e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef

General

Target

e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
Size

29KB
MD5

e61f2a51d5a73f72d233a22f0e0f68e0
SHA1

4b8316d949b5d1af88db2d8fe78d3e6dc77e685c
SHA256

e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef
SHA512

bbb471b0116d64cd8d2be8f3f8288274b5d775ae08d18256b46deb034f1929cf54f31603b4df8f1531fa9181875ae173320c1faa3c28a88ff8b6e7f19d36a4ce
SSDEEP

768:cxCg6GBEaQ0XhoM1hy6S5n00gcAycuYlA8H6v:cxC/GBm0SM1hy6SG0gNycudF

Score

8^/10

discovery exploit

Malware Config

Signatures

Possible privilege escalation attempt 6 IoCs
exploit

Processes:

takeown.exeicacls.exetakeown.exeicacls.exetakeown.exeicacls.exe

pid process

1924 takeown.exe
576 icacls.exe
1768 takeown.exe
1540 icacls.exe
1840 takeown.exe
1020 icacls.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

332 cmd.exe
Modifies file permissions 1 TTPs 6 IoCs
discovery

File Permissions Modification
T1222

Processes:

icacls.exetakeown.exeicacls.exetakeown.exeicacls.exetakeown.exe

pid process

1540 icacls.exe
1840 takeown.exe
1020 icacls.exe
1924 takeown.exe
576 icacls.exe
1768 takeown.exe

pid	process
1924	takeown.exe
576	icacls.exe
1768	takeown.exe
1540	icacls.exe
1840	takeown.exe
1020	icacls.exe

pid	process
332	cmd.exe

pid	process
1540	icacls.exe
1840	takeown.exe
1020	icacls.exe
1924	takeown.exe
576	icacls.exe
1768	takeown.exe

Drops file in System32 directory 10 IoCs

Processes:

e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\123DB82.tmp	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
File opened for modification	C:\Windows\SysWOW64\123563E.tmp	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
File opened for modification	C:\Windows\SysWOW64\12361F2.tmp	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
File opened for modification	C:\Windows\syswow64\12361F2.tmp	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
File created	C:\Windows\SysWOW64\dllcache\midimap.dll	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
File opened for modification	C:\Windows\syswow64\123DB82.tmp	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
File created	C:\Windows\SysWOW64\dllcache\iphlpapi.dll	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
File opened for modification	C:\Windows\syswow64\123563E.tmp	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
File created	C:\Windows\SysWOW64\dllcache\rasadhlp.dll	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
File created	C:\Windows\SysWOW64\sxload.tmp	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe

Drops file in Program Files directory 1 IoCs

Processes:

e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe

description ioc process

File created C:\Program Files (x86)\Common Files\sxmy.tmp e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

1632 taskkill.exe
1392 taskkill.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe

pid process

1616 e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\sxmy.tmp	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe

pid	process
1632	taskkill.exe
1392	taskkill.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exetakeown.exetaskkill.exetaskkill.exe

description	pid	process
Token: SeDebugPrivilege	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
Token: SeTakeOwnershipPrivilege	1924	takeown.exe
Token: SeDebugPrivilege	1632	taskkill.exe
Token: SeDebugPrivilege	1392	taskkill.exe

Suspicious use of FindShellTrayWindow 12 IoCs

Processes:

e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe

pid	process
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe

Suspicious use of WriteProcessMemory 60 IoCs

Processes:

e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.execmd.execmd.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 1616 wrote to memory of 888	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 888	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 888	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 888	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 888 wrote to memory of 1492	888	cmd.exe	cmd.exe
PID 888 wrote to memory of 1492	888	cmd.exe	cmd.exe
PID 888 wrote to memory of 1492	888	cmd.exe	cmd.exe
PID 888 wrote to memory of 1492	888	cmd.exe	cmd.exe
PID 1492 wrote to memory of 1924	1492	cmd.exe	takeown.exe
PID 1492 wrote to memory of 1924	1492	cmd.exe	takeown.exe
PID 1492 wrote to memory of 1924	1492	cmd.exe	takeown.exe
PID 1492 wrote to memory of 1924	1492	cmd.exe	takeown.exe
PID 888 wrote to memory of 576	888	cmd.exe	icacls.exe
PID 888 wrote to memory of 576	888	cmd.exe	icacls.exe
PID 888 wrote to memory of 576	888	cmd.exe	icacls.exe
PID 888 wrote to memory of 576	888	cmd.exe	icacls.exe
PID 1616 wrote to memory of 388	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 388	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 388	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 388	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 388 wrote to memory of 1604	388	cmd.exe	cmd.exe
PID 388 wrote to memory of 1604	388	cmd.exe	cmd.exe
PID 388 wrote to memory of 1604	388	cmd.exe	cmd.exe
PID 388 wrote to memory of 1604	388	cmd.exe	cmd.exe
PID 1604 wrote to memory of 1768	1604	cmd.exe	takeown.exe
PID 1604 wrote to memory of 1768	1604	cmd.exe	takeown.exe
PID 1604 wrote to memory of 1768	1604	cmd.exe	takeown.exe
PID 1604 wrote to memory of 1768	1604	cmd.exe	takeown.exe
PID 388 wrote to memory of 1540	388	cmd.exe	icacls.exe
PID 388 wrote to memory of 1540	388	cmd.exe	icacls.exe
PID 388 wrote to memory of 1540	388	cmd.exe	icacls.exe
PID 388 wrote to memory of 1540	388	cmd.exe	icacls.exe
PID 1616 wrote to memory of 1880	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 1880	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 1880	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 1880	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1880 wrote to memory of 908	1880	cmd.exe	cmd.exe
PID 1880 wrote to memory of 908	1880	cmd.exe	cmd.exe
PID 1880 wrote to memory of 908	1880	cmd.exe	cmd.exe
PID 1880 wrote to memory of 908	1880	cmd.exe	cmd.exe
PID 908 wrote to memory of 1840	908	cmd.exe	takeown.exe
PID 908 wrote to memory of 1840	908	cmd.exe	takeown.exe
PID 908 wrote to memory of 1840	908	cmd.exe	takeown.exe
PID 908 wrote to memory of 1840	908	cmd.exe	takeown.exe
PID 1880 wrote to memory of 1020	1880	cmd.exe	icacls.exe
PID 1880 wrote to memory of 1020	1880	cmd.exe	icacls.exe
PID 1880 wrote to memory of 1020	1880	cmd.exe	icacls.exe
PID 1880 wrote to memory of 1020	1880	cmd.exe	icacls.exe
PID 1616 wrote to memory of 1632	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	taskkill.exe
PID 1616 wrote to memory of 1632	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	taskkill.exe
PID 1616 wrote to memory of 1632	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	taskkill.exe
PID 1616 wrote to memory of 1632	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	taskkill.exe
PID 1616 wrote to memory of 1392	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	taskkill.exe
PID 1616 wrote to memory of 1392	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	taskkill.exe
PID 1616 wrote to memory of 1392	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	taskkill.exe
PID 1616 wrote to memory of 1392	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	taskkill.exe
PID 1616 wrote to memory of 332	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 332	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 332	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe
PID 1616 wrote to memory of 332	1616	e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe
"C:\Users\Admin\AppData\Local\Temp\e27c3a1c932d7a7ad7df5ca65fb06a73caaa24c12bfba50e466f597d7fd5e3ef.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1616

C:\Windows\SysWOW64\cmd.exe
cmd /c 2.bat
2⤵
- Suspicious use of WriteProcessMemory
PID:888

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c takeown /f "C:\Windows\syswow64"
3⤵
- Suspicious use of WriteProcessMemory
PID:1492

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\syswow64"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
- Suspicious use of AdjustPrivilegeToken
PID:1924

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\syswow64" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:576

C:\Windows\SysWOW64\cmd.exe
cmd /c 2.bat
2⤵
- Suspicious use of WriteProcessMemory
PID:388

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c takeown /f "C:\Windows\syswow64"
3⤵
- Suspicious use of WriteProcessMemory
PID:1604

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\syswow64"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1768

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\syswow64" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1540

C:\Windows\SysWOW64\cmd.exe
cmd /c 2.bat
2⤵
- Suspicious use of WriteProcessMemory
PID:1880

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c takeown /f "C:\Windows\syswow64"
3⤵
- Suspicious use of WriteProcessMemory
PID:908

C:\Windows\SysWOW64\takeown.exe
takeown /f "C:\Windows\syswow64"
4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1840

C:\Windows\SysWOW64\icacls.exe
icacls "C:\Windows\syswow64" /grant administrators:F
3⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1020

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "soul.exe"
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1632

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "soul.exe"
2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1392

C:\Windows\SysWOW64\cmd.exe
cmd /c 1.bat
2⤵
- Deletes itself
PID:332

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1

T1222

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1.bat
Filesize
253B

MD5
a585ef13f0cb8cb72f430f6f36262b89

SHA1
431b0bbaa52f8a58aefe800996646f0854dc51e1

SHA256
1ae31ab07f3717b019a2495498baa63b253230ccde64756e6b718a811d162bc1

SHA512
63482056d1dea223c221989c6e546d2953ec76cc999c87c383ecc57fcaa4f248967cc4ea7e3c4eb10b4e3ceccebfb740db796e3dc3b4f76e09614fd949a3e12d

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat
Filesize
110B

MD5
521e37256443e6b3f2281f217476bf79

SHA1
81f0e2b65605f070782cbe241569c6b9a25bb9dc

SHA256
79ae97b29c3a714fa32b14c282716f1378ad8de73d6a6d954fdd7e1270bc411f

SHA512
23096a5eee45c7f2b278cf9385a0ea91b86c01332a096e56f1c8de336ca0bba77e0b1dbb6f2197b5c6a91c2ca093df356026c6452e4a022db79a6b555cb39025

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat
Filesize
110B

MD5
521e37256443e6b3f2281f217476bf79

SHA1
81f0e2b65605f070782cbe241569c6b9a25bb9dc

SHA256
79ae97b29c3a714fa32b14c282716f1378ad8de73d6a6d954fdd7e1270bc411f

SHA512
23096a5eee45c7f2b278cf9385a0ea91b86c01332a096e56f1c8de336ca0bba77e0b1dbb6f2197b5c6a91c2ca093df356026c6452e4a022db79a6b555cb39025

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat
Filesize
110B

MD5
521e37256443e6b3f2281f217476bf79

SHA1
81f0e2b65605f070782cbe241569c6b9a25bb9dc

SHA256
79ae97b29c3a714fa32b14c282716f1378ad8de73d6a6d954fdd7e1270bc411f

SHA512
23096a5eee45c7f2b278cf9385a0ea91b86c01332a096e56f1c8de336ca0bba77e0b1dbb6f2197b5c6a91c2ca093df356026c6452e4a022db79a6b555cb39025

Download Submit
C:\Windows\SysWOW64\dllcache\iphlpapi.dll
Filesize
101KB

MD5
0894ff9cb2f6ac6696b04351f5bfc422

SHA1
fa02fb7e2b343b7d467675a81afd088c877d641f

SHA256
f63abb152ab1ee993236a7b1b30b0b40be2aeab0edee9eb52fc465695190bb88

SHA512
493c7fa3cfb938c3b98704baad0be2519787cce465ee344fcd6450c5707b3d3bd0a834d35c33947b8a4dd95a2178b4dab0f5668abc8995dc4965532d5b8c33b7

Download Submit
C:\Windows\SysWOW64\dllcache\rasadhlp.dll
Filesize
11KB

MD5
f87a749e97c7a8c63406321aa604498f

SHA1
5da6a31742558d3f5e9ccde10304012230d2e0a7

SHA256
c54a7f4a32e9f6d19dbd80a7a52ea54f689956ee25e42bb6a168dc0ca3dd5946

SHA512
73fad4c4f9fb08a2a6ecc82695f18266600ad954ac50056c0db83c2dd3c5171c64e33bcced26ba06c9994c172d7c4c6fd979cd9d795e107f0bc28baa3becc97b

Download Submit
C:\Windows\SysWOW64\iphlpapi.dll
Filesize
101KB

MD5
0894ff9cb2f6ac6696b04351f5bfc422

SHA1
fa02fb7e2b343b7d467675a81afd088c877d641f

SHA256
f63abb152ab1ee993236a7b1b30b0b40be2aeab0edee9eb52fc465695190bb88

SHA512
493c7fa3cfb938c3b98704baad0be2519787cce465ee344fcd6450c5707b3d3bd0a834d35c33947b8a4dd95a2178b4dab0f5668abc8995dc4965532d5b8c33b7

Download Submit
C:\Windows\SysWOW64\rasadhlp.dll
Filesize
11KB

MD5
f87a749e97c7a8c63406321aa604498f

SHA1
5da6a31742558d3f5e9ccde10304012230d2e0a7

SHA256
c54a7f4a32e9f6d19dbd80a7a52ea54f689956ee25e42bb6a168dc0ca3dd5946

SHA512
73fad4c4f9fb08a2a6ecc82695f18266600ad954ac50056c0db83c2dd3c5171c64e33bcced26ba06c9994c172d7c4c6fd979cd9d795e107f0bc28baa3becc97b

Download Submit
memory/332-85-0x0000000000000000-mapping.dmp

Download
memory/388-63-0x0000000000000000-mapping.dmp

Download
memory/576-59-0x0000000000000000-mapping.dmp

Download
memory/888-55-0x0000000000000000-mapping.dmp

Download
memory/908-75-0x0000000000000000-mapping.dmp

Download
memory/1020-77-0x0000000000000000-mapping.dmp

Download
memory/1392-84-0x0000000000000000-mapping.dmp

Download
memory/1492-57-0x0000000000000000-mapping.dmp

Download
memory/1540-67-0x0000000000000000-mapping.dmp

Download
memory/1604-65-0x0000000000000000-mapping.dmp

Download
memory/1616-70-0x0000000073FB1000-0x0000000073FB3000-memory.dmp

Filesize
8KB

Download
memory/1616-54-0x0000000075701000-0x0000000075703000-memory.dmp

Filesize
8KB

Download
memory/1616-61-0x0000000073FE1000-0x0000000073FE3000-memory.dmp

Filesize
8KB

Download
memory/1616-60-0x0000000074191000-0x0000000074193000-memory.dmp

Filesize
8KB

Download
memory/1632-83-0x0000000000000000-mapping.dmp

Download
memory/1768-66-0x0000000000000000-mapping.dmp

Download
memory/1840-76-0x0000000000000000-mapping.dmp

Download
memory/1880-73-0x0000000000000000-mapping.dmp

Download
memory/1924-58-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads