a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657

Analysis

max time kernel
90s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 19:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe
Size

426KB
MD5

d104ed6809cccf794135204478f634c2
SHA1

e05a1cdc30127dd38be0db9afe5828c0f91d99c2
SHA256

a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657
SHA512

9ef7b8fa820073dbe208bde9742395e8e660b0313cab137e898d4cc52dec0103b6ca0da76a248363690e96de3a768589ea235840886baccf1dc9a4da697013dd
SSDEEP

6144:SDhCdYx7WL5dNy0uewsL5iOjA+/g/vfV4xjhuoNiYQSRgJ7Ui71bhzYof:S8k7hZoL5iB+/g/VOsoxQ+871bR

Score

10^/10

bootkit evasion persistence

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Processes:

a26Tj8V6.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	a26Tj8V6.exe

Executes dropped EXE 5 IoCs

Processes:

a26Tj8V6.exebob.exeboc.exeboc.exeteuxe.exe

pid process

1536 a26Tj8V6.exe
2044 bob.exe
1500 boc.exe
2000 boc.exe
820 teuxe.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

952 cmd.exe

pid	process
1536	a26Tj8V6.exe
2044	bob.exe
1500	boc.exe
2000	boc.exe
820	teuxe.exe

pid	process
952	cmd.exe

Loads dropped DLL 8 IoCs

Processes:

a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exea26Tj8V6.exe

pid	process
552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe
552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe
552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe
552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe
552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe
552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe
1536	a26Tj8V6.exe
1536	a26Tj8V6.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

a26Tj8V6.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\	a26Tj8V6.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\teuxe = "C:\\Users\\Admin\\teuxe.exe /c"	a26Tj8V6.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

bob.exe

description ioc process

File opened for modification \??\physicaldrive0 bob.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

boc.exe

description pid process target process

PID 1500 set thread context of 2000 1500 boc.exe boc.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery
T1057

Processes:

tasklist.exe

pid process

668 tasklist.exe

description	ioc	process
File opened for modification	\??\physicaldrive0	bob.exe

description	pid	process	target process
PID 1500 set thread context of 2000	1500	boc.exe	boc.exe

pid	process
668	tasklist.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

boc.exea26Tj8V6.exe

pid	process
2000	boc.exe
1536	a26Tj8V6.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe
2000	boc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bob.exe

description pid process

Token: SeShutdownPrivilege 2044 bob.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

a26Tj8V6.exeteuxe.exe

pid process

1536 a26Tj8V6.exe
820 teuxe.exe

description	pid	process
Token: SeShutdownPrivilege	2044	bob.exe

pid	process
1536	a26Tj8V6.exe
820	teuxe.exe

Suspicious use of WriteProcessMemory 41 IoCs

Processes:

a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exeboc.exea26Tj8V6.execmd.exeteuxe.exe

description	pid	process	target process
PID 552 wrote to memory of 1536	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	a26Tj8V6.exe
PID 552 wrote to memory of 1536	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	a26Tj8V6.exe
PID 552 wrote to memory of 1536	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	a26Tj8V6.exe
PID 552 wrote to memory of 1536	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	a26Tj8V6.exe
PID 552 wrote to memory of 2044	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	bob.exe
PID 552 wrote to memory of 2044	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	bob.exe
PID 552 wrote to memory of 2044	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	bob.exe
PID 552 wrote to memory of 2044	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	bob.exe
PID 552 wrote to memory of 1500	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	boc.exe
PID 552 wrote to memory of 1500	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	boc.exe
PID 552 wrote to memory of 1500	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	boc.exe
PID 552 wrote to memory of 1500	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	boc.exe
PID 552 wrote to memory of 952	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	cmd.exe
PID 552 wrote to memory of 952	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	cmd.exe
PID 552 wrote to memory of 952	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	cmd.exe
PID 552 wrote to memory of 952	552	a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe	cmd.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1500 wrote to memory of 2000	1500	boc.exe	boc.exe
PID 1536 wrote to memory of 820	1536	a26Tj8V6.exe	teuxe.exe
PID 1536 wrote to memory of 820	1536	a26Tj8V6.exe	teuxe.exe
PID 1536 wrote to memory of 820	1536	a26Tj8V6.exe	teuxe.exe
PID 1536 wrote to memory of 820	1536	a26Tj8V6.exe	teuxe.exe
PID 1536 wrote to memory of 1160	1536	a26Tj8V6.exe	cmd.exe
PID 1536 wrote to memory of 1160	1536	a26Tj8V6.exe	cmd.exe
PID 1536 wrote to memory of 1160	1536	a26Tj8V6.exe	cmd.exe
PID 1536 wrote to memory of 1160	1536	a26Tj8V6.exe	cmd.exe
PID 1160 wrote to memory of 668	1160	cmd.exe	tasklist.exe
PID 1160 wrote to memory of 668	1160	cmd.exe	tasklist.exe
PID 1160 wrote to memory of 668	1160	cmd.exe	tasklist.exe
PID 1160 wrote to memory of 668	1160	cmd.exe	tasklist.exe
PID 820 wrote to memory of 668	820	teuxe.exe	tasklist.exe
PID 820 wrote to memory of 668	820	teuxe.exe	tasklist.exe

C:\Users\Admin\AppData\Local\Temp\a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe
"C:\Users\Admin\AppData\Local\Temp\a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:552

C:\Users\Admin\a26Tj8V6.exe
a26Tj8V6.exe
2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1536

C:\Users\Admin\teuxe.exe
"C:\Users\Admin\teuxe.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:820

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c tasklist&&del a26Tj8V6.exe
3⤵
- Suspicious use of WriteProcessMemory
PID:1160

C:\Windows\SysWOW64\tasklist.exe
tasklist
4⤵
- Enumerates processes with tasklist
PID:668

C:\Users\Admin\bob.exe
bob.exe
2⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:2044

C:\Users\Admin\boc.exe
boc.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1500

C:\Users\Admin\boc.exe
boc.exe
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2000

C:\Windows\SysWOW64\cmd.exe
cmd /c del a7fd07dc0abb12be563200627164211884534fda523606ac5eb17572f64b3657.exe
2⤵
- Deletes itself
PID:952

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Process Discovery

T1057

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\a26Tj8V6.exe
Filesize
152KB

MD5
8cc33bea0a846510b2f0d0d7b350c564

SHA1
115b10b8717ebabf66c358fd72b7709316e9a1dc

SHA256
11d7b9cc464608898d69168dcd6f377b7fcb1c95083c6603e5dc45db2f4e423e

SHA512
fcd4050fd2b42ec58f7a6a4d612e1186a02265d2da50d13ac70489cf714de066cf1b121157b6c3f616251bb629436f3a45b9fd1f65e8228188a09b9feb3b5bfd

Download Submit
C:\Users\Admin\a26Tj8V6.exe
Filesize
152KB

MD5
8cc33bea0a846510b2f0d0d7b350c564

SHA1
115b10b8717ebabf66c358fd72b7709316e9a1dc

SHA256
11d7b9cc464608898d69168dcd6f377b7fcb1c95083c6603e5dc45db2f4e423e

SHA512
fcd4050fd2b42ec58f7a6a4d612e1186a02265d2da50d13ac70489cf714de066cf1b121157b6c3f616251bb629436f3a45b9fd1f65e8228188a09b9feb3b5bfd

Download Submit
C:\Users\Admin\bob.exe
Filesize
223KB

MD5
7f0f3f5ade2f14700f469d77142d2cc0

SHA1
4adbd5775ffc9b200d4c801b166476d1ddc1f7d6

SHA256
f9c16abdffcf75ffec12e4d244f811f568764731260e5d2ff08deecd514c1f89

SHA512
fe669cf66683935751c6df4321caf9c14efe82365a4fb3aa81e2293d00d6cb825812339d394706161e948482f619628a2e9a3db1c02960172773c8757315136c

Download Submit
C:\Users\Admin\bob.exe
Filesize
223KB

MD5
7f0f3f5ade2f14700f469d77142d2cc0

SHA1
4adbd5775ffc9b200d4c801b166476d1ddc1f7d6

SHA256
f9c16abdffcf75ffec12e4d244f811f568764731260e5d2ff08deecd514c1f89

SHA512
fe669cf66683935751c6df4321caf9c14efe82365a4fb3aa81e2293d00d6cb825812339d394706161e948482f619628a2e9a3db1c02960172773c8757315136c

Download Submit
C:\Users\Admin\boc.exe
Filesize
148KB

MD5
ddecfba8af9f77d9f872d36860b7ef8d

SHA1
7f85f3433bcd538337bf7c41668aee9a7b005fcb

SHA256
0c9b8ea62805169b46d5cfe06c2b402a54658577a272269279976f5cc3fdf6a4

SHA512
4ab4f7c8eebe16f6e97b1121f9bef9e82a01d1079a04eb52ede4aeafb4fa7431a0861c0ce3f4f389bef0ba35090eef2f21b50712dba34dd66fa51f7d7f9371ca

Download Submit
C:\Users\Admin\boc.exe
Filesize
148KB

MD5
ddecfba8af9f77d9f872d36860b7ef8d

SHA1
7f85f3433bcd538337bf7c41668aee9a7b005fcb

SHA256
0c9b8ea62805169b46d5cfe06c2b402a54658577a272269279976f5cc3fdf6a4

SHA512
4ab4f7c8eebe16f6e97b1121f9bef9e82a01d1079a04eb52ede4aeafb4fa7431a0861c0ce3f4f389bef0ba35090eef2f21b50712dba34dd66fa51f7d7f9371ca

Download Submit
C:\Users\Admin\boc.exe
Filesize
148KB

MD5
ddecfba8af9f77d9f872d36860b7ef8d

SHA1
7f85f3433bcd538337bf7c41668aee9a7b005fcb

SHA256
0c9b8ea62805169b46d5cfe06c2b402a54658577a272269279976f5cc3fdf6a4

SHA512
4ab4f7c8eebe16f6e97b1121f9bef9e82a01d1079a04eb52ede4aeafb4fa7431a0861c0ce3f4f389bef0ba35090eef2f21b50712dba34dd66fa51f7d7f9371ca

Download Submit
C:\Users\Admin\teuxe.exe
Filesize
152KB

MD5
4c90854792b86520de338edad1c9f368

SHA1
85ec3f14257472add898eaff83530bee400dbd5f

SHA256
cfe04ccacac0f45c49747163bec740d0dd98efbb7badd850eec48829169a6bf7

SHA512
18104f2110c7fe80ef11d4f692d9d02c12fdf81ba37047955eba6668e88ccf1bf8addcbe7ce7cd6c247019c2889d8091b6f64bb2d9cd416bd0ef082ee8420dd5

Download Submit
C:\Users\Admin\teuxe.exe
Filesize
152KB

MD5
4c90854792b86520de338edad1c9f368

SHA1
85ec3f14257472add898eaff83530bee400dbd5f

SHA256
cfe04ccacac0f45c49747163bec740d0dd98efbb7badd850eec48829169a6bf7

SHA512
18104f2110c7fe80ef11d4f692d9d02c12fdf81ba37047955eba6668e88ccf1bf8addcbe7ce7cd6c247019c2889d8091b6f64bb2d9cd416bd0ef082ee8420dd5

Download Submit
\Users\Admin\a26Tj8V6.exe
Filesize
152KB

MD5
8cc33bea0a846510b2f0d0d7b350c564

SHA1
115b10b8717ebabf66c358fd72b7709316e9a1dc

SHA256
11d7b9cc464608898d69168dcd6f377b7fcb1c95083c6603e5dc45db2f4e423e

SHA512
fcd4050fd2b42ec58f7a6a4d612e1186a02265d2da50d13ac70489cf714de066cf1b121157b6c3f616251bb629436f3a45b9fd1f65e8228188a09b9feb3b5bfd

Download Submit
\Users\Admin\a26Tj8V6.exe
Filesize
152KB

MD5
8cc33bea0a846510b2f0d0d7b350c564

SHA1
115b10b8717ebabf66c358fd72b7709316e9a1dc

SHA256
11d7b9cc464608898d69168dcd6f377b7fcb1c95083c6603e5dc45db2f4e423e

SHA512
fcd4050fd2b42ec58f7a6a4d612e1186a02265d2da50d13ac70489cf714de066cf1b121157b6c3f616251bb629436f3a45b9fd1f65e8228188a09b9feb3b5bfd

Download Submit
\Users\Admin\bob.exe
Filesize
223KB

MD5
7f0f3f5ade2f14700f469d77142d2cc0

SHA1
4adbd5775ffc9b200d4c801b166476d1ddc1f7d6

SHA256
f9c16abdffcf75ffec12e4d244f811f568764731260e5d2ff08deecd514c1f89

SHA512
fe669cf66683935751c6df4321caf9c14efe82365a4fb3aa81e2293d00d6cb825812339d394706161e948482f619628a2e9a3db1c02960172773c8757315136c

Download Submit
\Users\Admin\bob.exe
Filesize
223KB

MD5
7f0f3f5ade2f14700f469d77142d2cc0

SHA1
4adbd5775ffc9b200d4c801b166476d1ddc1f7d6

SHA256
f9c16abdffcf75ffec12e4d244f811f568764731260e5d2ff08deecd514c1f89

SHA512
fe669cf66683935751c6df4321caf9c14efe82365a4fb3aa81e2293d00d6cb825812339d394706161e948482f619628a2e9a3db1c02960172773c8757315136c

Download Submit
\Users\Admin\boc.exe
Filesize
148KB

MD5
ddecfba8af9f77d9f872d36860b7ef8d

SHA1
7f85f3433bcd538337bf7c41668aee9a7b005fcb

SHA256
0c9b8ea62805169b46d5cfe06c2b402a54658577a272269279976f5cc3fdf6a4

SHA512
4ab4f7c8eebe16f6e97b1121f9bef9e82a01d1079a04eb52ede4aeafb4fa7431a0861c0ce3f4f389bef0ba35090eef2f21b50712dba34dd66fa51f7d7f9371ca

Download Submit
\Users\Admin\boc.exe
Filesize
148KB

MD5
ddecfba8af9f77d9f872d36860b7ef8d

SHA1
7f85f3433bcd538337bf7c41668aee9a7b005fcb

SHA256
0c9b8ea62805169b46d5cfe06c2b402a54658577a272269279976f5cc3fdf6a4

SHA512
4ab4f7c8eebe16f6e97b1121f9bef9e82a01d1079a04eb52ede4aeafb4fa7431a0861c0ce3f4f389bef0ba35090eef2f21b50712dba34dd66fa51f7d7f9371ca

Download Submit
\Users\Admin\teuxe.exe
Filesize
152KB

MD5
4c90854792b86520de338edad1c9f368

SHA1
85ec3f14257472add898eaff83530bee400dbd5f

SHA256
cfe04ccacac0f45c49747163bec740d0dd98efbb7badd850eec48829169a6bf7

SHA512
18104f2110c7fe80ef11d4f692d9d02c12fdf81ba37047955eba6668e88ccf1bf8addcbe7ce7cd6c247019c2889d8091b6f64bb2d9cd416bd0ef082ee8420dd5

Download Submit
\Users\Admin\teuxe.exe
Filesize
152KB

MD5
4c90854792b86520de338edad1c9f368

SHA1
85ec3f14257472add898eaff83530bee400dbd5f

SHA256
cfe04ccacac0f45c49747163bec740d0dd98efbb7badd850eec48829169a6bf7

SHA512
18104f2110c7fe80ef11d4f692d9d02c12fdf81ba37047955eba6668e88ccf1bf8addcbe7ce7cd6c247019c2889d8091b6f64bb2d9cd416bd0ef082ee8420dd5

Download Submit
memory/668-102-0x0000000000000000-mapping.dmp

Download
memory/820-94-0x0000000000000000-mapping.dmp

Download
memory/952-68-0x0000000000000000-mapping.dmp

Download
memory/1160-101-0x0000000000000000-mapping.dmp

Download
memory/1500-65-0x0000000000000000-mapping.dmp

Download
memory/1536-56-0x0000000000000000-mapping.dmp

Download
memory/2000-90-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2000-76-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2000-78-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2000-75-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2000-84-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2000-88-0x00000000004012A0-mapping.dmp

Download
memory/2000-86-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2000-80-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2000-82-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2044-72-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2044-71-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download
memory/2044-70-0x0000000000230000-0x0000000000294000-memory.dmp

Filesize
400KB

Download
memory/2044-60-0x0000000000000000-mapping.dmp

Download
memory/2044-73-0x0000000000230000-0x0000000000294000-memory.dmp

Filesize
400KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads