5ccc282dc59d4b5b35ad270c967c4b2d92f325b5b6df3f30520269f9c55176de

General

Target

5ccc282dc59d4b5b35ad270c967c4b2d92f325b5b6df3f30520269f9c55176de.xls
Size

826KB
MD5

2b0f3b1eccc31b722d19b898bfed7500
SHA1

a6caf9f3be96a03c960091fcc43c6a1131fef0ac
SHA256

5ccc282dc59d4b5b35ad270c967c4b2d92f325b5b6df3f30520269f9c55176de
SHA512

3cfb7c8d1ca94f97d17beb635da6dd53ec6326f2e05f04120c7e6ff5ec5a7bea808116e48fda3f2c8a29187cbecb4772c091ea656b444a3896ab5e310ca1f98a
SSDEEP

6144:5k3hOdsylKlgryzc4bNhZF+E+W2kQCAH8SD4HW44KwACfnVIGI70:tCCD

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

WScript.exe

description	pid	pid_target	process	target process
Parent C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE is not expected to spawn this process	1360	1156	WScript.exe	EXCEL.EXE

Blocklisted process makes network request 2 IoCs

Processes:

WScript.exe

flow pid process

3 1360 WScript.exe
4 1360 WScript.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Office loads VBA resources, possible macro or embedded object present
Enumerates system info in registry 2 TTPs 1 IoCs

Query Registry
T1012

System Information Discovery
T1082

Processes:

EXCEL.EXE

description ioc process

Key opened \REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor EXCEL.EXE

flow	pid	process
3	1360	WScript.exe
4	1360	WScript.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\FloatingPointProcessor	EXCEL.EXE

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

Processes:

EXCEL.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\EXCEL.EXE/3000"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ = "res://C:\\PROGRA~2\\MICROS~1\\Office14\\ONBttnIE.dll/105"	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\Contexts = "55"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel	EXCEL.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\Contexts = "1"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\Toolbar\ShowDiscussionButton = "Yes"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000\Software\Microsoft\Internet Explorer\MenuExt	EXCEL.EXE

Modifies registry class 64 IoCs

Processes:

EXCEL.EXE

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{735C179B-1CB6-48DC-8E74-D365DF0DF6B5}\2.0	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}\ = "ILabelControl"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{5512D113-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{978C9E22-D4B0-11CE-BF2D-00AA003F40D0}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{8BD21D62-EC42-11CE-9E0D-00AA006002F3}\ = "MdcToggleButtonEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\ = "MdcTextEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{8BD21D52-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}\ = "ScrollbarEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\TypeLib\{735C179B-1CB6-48DC-8E74-D365DF0DF6B5}\2.0\0\win32	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{796ED650-5FE9-11CF-8D68-00AA00BDCE1D}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\TypeLib\{735C179B-1CB6-48DC-8E74-D365DF0DF6B5}\2.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Excel8.0"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLReset"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}\ = "SpinbuttonEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\TypeLib\{735C179B-1CB6-48DC-8E74-D365DF0DF6B5}\2.0\FLAGS\ = "6"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}\ = "IDataAutoWrapper"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{8BD21D63-EC42-11CE-9E0D-00AA006002F3}\ = "IMdcToggleButton"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}\ = "IScrollbar"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{47FF8FE5-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{5512D11D-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{7B020EC2-AF6C-11CE-9F46-00AA00574A4F}\ = "ScrollbarEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{47FF8FE8-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents9"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{04598FC3-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{EC72F590-F375-11CE-B9E8-00AA006B1A69}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{47FF8FE2-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{735C179B-1CB6-48DC-8E74-D365DF0DF6B5}\2.0\FLAGS	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{04598FC4-866C-11CF-AB7C-00AA00C08FCF}\ = "ICommandButton"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{47FF8FE3-6198-11CF-8CE8-00AA006CB389}\ = "WHTMLControlEvents4"	EXCEL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{735C179B-1CB6-48DC-8E74-D365DF0DF6B5}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{04598FC2-866C-11CF-AB7C-00AA00C08FCF}\ = "ITabStrip"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLReset"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{79176FB2-B7F2-11CE-97EF-00AA006D2776}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{47FF8FE6-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{5CEF5613-713D-11CE-80C9-00AA00611080}\ = "IPage"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{5512D125-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}\ = "IMultiPage"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{8A683C91-BA84-11CF-8110-00A0C9030074}\ = "IReturnEffect"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{8BD21D13-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{79176FB3-B7F2-11CE-97EF-00AA006D2776}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLSelect"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{47FF8FE1-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{CF3F94A0-F546-11CE-9BCE-00AA00608E01}\ = "OptionFrameEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{04598FC1-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{8BD21D23-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{5512D115-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{8BD21D32-EC42-11CE-9E0D-00AA006002F3}\ = "MdcComboEvents"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{04598FC9-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{92E11A03-7358-11CE-80CB-00AA00611080}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{04598FC7-866C-11CF-AB7C-00AA00C08FCF}	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{5B9D8FC8-4A71-101B-97A6-00000B65C08B}\ = "FormEvents"	EXCEL.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Interface\{5512D111-5CC6-11CF-8D67-00AA00BDCE1D}\ = "IWHTMLSubmitButton"	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{5512D123-5CC6-11CF-8D67-00AA00BDCE1D}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{8BD21D42-EC42-11CE-9E0D-00AA006002F3}	EXCEL.EXE
Key created	\REGISTRY\USER\S-1-5-21-1214520366-621468234-4062160515-1000_CLASSES\Wow6432Node\Interface\{47FF8FE9-6198-11CF-8CE8-00AA006CB389}	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

1156 EXCEL.EXE
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

EXCEL.EXE

pid process

1156 EXCEL.EXE
1156 EXCEL.EXE
1156 EXCEL.EXE
1156 EXCEL.EXE
1156 EXCEL.EXE
1156 EXCEL.EXE
1156 EXCEL.EXE
1156 EXCEL.EXE

pid	process
1156	EXCEL.EXE

pid	process
1156	EXCEL.EXE
1156	EXCEL.EXE
1156	EXCEL.EXE
1156	EXCEL.EXE
1156	EXCEL.EXE
1156	EXCEL.EXE
1156	EXCEL.EXE
1156	EXCEL.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

EXCEL.EXE

description	pid	process	target process
PID 1156 wrote to memory of 1360	1156	EXCEL.EXE	WScript.exe
PID 1156 wrote to memory of 1360	1156	EXCEL.EXE	WScript.exe
PID 1156 wrote to memory of 1360	1156	EXCEL.EXE	WScript.exe
PID 1156 wrote to memory of 1360	1156	EXCEL.EXE	WScript.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde C:\Users\Admin\AppData\Local\Temp\5ccc282dc59d4b5b35ad270c967c4b2d92f325b5b6df3f30520269f9c55176de.xls
1⤵
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1156

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Public\Documents\load.txtpin.jse"
2⤵
- Process spawned unexpected child process
- Blocklisted process makes network request
PID:1360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Documents\load.txtpin.jse
Filesize
773KB

MD5
4398e68cbe6d058d60bcafb87a543d7a

SHA1
f649a164561348dde829c23806f16d7ad55966f0

SHA256
a295eaf45edfa37886a49288fc06af0fbd2cf1a41b98a0b0d55beb1e7cc3aff7

SHA512
9292c8a3292e155aaab0f2d9a4681174082c8e6fb71d2621d55b71366331091419233ac1405bac3bf0c93362b224f0b63416353f3d906b57ad6493ecf9fb2838

Download Submit
memory/1156-54-0x000000002FB61000-0x000000002FB64000-memory.dmp

Filesize
12KB

Download
memory/1156-55-0x0000000070E41000-0x0000000070E43000-memory.dmp

Filesize
8KB

Download
memory/1156-56-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/1156-57-0x0000000071E2D000-0x0000000071E38000-memory.dmp

Filesize
44KB

Download
memory/1156-58-0x00000000753F1000-0x00000000753F3000-memory.dmp

Filesize
8KB

Download
memory/1156-60-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-59-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-61-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-62-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-63-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-68-0x0000000005EBC000-0x0000000005EBE000-memory.dmp

Filesize
8KB

Download
memory/1156-67-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-66-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-65-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-64-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-69-0x0000000071E2D000-0x0000000071E38000-memory.dmp

Filesize
44KB

Download
memory/1156-70-0x0000000005EB0000-0x0000000005FB0000-memory.dmp

Filesize
1024KB

Download
memory/1156-71-0x0000000005EB0000-0x0000000005FB0000-memory.dmp

Filesize
1024KB

Download
memory/1156-72-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-75-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-74-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-77-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-76-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-78-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-79-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-81-0x0000000005EBC000-0x0000000005EBE000-memory.dmp

Filesize
8KB

Download
memory/1156-80-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-82-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-84-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-85-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-86-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-87-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-88-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-89-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-90-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-91-0x0000000005EBC000-0x0000000005EBE000-memory.dmp

Filesize
8KB

Download
memory/1156-92-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-95-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-94-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-97-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-96-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-99-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-98-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-101-0x0000000005EBC000-0x0000000005EBE000-memory.dmp

Filesize
8KB

Download
memory/1156-100-0x0000000005EBA000-0x0000000005EBD000-memory.dmp

Filesize
12KB

Download
memory/1156-104-0x0000000005EB0000-0x0000000005FB0000-memory.dmp

Filesize
1024KB

Download
memory/1156-105-0x0000000005EB0000-0x0000000005FB0000-memory.dmp

Filesize
1024KB

Download
memory/1156-107-0x0000000005EB0000-0x0000000005FB0000-memory.dmp

Filesize
1024KB

Download
memory/1156-108-0x0000000005EB0000-0x0000000005FB0000-memory.dmp

Filesize
1024KB

Download
memory/1360-102-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads