acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c

General

Target

acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe
Size

461KB
MD5

e8a7b348b9f51d443b78c154b08f5aa7
SHA1

62c07682de518a773a7d10f083c90012a3e3a2fa
SHA256

acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c
SHA512

f56b8382fa95b7be3af8799b019c9fec8370ee3640f2437d9567dce01dde6033a15385f1eb26b9586e5d447bd1d09429cf9e60b3013f68059f787f3888065701
SSDEEP

12288:GzFy3iABA9kWmfgvOYaMeMMz8H1YcTndt:683iABDIOYkvo1YOz

Score

10^/10

evasion persistence spyware stealer trojan

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	reg.exe

UAC bypass 3 TTPs 1 IoCs
evasion trojan

Bypass User Account Control
T1088

Disabling Security Tools
T1089

Modify Registry
T1112

Processes:

reg.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" reg.exe
Executes dropped EXE 4 IoCs

Processes:

LaEcUQgM.exenKIAAQwo.exeSiIwUEUs.exeBginfo.exe

pid process

4620 LaEcUQgM.exe
4856 nKIAAQwo.exe
1212 SiIwUEUs.exe
4244 Bginfo.exe
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

LaEcUQgM.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation LaEcUQgM.exe
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	reg.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	LaEcUQgM.exe

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

LaEcUQgM.exeacd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exenKIAAQwo.exeSiIwUEUs.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LaEcUQgM.exe = "C:\\Users\\Admin\\ksoIgcEg\\LaEcUQgM.exe"	LaEcUQgM.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nKIAAQwo.exe = "C:\\ProgramData\\wiUYsIsk\\nKIAAQwo.exe"	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nKIAAQwo.exe = "C:\\ProgramData\\wiUYsIsk\\nKIAAQwo.exe"	nKIAAQwo.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\nKIAAQwo.exe = "C:\\ProgramData\\wiUYsIsk\\nKIAAQwo.exe"	SiIwUEUs.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LaEcUQgM.exe = "C:\\Users\\Admin\\ksoIgcEg\\LaEcUQgM.exe"	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe

Drops file in System32 directory 5 IoCs

Processes:

SiIwUEUs.exeLaEcUQgM.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\ksoIgcEg	SiIwUEUs.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\ksoIgcEg\LaEcUQgM	SiIwUEUs.exe
File created	C:\Windows\SysWOW64\shell32.dll.exe	LaEcUQgM.exe
File opened for modification	C:\Windows\SysWOW64\sheOpenGroup.zip	LaEcUQgM.exe
File opened for modification	C:\Windows\SysWOW64\sheWatchSend.docx	LaEcUQgM.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Modifies registry key 1 TTPs 3 IoCs

Modify Registry
T1112

Processes:

reg.exereg.exereg.exe

pid process

1584 reg.exe
3276 reg.exe
4304 reg.exe

pid	process
1584	reg.exe
3276	reg.exe
4304	reg.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exeLaEcUQgM.exe

pid	process
1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe
1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe
1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe
1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

LaEcUQgM.exe

pid process

4620 LaEcUQgM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

LaEcUQgM.exe

pid	process
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe
4620	LaEcUQgM.exe

Suspicious use of WriteProcessMemory 20 IoCs

Processes:

acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.execmd.exe

description	pid	process	target process
PID 1168 wrote to memory of 4620	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	LaEcUQgM.exe
PID 1168 wrote to memory of 4620	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	LaEcUQgM.exe
PID 1168 wrote to memory of 4620	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	LaEcUQgM.exe
PID 1168 wrote to memory of 4856	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	nKIAAQwo.exe
PID 1168 wrote to memory of 4856	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	nKIAAQwo.exe
PID 1168 wrote to memory of 4856	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	nKIAAQwo.exe
PID 1168 wrote to memory of 4236	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	cmd.exe
PID 1168 wrote to memory of 4236	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	cmd.exe
PID 1168 wrote to memory of 4236	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	cmd.exe
PID 1168 wrote to memory of 3276	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	reg.exe
PID 1168 wrote to memory of 3276	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	reg.exe
PID 1168 wrote to memory of 3276	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	reg.exe
PID 1168 wrote to memory of 4304	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	reg.exe
PID 1168 wrote to memory of 4304	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	reg.exe
PID 1168 wrote to memory of 4304	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	reg.exe
PID 1168 wrote to memory of 1584	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	reg.exe
PID 1168 wrote to memory of 1584	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	reg.exe
PID 1168 wrote to memory of 1584	1168	acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe	reg.exe
PID 4236 wrote to memory of 4244	4236	cmd.exe	Bginfo.exe
PID 4236 wrote to memory of 4244	4236	cmd.exe	Bginfo.exe

C:\Users\Admin\AppData\Local\Temp\acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe
"C:\Users\Admin\AppData\Local\Temp\acd5a88aa43ce33d08853a5886d331b4e36ff1d648687e99d1821ad12a09f07c.exe"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1168

C:\Users\Admin\ksoIgcEg\LaEcUQgM.exe
"C:\Users\Admin\ksoIgcEg\LaEcUQgM.exe"
2⤵
- Executes dropped EXE
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:4620

C:\ProgramData\wiUYsIsk\nKIAAQwo.exe
"C:\ProgramData\wiUYsIsk\nKIAAQwo.exe"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4856

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\Bginfo.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:4236

C:\Users\Admin\AppData\Local\Temp\Bginfo.exe
C:\Users\Admin\AppData\Local\Temp\Bginfo.exe
3⤵
- Executes dropped EXE
PID:4244

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
2⤵
- Modifies visibility of file extensions in Explorer
- Modifies registry key
PID:3276

C:\Windows\SysWOW64\reg.exe
reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
2⤵
- Modifies registry key
PID:4304

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
2⤵
- UAC bypass
- Modifies registry key
PID:1584

C:\ProgramData\LaYgwgEY\SiIwUEUs.exe
C:\ProgramData\LaYgwgEY\SiIwUEUs.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
PID:1212

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1

T1158

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Bypass User Account Control

1

T1088

Defense Evasion

Hidden Files and Directories

1

T1158

Modify Registry

4

T1112

Bypass User Account Control

1

T1088

Disabling Security Tools

1

T1089

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\LaYgwgEY\SiIwUEUs.exe
Filesize
430KB

MD5
4fd4bfa512163551bb5042357564d16e

SHA1
1c5d7d99d4ed2a4f3a071c47f0b40880e3005675

SHA256
ca8e23981790e2bab1283cc0919a42b30875d71b71c9c16387ddd8e74f061866

SHA512
921161f5a30d5b92b93aca7deef261ff913bfbb1c3b6a19565e8fdfe9bbcd23b15ddf079cb0aa4f0221631efd3c7adf91af3ffb92edc18824de1d84cf1cda1d8

Download Submit
C:\ProgramData\LaYgwgEY\SiIwUEUs.exe
Filesize
430KB

MD5
4fd4bfa512163551bb5042357564d16e

SHA1
1c5d7d99d4ed2a4f3a071c47f0b40880e3005675

SHA256
ca8e23981790e2bab1283cc0919a42b30875d71b71c9c16387ddd8e74f061866

SHA512
921161f5a30d5b92b93aca7deef261ff913bfbb1c3b6a19565e8fdfe9bbcd23b15ddf079cb0aa4f0221631efd3c7adf91af3ffb92edc18824de1d84cf1cda1d8

Download Submit
C:\ProgramData\wiUYsIsk\nKIAAQwo.exe
Filesize
435KB

MD5
4ad430e97681c1d35d47350dd188398e

SHA1
6e97e6c978899a9fb4384d0edca7a19f8a08aa23

SHA256
fa107a04cb5b864ff5d1f060289013dd38122a61dd778ba70dcf666b10654102

SHA512
8d886e7ce4a914cafb90fbedc5c727c1bc68bc3078d2016ab28c98d84edae786aa41559c35a244c1e0a021459749670de938df5acf670b26e5e9579654631e1b

Download Submit
C:\ProgramData\wiUYsIsk\nKIAAQwo.exe
Filesize
435KB

MD5
4ad430e97681c1d35d47350dd188398e

SHA1
6e97e6c978899a9fb4384d0edca7a19f8a08aa23

SHA256
fa107a04cb5b864ff5d1f060289013dd38122a61dd778ba70dcf666b10654102

SHA512
8d886e7ce4a914cafb90fbedc5c727c1bc68bc3078d2016ab28c98d84edae786aa41559c35a244c1e0a021459749670de938df5acf670b26e5e9579654631e1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bginfo.exe
Filesize
24KB

MD5
3a27fd258bb0e1818d7e3fce30e44e3e

SHA1
e95ea3176bbae09447a2ecc153b1b0bb0fd45a29

SHA256
7aa24d2941eccdc947aad16abf37a70178be453e059799347dae9366cbddda83

SHA512
4ade674030d0dad9d8b3effc73b168322733a159e3e559790b1ab80a8afcd146d94cb298c7aaa67b2bdfa92a1bad4ae46d9da178ab93fc0af94102e1265b5463

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bginfo.exe
Filesize
24KB

MD5
3a27fd258bb0e1818d7e3fce30e44e3e

SHA1
e95ea3176bbae09447a2ecc153b1b0bb0fd45a29

SHA256
7aa24d2941eccdc947aad16abf37a70178be453e059799347dae9366cbddda83

SHA512
4ade674030d0dad9d8b3effc73b168322733a159e3e559790b1ab80a8afcd146d94cb298c7aaa67b2bdfa92a1bad4ae46d9da178ab93fc0af94102e1265b5463

Download Submit
C:\Users\Admin\ksoIgcEg\LaEcUQgM.exe
Filesize
431KB

MD5
99016928a798bff5bb7863389a6024f4

SHA1
6c47f19416170ea2561ddbedd656338ee6fbf586

SHA256
e8a4dec18351680cd5474f458db08773a7b8670d3ad8346b813ad0348640c900

SHA512
3ec09b368be1aaf2aaa07be75f1b061da62c092c65d9285b1ed0dfcf78b60815921756c78bbc753a82a966d3f0658d4f9b9da9bd6463fd1efc6082cffc863c2a

Download Submit
C:\Users\Admin\ksoIgcEg\LaEcUQgM.exe
Filesize
431KB

MD5
99016928a798bff5bb7863389a6024f4

SHA1
6c47f19416170ea2561ddbedd656338ee6fbf586

SHA256
e8a4dec18351680cd5474f458db08773a7b8670d3ad8346b813ad0348640c900

SHA512
3ec09b368be1aaf2aaa07be75f1b061da62c092c65d9285b1ed0dfcf78b60815921756c78bbc753a82a966d3f0658d4f9b9da9bd6463fd1efc6082cffc863c2a

Download Submit
memory/1168-132-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1168-157-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1168-153-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/1212-143-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/1584-147-0x0000000000000000-mapping.dmp

Download
memory/3276-145-0x0000000000000000-mapping.dmp

Download
memory/4236-144-0x0000000000000000-mapping.dmp

Download
memory/4244-152-0x00007FFBC8BD0000-0x00007FFBC9691000-memory.dmp

Filesize
10.8MB

Download
memory/4244-148-0x0000000000000000-mapping.dmp

Download
memory/4244-156-0x00007FFBC8BD0000-0x00007FFBC9691000-memory.dmp

Filesize
10.8MB

Download
memory/4244-151-0x0000000000110000-0x000000000011C000-memory.dmp

Filesize
48KB

Download
memory/4304-146-0x0000000000000000-mapping.dmp

Download
memory/4620-136-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4620-154-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/4620-133-0x0000000000000000-mapping.dmp

Download
memory/4856-140-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/4856-155-0x0000000000400000-0x0000000000470000-memory.dmp

Filesize
448KB

Download
memory/4856-137-0x0000000000000000-mapping.dmp

Download

pid	process
4620	LaEcUQgM.exe
4856	nKIAAQwo.exe
1212	SiIwUEUs.exe
4244	Bginfo.exe

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads