7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba

General

Target

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
Size

169KB
MD5

09a49e043c9df84812e74d4b001eeccf
SHA1

684fc6689e9182e042c6231758f588b8de8d5fe2
SHA256

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba
SHA512

230d68547c34fff4397b4d93500dfdc73c0d662cf64e8524dcacff4c3e6bc1f76a974db2ce10d07e98fb061fecfcd8d188167003ffbfb91de180208953a2c437
SSDEEP

3072:xKXR/jtaBLpvKPwxK3bEguprek32x+cBy3rtCzmnbEwW80/PqsOpC2XPBz5u:xKBBMLpU33uZek32x++UrtAmnbnZHHBM

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

affi.exeaffi.exe

pid process

1480 affi.exe
268 affi.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1724 cmd.exe

pid	process
1480	affi.exe
268	affi.exe

pid	process
1724	cmd.exe

Loads dropped DLL 2 IoCs

Processes:

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

pid	process
936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

affi.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Windows\Currentversion\Run	affi.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Windows\CurrentVersion\Run\Dyiladad = "C:\\Users\\Admin\\AppData\\Roaming\\Asegym\\affi.exe"	affi.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exeaffi.exe

description	pid	process	target process
PID 1812 set thread context of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 1480 set thread context of 268	1480	affi.exe	affi.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Privacy	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Processes:

affi.exe

pid	process
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe
268	affi.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

description	pid	process
Token: SeSecurityPrivilege	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
Token: SeSecurityPrivilege	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
Token: SeSecurityPrivilege	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exeaffi.exeaffi.exe

description	pid	process	target process
PID 1812 wrote to memory of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 1812 wrote to memory of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 1812 wrote to memory of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 1812 wrote to memory of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 1812 wrote to memory of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 1812 wrote to memory of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 1812 wrote to memory of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 1812 wrote to memory of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 1812 wrote to memory of 936	1812	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 936 wrote to memory of 1480	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	affi.exe
PID 936 wrote to memory of 1480	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	affi.exe
PID 936 wrote to memory of 1480	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	affi.exe
PID 936 wrote to memory of 1480	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	affi.exe
PID 1480 wrote to memory of 268	1480	affi.exe	affi.exe
PID 1480 wrote to memory of 268	1480	affi.exe	affi.exe
PID 1480 wrote to memory of 268	1480	affi.exe	affi.exe
PID 1480 wrote to memory of 268	1480	affi.exe	affi.exe
PID 1480 wrote to memory of 268	1480	affi.exe	affi.exe
PID 1480 wrote to memory of 268	1480	affi.exe	affi.exe
PID 1480 wrote to memory of 268	1480	affi.exe	affi.exe
PID 1480 wrote to memory of 268	1480	affi.exe	affi.exe
PID 1480 wrote to memory of 268	1480	affi.exe	affi.exe
PID 268 wrote to memory of 1120	268	affi.exe	taskhost.exe
PID 268 wrote to memory of 1120	268	affi.exe	taskhost.exe
PID 268 wrote to memory of 1120	268	affi.exe	taskhost.exe
PID 268 wrote to memory of 1120	268	affi.exe	taskhost.exe
PID 268 wrote to memory of 1120	268	affi.exe	taskhost.exe
PID 268 wrote to memory of 1184	268	affi.exe	Dwm.exe
PID 268 wrote to memory of 1184	268	affi.exe	Dwm.exe
PID 268 wrote to memory of 1184	268	affi.exe	Dwm.exe
PID 268 wrote to memory of 1184	268	affi.exe	Dwm.exe
PID 268 wrote to memory of 1184	268	affi.exe	Dwm.exe
PID 268 wrote to memory of 1244	268	affi.exe	Explorer.EXE
PID 268 wrote to memory of 1244	268	affi.exe	Explorer.EXE
PID 268 wrote to memory of 1244	268	affi.exe	Explorer.EXE
PID 268 wrote to memory of 1244	268	affi.exe	Explorer.EXE
PID 268 wrote to memory of 1244	268	affi.exe	Explorer.EXE
PID 268 wrote to memory of 936	268	affi.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 268 wrote to memory of 936	268	affi.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 268 wrote to memory of 936	268	affi.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 268 wrote to memory of 936	268	affi.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 268 wrote to memory of 936	268	affi.exe	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
PID 936 wrote to memory of 1724	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	cmd.exe
PID 936 wrote to memory of 1724	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	cmd.exe
PID 936 wrote to memory of 1724	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	cmd.exe
PID 936 wrote to memory of 1724	936	7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe	cmd.exe
PID 268 wrote to memory of 1724	268	affi.exe	cmd.exe
PID 268 wrote to memory of 1692	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1692	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1692	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1692	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1692	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1064	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1064	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1064	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1064	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1064	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1580	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1580	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1580	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1580	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1580	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1424	268	affi.exe	DllHost.exe
PID 268 wrote to memory of 1424	268	affi.exe	DllHost.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
"C:\Users\Admin\AppData\Local\Temp\7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe"
2⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1812

C:\Users\Admin\AppData\Local\Temp\7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
C:\Users\Admin\AppData\Local\Temp\7b2cb5bf97c92621d4b15b64f242a9bf1cc6d899ad96c74601a4a8aaf9704aba.exe
3⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:936

C:\Users\Admin\AppData\Roaming\Asegym\affi.exe
"C:\Users\Admin\AppData\Roaming\Asegym\affi.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1480

C:\Users\Admin\AppData\Roaming\Asegym\affi.exe
C:\Users\Admin\AppData\Roaming\Asegym\affi.exe
5⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:268

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpd545fa90.bat"
4⤵
- Deletes itself
PID:1724

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1184

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1120

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1692

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1064

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1580

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1424

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:392

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpd545fa90.bat
Filesize
307B

MD5
f7f1832f9148d1a2740897c7fd432d9c

SHA1
bdcec03d3f8aa356a35cac0821ab47a74b38adc8

SHA256
d475125ba69434b713d66829485c37b6e1559c05c1ae20be6950b8bf880fd74b

SHA512
80d4e9a9b18f7e9fdd3311dadf54bd7477460bcec29ba026ea87f6e723192b5046b4bcca689ef831e66f6e7418e61d0c2bd6a8d6f66dcc23f541433d2aa50d54

Download Submit
C:\Users\Admin\AppData\Roaming\Asegym\affi.exe
Filesize
169KB

MD5
9513d6584226926ddd98ad825273338d

SHA1
548e80e99152128112dc5a6db9a6f9dbe7f667a2

SHA256
e2a42dea555ecc551e1733ad5b4a394b1cef99cae690e7c0c6a18156c2e6b2b2

SHA512
5b6f673873addd640d7e8454cd7803084a081f9307851dd7c56e9bbbb51e5d6f4aad3be491c90f992f63fa4066698e0eaa5341d4b9c9dd8663a84d7ed348d083

Download Submit
C:\Users\Admin\AppData\Roaming\Asegym\affi.exe
Filesize
169KB

MD5
9513d6584226926ddd98ad825273338d

SHA1
548e80e99152128112dc5a6db9a6f9dbe7f667a2

SHA256
e2a42dea555ecc551e1733ad5b4a394b1cef99cae690e7c0c6a18156c2e6b2b2

SHA512
5b6f673873addd640d7e8454cd7803084a081f9307851dd7c56e9bbbb51e5d6f4aad3be491c90f992f63fa4066698e0eaa5341d4b9c9dd8663a84d7ed348d083

Download Submit
C:\Users\Admin\AppData\Roaming\Asegym\affi.exe
Filesize
169KB

MD5
9513d6584226926ddd98ad825273338d

SHA1
548e80e99152128112dc5a6db9a6f9dbe7f667a2

SHA256
e2a42dea555ecc551e1733ad5b4a394b1cef99cae690e7c0c6a18156c2e6b2b2

SHA512
5b6f673873addd640d7e8454cd7803084a081f9307851dd7c56e9bbbb51e5d6f4aad3be491c90f992f63fa4066698e0eaa5341d4b9c9dd8663a84d7ed348d083

Download Submit
\Users\Admin\AppData\Roaming\Asegym\affi.exe
Filesize
169KB

MD5
9513d6584226926ddd98ad825273338d

SHA1
548e80e99152128112dc5a6db9a6f9dbe7f667a2

SHA256
e2a42dea555ecc551e1733ad5b4a394b1cef99cae690e7c0c6a18156c2e6b2b2

SHA512
5b6f673873addd640d7e8454cd7803084a081f9307851dd7c56e9bbbb51e5d6f4aad3be491c90f992f63fa4066698e0eaa5341d4b9c9dd8663a84d7ed348d083

Download Submit
\Users\Admin\AppData\Roaming\Asegym\affi.exe
Filesize
169KB

MD5
9513d6584226926ddd98ad825273338d

SHA1
548e80e99152128112dc5a6db9a6f9dbe7f667a2

SHA256
e2a42dea555ecc551e1733ad5b4a394b1cef99cae690e7c0c6a18156c2e6b2b2

SHA512
5b6f673873addd640d7e8454cd7803084a081f9307851dd7c56e9bbbb51e5d6f4aad3be491c90f992f63fa4066698e0eaa5341d4b9c9dd8663a84d7ed348d083

Download Submit
memory/268-117-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/268-80-0x0000000000428055-mapping.dmp

Download
memory/268-90-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-113-0x00000000002C0000-0x00000000002F0000-memory.dmp

Filesize
192KB

Download
memory/936-65-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-59-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-71-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-58-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-56-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-108-0x00000000002C0000-0x00000000002F7000-memory.dmp

Filesize
220KB

Download
memory/936-106-0x00000000002C0000-0x00000000002F7000-memory.dmp

Filesize
220KB

Download
memory/936-105-0x00000000002C0000-0x00000000002F7000-memory.dmp

Filesize
220KB

Download
memory/936-61-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-109-0x00000000002C0000-0x00000000002F0000-memory.dmp

Filesize
192KB

Download
memory/936-62-0x0000000000428055-mapping.dmp

Download
memory/936-55-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-107-0x00000000002C0000-0x00000000002F7000-memory.dmp

Filesize
220KB

Download
memory/936-112-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/936-110-0x00000000002C0000-0x00000000002F7000-memory.dmp

Filesize
220KB

Download
memory/1064-126-0x0000000001B70000-0x0000000001BA7000-memory.dmp

Filesize
220KB

Download
memory/1064-127-0x0000000001B70000-0x0000000001BA7000-memory.dmp

Filesize
220KB

Download
memory/1064-128-0x0000000001B70000-0x0000000001BA7000-memory.dmp

Filesize
220KB

Download
memory/1064-129-0x0000000001B70000-0x0000000001BA7000-memory.dmp

Filesize
220KB

Download
memory/1120-88-0x0000000001D90000-0x0000000001DC7000-memory.dmp

Filesize
220KB

Download
memory/1120-89-0x0000000001D90000-0x0000000001DC7000-memory.dmp

Filesize
220KB

Download
memory/1120-86-0x0000000001D90000-0x0000000001DC7000-memory.dmp

Filesize
220KB

Download
memory/1120-87-0x0000000001D90000-0x0000000001DC7000-memory.dmp

Filesize
220KB

Download
memory/1184-94-0x0000000001E10000-0x0000000001E47000-memory.dmp

Filesize
220KB

Download
memory/1184-96-0x0000000001E10000-0x0000000001E47000-memory.dmp

Filesize
220KB

Download
memory/1184-93-0x0000000001E10000-0x0000000001E47000-memory.dmp

Filesize
220KB

Download
memory/1184-95-0x0000000001E10000-0x0000000001E47000-memory.dmp

Filesize
220KB

Download
memory/1244-100-0x00000000021C0000-0x00000000021F7000-memory.dmp

Filesize
220KB

Download
memory/1244-101-0x00000000021C0000-0x00000000021F7000-memory.dmp

Filesize
220KB

Download
memory/1244-99-0x00000000021C0000-0x00000000021F7000-memory.dmp

Filesize
220KB

Download
memory/1244-102-0x00000000021C0000-0x00000000021F7000-memory.dmp

Filesize
220KB

Download
memory/1480-68-0x0000000000000000-mapping.dmp

Download
memory/1580-134-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1580-135-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1580-133-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1580-132-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/1692-122-0x0000000002510000-0x0000000002547000-memory.dmp

Filesize
220KB

Download
memory/1692-123-0x0000000002510000-0x0000000002547000-memory.dmp

Filesize
220KB

Download
memory/1692-121-0x0000000002510000-0x0000000002547000-memory.dmp

Filesize
220KB

Download
memory/1692-120-0x0000000002510000-0x0000000002547000-memory.dmp

Filesize
220KB

Download
memory/1724-111-0x0000000000000000-mapping.dmp

Download
memory/1812-54-0x00000000753F1000-0x00000000753F3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads