5d957233382cb6daeeb6aa31fb8c4389e3ef5e609c2c9c71e106287b2cab80d0

General

Target

5d957233382cb6daeeb6aa31fb8c4389e3ef5e609c2c9c71e106287b2cab80d0.xls
Size

826KB
MD5

1077e927cb7cb62f71214b6fe9b72973
SHA1

af74d8ada7d7528e90ce01ec7a9d84729f0e72fb
SHA256

5d957233382cb6daeeb6aa31fb8c4389e3ef5e609c2c9c71e106287b2cab80d0
SHA512

49b531a228721622e2c713cb32562643d6a870e5c32125fa30a5be4b6e845d4ccc4bfb535e8b00ae1f5f07ba69908163e09d1c968f7b03ab927a36f4158ede5c
SSDEEP

6144:5k3hOdsylKlgryzc4bNhZF+E+W2kQCAH8SD4HW44KwACfnVIGI70:tCCD

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

WScript.exe

description	pid	pid_target	process	target process
Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process	2044	1756	WScript.exe	EXCEL.EXE

Blocklisted process makes network request 2 IoCs

Processes:

WScript.exe

flow pid process

3 2044 WScript.exe
4 2044 WScript.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Office loads VBA resources, possible macro or embedded object present
Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

EXCEL.EXE

description ioc process

Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE

flow	pid	process
3	2044	WScript.exe
4	2044	WScript.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

EXCEL.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Toolbar	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\MenuExt	EXCEL.EXE

Modifies registry class 64 IoCs

Processes:

EXCEL.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{47FF8FE0-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{8A683C90-BA84-11CF-8110-00A0C9030074}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}\ = "FormEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLSubmitButton"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}\ = "MdcToggleButtonEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{8BD21D53-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents3"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\TypeLib\{F8ABF272-6D66-4EF8-9CF5-3FACFFB8B217}\2.0\ = "Microsoft Forms 2.0 Object Library"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{9A4BBF53-4E46-101B-8BBD-00AA003E3B29}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{5512D117-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLCheckbox"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLImage"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{5512D11F-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\TypeLib\{F8ABF272-6D66-4EF8-9CF5-3FACFFB8B217}\2.0	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}\ = "IControl"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcList"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{944ACF93-A1E6-11CE-8104-00AA00611080}\ = "Tabs"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}\ = "MdcListEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}\ = "CommandButtonEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{8BD21D22-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{7B020EC8-AF6C-11CE-9F46-00AA00574A4F}\ = "MultiPageEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}\ = "IOptionFrame"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLSelect"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\ = "MdcTextEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}\ = "IPage"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}\ = "Controls"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}\ = "MdcComboEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{4C5992A5-6926-101B-9992-00000B65C6F9}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{BEF6E003-A874-101A-8BBA-00AA00300CAB}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{A38BFFC3-A5A0-11CE-8107-00AA00611080}\ = "Tab"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}\ = "WHTMLControlEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents4"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents7"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{5512D119-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F8ABF272-6D66-4EF8-9CF5-3FACFFB8B217}\2.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Excel8.0"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{29B86A70-F52E-11CE-9BCE-00AA00608E01}\ = "IOptionFrame"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}\ = "OptionFrameEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}\ = "IReturnEffect"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}\ = "MdcCheckBoxEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{4C599243-6926-101B-9992-00000B65C6F9}\ = "IImage"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}\ = "SpinbuttonEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\TypeLib\{F8ABF272-6D66-4EF8-9CF5-3FACFFB8B217}\2.0\HELPDIR	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{82B02371-B5BC-11CF-810F-00A0C9030074}\ = "IReturnBoolean"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{04598FC6-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{4C599243-6926-101B-9992-00000B65C6F9}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{7B020EC1-AF6C-11CE-9F46-00AA00574A4F}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}\ = "ScrollbarEvents"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F8ABF272-6D66-4EF8-9CF5-3FACFFB8B217}\2.0\FLAGS	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

1756 EXCEL.EXE
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

EXCEL.EXE

pid process

1756 EXCEL.EXE
1756 EXCEL.EXE
1756 EXCEL.EXE
1756 EXCEL.EXE
1756 EXCEL.EXE
1756 EXCEL.EXE
1756 EXCEL.EXE
1756 EXCEL.EXE

pid	process
1756	EXCEL.EXE

pid	process
1756	EXCEL.EXE
1756	EXCEL.EXE
1756	EXCEL.EXE
1756	EXCEL.EXE
1756	EXCEL.EXE
1756	EXCEL.EXE
1756	EXCEL.EXE
1756	EXCEL.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

EXCEL.EXE

description	pid	process	target process
PID 1756 wrote to memory of 2044	1756	EXCEL.EXE	WScript.exe
PID 1756 wrote to memory of 2044	1756	EXCEL.EXE	WScript.exe
PID 1756 wrote to memory of 2044	1756	EXCEL.EXE	WScript.exe
PID 1756 wrote to memory of 2044	1756	EXCEL.EXE	WScript.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\5d957233382cb6daeeb6aa31fb8c4389e3ef5e609c2c9c71e106287b2cab80d0.xls
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\load.txtpin.jse"
2⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
PID:2044

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Documents\load.txtpin.jse
Filesize
773KB

MD5
4398e68cbe6d058d60bcafb87a543d7a

SHA1
f649a164561348dde829c23806f16d7ad55966f0

SHA256
a295eaf45edfa37886a49288fc06af0fbd2cf1a41b98a0b0d55beb1e7cc3aff7

SHA512
9292c8a3292e155aaab0f2d9a4681174082c8e6fb71d2621d55b71366331091419233ac1405bac3bf0c93362b224f0b63416353f3d906b57ad6493ecf9fb2838

Download Submit
memory/1756-54-0x000000002F401000-0x000000002F404000-memory.dmp

Filesize
12KB

Download
memory/1756-55-0x0000000070F41000-0x0000000070F43000-memory.dmp

Filesize
8KB

Download
memory/1756-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1756-57-0x0000000071F2D000-0x0000000071F38000-memory.dmp

Filesize
44KB

Download
memory/1756-58-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/1756-59-0x0000000071F2D000-0x0000000071F38000-memory.dmp

Filesize
44KB

Download
memory/1756-60-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-61-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-62-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-63-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-64-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-65-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-67-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-66-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-68-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-69-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-70-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-71-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-72-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-73-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-74-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-75-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-76-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-78-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-77-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-79-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-80-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-82-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-81-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-84-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-83-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-86-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-85-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-88-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-87-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-89-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-90-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-91-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-93-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-92-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-94-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-95-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-97-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-98-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-99-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-100-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-101-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-103-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-102-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-104-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-105-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-109-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-108-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-107-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-110-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-111-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-113-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-112-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-114-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-115-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-118-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-117-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/1756-119-0x00000000004B5000-0x00000000004B9000-memory.dmp

Filesize
16KB

Download
memory/2044-125-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads