce8547fb9c3b2dd45b27aac10d15f54b45349404dc6690721dc43360cf38e

SHA512
8e3568ed1cdf4a58b6205e080afccf38f5cf56d1579050941073147e34ff2f7710adc52c693deccd31356ab904b1de7ca9197bd4d741b1000e0ddd42b742d8f2

Download Submit
\Users\Admin\AppData\Roaming\Unyztu\sova.exe
Filesize
340KB

MD5
29b0eb90ee39385264093cf11e004fa1

SHA1
6d345c51746137dd781c2c7f092db5e8cd78dc05

SHA256
6154811d640e9435eb518b80bd1dda2d60213019126f64bb19a43f7098c0c16f

SHA512
bd7f281d2bba087202f7f77404ee5676915f0131b7880ddcb8208ae05103025e1a87cee299a12c79a8a2c7115700797f6c4e647da5342300f824d2cb08e76569

Download Submit
\Users\Admin\AppData\Roaming\Unyztu\sova.exe
Filesize
340KB

MD5
29b0eb90ee39385264093cf11e004fa1

SHA1
6d345c51746137dd781c2c7f092db5e8cd78dc05

SHA256
6154811d640e9435eb518b80bd1dda2d60213019126f64bb19a43f7098c0c16f

SHA512
bd7f281d2bba087202f7f77404ee5676915f0131b7880ddcb8208ae05103025e1a87cee299a12c79a8a2c7115700797f6c4e647da5342300f824d2cb08e76569

Download Submit
memory/268-137-0x0000000000460000-0x0000000000470000-memory.dmp

Filesize
64KB

Download
memory/268-135-0x000007FEFBDF1000-0x000007FEFBDF3000-memory.dmp

Filesize
8KB

Download
memory/268-136-0x000007FEF6811000-0x000007FEF6813000-memory.dmp

Filesize
8KB

Download
memory/268-143-0x0000000002000000-0x0000000002010000-memory.dmp

Filesize
64KB

Download
memory/576-111-0x0000000002500000-0x0000000002555000-memory.dmp

Filesize
340KB

Download
memory/576-101-0x0000000002500000-0x0000000002555000-memory.dmp

Filesize
340KB

Download
memory/576-61-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/576-60-0x0000000075D51000-0x0000000075D53000-memory.dmp

Filesize
8KB

Download
memory/576-58-0x0000000000413048-mapping.dmp

Download
memory/576-96-0x0000000002500000-0x0000000002527000-memory.dmp

Filesize
156KB

Download
memory/576-62-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/576-57-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/576-99-0x0000000002500000-0x0000000002527000-memory.dmp

Filesize
156KB

Download
memory/576-98-0x0000000002500000-0x0000000002527000-memory.dmp

Filesize
156KB

Download
memory/576-97-0x0000000002500000-0x0000000002527000-memory.dmp

Filesize
156KB

Download
memory/576-115-0x0000000002500000-0x0000000002527000-memory.dmp

Filesize
156KB

Download
memory/576-114-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/768-56-0x0000000000277000-0x0000000000279000-memory.dmp

Filesize
8KB

Download
memory/832-134-0x00000000002F0000-0x0000000000317000-memory.dmp

Filesize
156KB

Download
memory/832-131-0x00000000002F0000-0x0000000000317000-memory.dmp

Filesize
156KB

Download
memory/832-132-0x00000000002F0000-0x0000000000317000-memory.dmp

Filesize
156KB

Download
memory/832-133-0x00000000002F0000-0x0000000000317000-memory.dmp

Filesize
156KB

Download
memory/956-104-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/956-108-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/956-112-0x0000000000062CBA-mapping.dmp

Download
memory/956-122-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/956-107-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/956-106-0x0000000000050000-0x0000000000077000-memory.dmp

Filesize
156KB

Download
memory/1124-78-0x0000000001E20000-0x0000000001E47000-memory.dmp

Filesize
156KB

Download
memory/1124-80-0x0000000001E20000-0x0000000001E47000-memory.dmp

Filesize
156KB

Download
memory/1124-76-0x0000000001E20000-0x0000000001E47000-memory.dmp

Filesize
156KB

Download
memory/1124-79-0x0000000001E20000-0x0000000001E47000-memory.dmp

Filesize
156KB

Download
memory/1124-81-0x0000000001E20000-0x0000000001E47000-memory.dmp

Filesize
156KB

Download
memory/1192-87-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1192-84-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1192-86-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1192-85-0x0000000000120000-0x0000000000147000-memory.dmp

Filesize
156KB

Download
memory/1228-90-0x00000000029D0000-0x00000000029F7000-memory.dmp

Filesize
156KB

Download
memory/1228-93-0x00000000029D0000-0x00000000029F7000-memory.dmp

Filesize
156KB

Download
memory/1228-92-0x00000000029D0000-0x00000000029F7000-memory.dmp

Filesize
156KB

Download
memory/1228-91-0x00000000029D0000-0x00000000029F7000-memory.dmp

Filesize
156KB

Download
memory/1348-100-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1348-72-0x0000000000413048-mapping.dmp

Download
memory/1348-110-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/1360-65-0x0000000000000000-mapping.dmp

Download
memory/1360-69-0x0000000000617000-0x0000000000619000-memory.dmp

Filesize
8KB

Download
memory/1916-120-0x0000000000150000-0x0000000000177000-memory.dmp

Filesize
156KB

Download
memory/1916-121-0x0000000000150000-0x0000000000177000-memory.dmp

Filesize
156KB

Download
memory/1916-119-0x0000000000150000-0x0000000000177000-memory.dmp

Filesize
156KB

Download
memory/1916-118-0x0000000000150000-0x0000000000177000-memory.dmp

Filesize
156KB

Download
memory/1964-128-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1964-127-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1964-126-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download
memory/1964-125-0x0000000000110000-0x0000000000137000-memory.dmp

Filesize
156KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads