30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98

General

Target

30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
Size

488KB
MD5

e5cb9f85899a9133ebddc238be517594
SHA1

5b5c6c28a03e9bf21fe2856f96d52841ede49b55
SHA256

30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98
SHA512

fd0e67ac7cb25f78103d575a3d5bb5b15adf80743625e43fcc8f556e29d9282d77ffd3a640d988ae0f0e0d2a86769c35881ecbaf901793610fe1e94fe9fa9bb3
SSDEEP

12288:7NhQPh82gxvXJQhKe8f/MTUgTOej1+pdOeKaJKQ:7oP4XJU8f/MjT3wdOeTKQ

Score

9^/10

evasion ransomware

Malware Config

Signatures

Modifies boot configuration data using bcdedit 1 TTPs 10 IoCs

ransomware evasion

Inhibit System Recovery

T1490

Processes:

bcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exebcdedit.exe

pid	process
328	bcdedit.exe
1552	bcdedit.exe
1184	bcdedit.exe
1468	bcdedit.exe
820	bcdedit.exe
1640	bcdedit.exe
744	bcdedit.exe
868	bcdedit.exe
1544	bcdedit.exe
1748	bcdedit.exe

Drops file in Drivers directory 1 IoCs

Processes:

ihex.exe

description ioc process

File created C:\Windows\system32\drivers\6ecee4.sys ihex.exe
Executes dropped EXE 2 IoCs

Processes:

ihex.exeihex.exe

pid process

1544 ihex.exe
304 ihex.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1144 cmd.exe

description	ioc	process
File created	C:\Windows\system32\drivers\6ecee4.sys	ihex.exe

pid	process
1544	ihex.exe
304	ihex.exe

pid	process
1144	cmd.exe

Loads dropped DLL 3 IoCs

Processes:

30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exeihex.exe

pid	process
1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
1544	ihex.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exeihex.exe

description	pid	process	target process
PID 1552 set thread context of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1544 set thread context of 304	1544	ihex.exe	ihex.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exeihex.exe

pid process

1752 30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
304 ihex.exe
304 ihex.exe
304 ihex.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

464
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

ihex.exe

description pid process

Token: SeShutdownPrivilege 304 ihex.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exeihex.exe

pid process

1552 30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
1544 ihex.exe

pid	process
464

description	pid	process
Token: SeShutdownPrivilege	304	ihex.exe

pid	process
1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
1544	ihex.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exeihex.exeihex.exe

description	pid	process	target process
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1552 wrote to memory of 1752	1552	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
PID 1752 wrote to memory of 1544	1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	ihex.exe
PID 1752 wrote to memory of 1544	1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	ihex.exe
PID 1752 wrote to memory of 1544	1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	ihex.exe
PID 1752 wrote to memory of 1544	1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1544 wrote to memory of 304	1544	ihex.exe	ihex.exe
PID 1752 wrote to memory of 1144	1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	cmd.exe
PID 1752 wrote to memory of 1144	1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	cmd.exe
PID 1752 wrote to memory of 1144	1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	cmd.exe
PID 1752 wrote to memory of 1144	1752	30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe	cmd.exe
PID 304 wrote to memory of 328	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 328	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 328	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 328	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1552	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1552	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1552	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1552	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1184	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1184	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1184	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1184	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1468	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1468	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1468	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1468	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 820	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 820	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 820	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 820	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1640	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1640	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1640	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1640	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 744	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 744	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 744	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 744	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 868	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 868	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 868	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 868	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1544	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1544	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1544	304	ihex.exe	bcdedit.exe
PID 304 wrote to memory of 1544	304	ihex.exe	bcdedit.exe

C:\Users\Admin\AppData\Local\Temp\30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
"C:\Users\Admin\AppData\Local\Temp\30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1552

C:\Users\Admin\AppData\Local\Temp\30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe
"C:\Users\Admin\AppData\Local\Temp\30f1628ecd7dcfa5d0163c6041607ec45d2ced3a8b146e09a9a1b65b9728ea98.exe"
2⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1752

C:\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe
"C:\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544

C:\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe
"C:\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe"
4⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:304

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:328

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:1552

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:1184

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:1468

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:820

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:1640

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:744

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:868

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:1544

C:\Windows\system32\bcdedit.exe
bcdedit.exe -set TESTSIGNING ON
5⤵
- Modifies boot configuration data using bcdedit
PID:1748

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\EJG9C46.bat"
3⤵
- Deletes itself
PID:1144

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1244

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1212

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1116

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1876

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\EJG9C46.bat
Filesize
303B

MD5
8ef2a3d78a280b906a184cddb4be1ea1

SHA1
ec9c3960ab952d79067348bdc7bff9226f55e6f9

SHA256
32a09ce1f1a5d495c231fb1d3c9de603de57f39cc9abad97501e0b1ae6f8b3b4

SHA512
de91035f37c884e2c8a22f431b78e4b605ab2d927d39f1a74a65e8e884605374deb5ab0a16295660a96f2acdbeb3b5e128861effe607758abc67b1f0ca78a094

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe
Filesize
488KB

MD5
2539f5eaf53588b3b96ddb27242b0f1d

SHA1
cc91f5d761f7891ae1774846ea208c8ba6d29fe7

SHA256
ddf80a42ca5d6e9f687016da425afbdd5802bcf88817bc2a314accf3217d39a6

SHA512
cd4c59cf56c48878fd943d1ab614991ff0cd5aad099bc355792adec1363d6a69cde9349287f047ad4d1b69d5e7dd124c0ad762e891e610aeafb5ed62113179b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe
Filesize
488KB

MD5
2539f5eaf53588b3b96ddb27242b0f1d

SHA1
cc91f5d761f7891ae1774846ea208c8ba6d29fe7

SHA256
ddf80a42ca5d6e9f687016da425afbdd5802bcf88817bc2a314accf3217d39a6

SHA512
cd4c59cf56c48878fd943d1ab614991ff0cd5aad099bc355792adec1363d6a69cde9349287f047ad4d1b69d5e7dd124c0ad762e891e610aeafb5ed62113179b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe
Filesize
488KB

MD5
2539f5eaf53588b3b96ddb27242b0f1d

SHA1
cc91f5d761f7891ae1774846ea208c8ba6d29fe7

SHA256
ddf80a42ca5d6e9f687016da425afbdd5802bcf88817bc2a314accf3217d39a6

SHA512
cd4c59cf56c48878fd943d1ab614991ff0cd5aad099bc355792adec1363d6a69cde9349287f047ad4d1b69d5e7dd124c0ad762e891e610aeafb5ed62113179b7

Download Submit
\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe
Filesize
488KB

MD5
2539f5eaf53588b3b96ddb27242b0f1d

SHA1
cc91f5d761f7891ae1774846ea208c8ba6d29fe7

SHA256
ddf80a42ca5d6e9f687016da425afbdd5802bcf88817bc2a314accf3217d39a6

SHA512
cd4c59cf56c48878fd943d1ab614991ff0cd5aad099bc355792adec1363d6a69cde9349287f047ad4d1b69d5e7dd124c0ad762e891e610aeafb5ed62113179b7

Download Submit
\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe
Filesize
488KB

MD5
2539f5eaf53588b3b96ddb27242b0f1d

SHA1
cc91f5d761f7891ae1774846ea208c8ba6d29fe7

SHA256
ddf80a42ca5d6e9f687016da425afbdd5802bcf88817bc2a314accf3217d39a6

SHA512
cd4c59cf56c48878fd943d1ab614991ff0cd5aad099bc355792adec1363d6a69cde9349287f047ad4d1b69d5e7dd124c0ad762e891e610aeafb5ed62113179b7

Download Submit
\Users\Admin\AppData\Local\Temp\Uqiq\ihex.exe
Filesize
488KB

MD5
2539f5eaf53588b3b96ddb27242b0f1d

SHA1
cc91f5d761f7891ae1774846ea208c8ba6d29fe7

SHA256
ddf80a42ca5d6e9f687016da425afbdd5802bcf88817bc2a314accf3217d39a6

SHA512
cd4c59cf56c48878fd943d1ab614991ff0cd5aad099bc355792adec1363d6a69cde9349287f047ad4d1b69d5e7dd124c0ad762e891e610aeafb5ed62113179b7

Download Submit
memory/304-98-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/304-130-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/304-128-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/304-99-0x0000000000280000-0x0000000000286000-memory.dmp

Filesize
24KB

Download
memory/304-94-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/304-89-0x000000000044DDB6-mapping.dmp

Download
memory/328-100-0x0000000000000000-mapping.dmp

Download
memory/744-106-0x0000000000000000-mapping.dmp

Download
memory/820-104-0x0000000000000000-mapping.dmp

Download
memory/868-107-0x0000000000000000-mapping.dmp

Download
memory/1116-115-0x00000000020B0000-0x000000000211D000-memory.dmp

Filesize
436KB

Download
memory/1116-112-0x00000000020B0000-0x000000000211D000-memory.dmp

Filesize
436KB

Download
memory/1116-113-0x00000000020B0000-0x000000000211D000-memory.dmp

Filesize
436KB

Download
memory/1116-114-0x00000000020B0000-0x000000000211D000-memory.dmp

Filesize
436KB

Download
memory/1144-95-0x0000000000000000-mapping.dmp

Download
memory/1184-102-0x0000000000000000-mapping.dmp

Download
memory/1212-120-0x00000000019C0000-0x0000000001A2D000-memory.dmp

Filesize
436KB

Download
memory/1212-119-0x00000000019C0000-0x0000000001A2D000-memory.dmp

Filesize
436KB

Download
memory/1212-118-0x00000000019C0000-0x0000000001A2D000-memory.dmp

Filesize
436KB

Download
memory/1212-121-0x00000000019C0000-0x0000000001A2D000-memory.dmp

Filesize
436KB

Download
memory/1244-125-0x00000000029F0000-0x0000000002A5D000-memory.dmp

Filesize
436KB

Download
memory/1244-127-0x00000000029F0000-0x0000000002A5D000-memory.dmp

Filesize
436KB

Download
memory/1244-126-0x00000000029F0000-0x0000000002A5D000-memory.dmp

Filesize
436KB

Download
memory/1244-124-0x00000000029F0000-0x0000000002A5D000-memory.dmp

Filesize
436KB

Download
memory/1468-103-0x0000000000000000-mapping.dmp

Download
memory/1544-108-0x0000000000000000-mapping.dmp

Download
memory/1544-74-0x0000000000000000-mapping.dmp

Download
memory/1552-101-0x0000000000000000-mapping.dmp

Download
memory/1640-105-0x0000000000000000-mapping.dmp

Download
memory/1748-109-0x0000000000000000-mapping.dmp

Download
memory/1752-60-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-68-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-71-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-64-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-65-0x000000000044DDB6-mapping.dmp

Download
memory/1752-62-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-57-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-67-0x0000000075C81000-0x0000000075C83000-memory.dmp

Filesize
8KB

Download
memory/1752-59-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-96-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-56-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-70-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1752-69-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1876-129-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads