b699e4c121e48e2108ceaf5e9a80114b011350acc6b6ac47c77ab5c9423a80d5

Analysis

max time kernel
39s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/12/2022, 22:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

winpay.exe
Size

639KB
MD5

81c60772a1207ed2087f221c657dd6ad
SHA1

053954e35b5063344331154c8a9d61833e2d5f9b
SHA256

b699e4c121e48e2108ceaf5e9a80114b011350acc6b6ac47c77ab5c9423a80d5
SHA512

03a35a11ae3883e151bc118a1398b32650beb86c81d1ee69b8602b10adc6e6b18ba506b28ea02899b4affa748227d9debf912a9c1a157c18a10d40af01ae5f22
SSDEEP

12288:kiKrJ7VPbSYAWPZTo+y9fIf0DGLsdWg9JU7wCWzwgvIQBpAhpgtXfLnQmn9jY9re:fKP5AkETBD8jgJUWNRpAhpg9QUjYNe

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1940	rubyw.exe

Loads dropped DLL 5 IoCs

pid	Process
900	winpay.exe
900	winpay.exe
1940	rubyw.exe
1940	rubyw.exe
1940	rubyw.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1940	900	winpay.exe	27
PID 900 wrote to memory of 1940	900	winpay.exe	27
PID 900 wrote to memory of 1940	900	winpay.exe	27
PID 900 wrote to memory of 1940	900	winpay.exe	27

C:\Users\Admin\AppData\Local\Temp\winpay.exe
"C:\Users\Admin\AppData\Local\Temp\winpay.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:900
- C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\bin\rubyw.exe
  rubyw.exe "C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\src\test.rb"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\bin\msvcrt-ruby18.dll

Filesize
815KB

MD5
8bb28aa8d3f2a09974b364aa294093d2

SHA1
1d3275b0c21813b4dd4a965745354a98d24d3a5c

SHA256
8a218e9c54c8fdf659637e7021857b6634cf7c329173dec62df91ce0cdf747cb

SHA512
cc05376591b206b98352e436b211ef1dfdc5e15c96ca6409af4932a8f805e9bd2c36b916cf46c9f116e5ea7bd5bf4a3a0dfbbedefdcba288451e4c33eade23ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\bin\rubyw.exe

Filesize
69KB

MD5
e9bf1e9b24a80e819ab3629852338945

SHA1
ea9609fc53733a329a64223bc5cfda3df0a20192

SHA256
b76b016a8bb443b58b21cfac7ab99a749d56fd47616f48af9cc5ce9323ba6c4e

SHA512
e8b9967cd1998683b79cc38c9681729cb5679ce12e52cad55c7027e5d6fb9c71b11c90646a7a06a947e000bc1d9edae6c02a9d741de70a6040df9cb24becc035

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\1.8\i386-mingw32\rbconfig.rb

Filesize
6KB

MD5
3028c277f150f02f62a0f2ef8e822a52

SHA1
f59c7a1ed45417ba8a5f1a5e314056e6c2d68e54

SHA256
9c670dd7d8f5676ae1748e4b31ac73544420527cd8e253cecedc90830b3dabbe

SHA512
9a2cf90e2143d2245cf02941576d0a455f94ca7d18a21e21b65c704f17f8a8c70dd64b4235c20f3714f8ce492166ac635c9e8f88acaca0bff84afb4ce6849c11

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\1.8\i386-mingw32\socket.so

Filesize
57KB

MD5
05c2d63c47408fcee38387eea9a6021c

SHA1
c6df63f310c3156b574b834ab7c6fa4b8805caf8

SHA256
f05d113fb07eae2aa62d2755d890b92889edffeb7aaf27595fd54aeb72e54359

SHA512
16e0a6788c471f6f05cea5ddaaa3465f83cc481b8af1a891c1165a6ee4b4397a7baae8e767b13d93cbf8a9911e25bbd8a0a7e323f9335921a39c7a82221ca2b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\gems\1.8\gems\win32-api-1.4.8-x86-mingw32\lib\win32\api.rb

Filesize
170B

MD5
d53df6fb015768d75e78df4d7baef5ff

SHA1
a853caf6c52785260ca29735378b93f8c6879143

SHA256
6360a9654d335814861b9df7d40192fa675d9610e6ede62edf3741b69b076808

SHA512
3f34ed5beb043282745e91f17000d1f89b27a6a86781aa1320559c16472e69d4434480535ffab6690c32958c5bf264daf1a9fb6309e9a27ba816493d7476079f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\gems\1.8\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby18\win32\api.so

Filesize
29KB

MD5
cebe040a23b7f5fdcceb5ffd7fffb68b

SHA1
74952ab2e0fe891616673de7eac6280a4e17dec0

SHA256
c3eebc6643e454dd1ac9e7491a639666e28b91f76322076bc4ced8aa3dd4345e

SHA512
552c13ef5b38950bda8b057ab17cdd457e71d214057995fb1598c0c225cb97e7c54fd894e1e36d5108a69225437eb28b19d1287f6ad45657851b01a9ebc88bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\gems\1.8\specifications\ocra-1.3.6.gemspec

Filesize
1KB

MD5
986bde44a5adf2fe229085d643b6c7be

SHA1
a748aa02974661e9321d289f07db8ddff5d36736

SHA256
abd8ed52c9a5582c15e6e8c49b15bde3f190098884095980760989ef347ab162

SHA512
6232066561f5a009d61683ed9b6520e4bcc530691928735bf04d34322ac2e2641fbcb12b4c83e819078b3728541851add460f719c6476bc7b3d935b35dd3eec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\gems\1.8\specifications\win32-api-1.4.8-x86-mingw32.gemspec

Filesize
1KB

MD5
3a472ac5dd825f6ead695bd3313f275a

SHA1
c9cf85b38c42ed94091e72208d174d2563dcfab2

SHA256
7d61ecba109bef9623b3fb21c6e31a706d47ec156b916c66a8d58f59a5737cf7

SHA512
e46a43e90bfc0b769dcc099cafc3991f487310a503a420f7f78c2958b2dc1eb04c481f707a4da1d4083e82be1fb97c4ca247d8cebb646cc2890543441409c1d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems.rb

Filesize
34KB

MD5
7946a7b60d5d0d5825066fe81e4009b1

SHA1
3d8daa20238e0c4599836dde1785bf001a52da07

SHA256
4182d5ba32d4ee79339dbf26417200162bce2ee85ea8a7efe8114a2399dedb31

SHA512
af6f49945a255cc91b77eb0f6e30e022b8b033c93e55a7f4dc52465e577acbf1fb64ae864f926f03c9aa87ed08c9c0a3dcb3eef65e7c8813bb2e412ced1bee2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\custom_require.rb

Filesize
1KB

MD5
57cb8b9e6994ef695f7c4db82b61fc09

SHA1
cf8359b80350d26fa7d5e9d3fe654405920329b0

SHA256
3134e9aef6dc4a9f87d3183f13d25d4da45c9bb4081bf86942561600250db3c9

SHA512
509d9f501f1ef46139e064992be53baeed656fd11f03674ff539417660890f120ca8ff498dbb87ebdaba94025f57b2d62984a4da77f52139991cdcf5aeec4052

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\defaults.rb

Filesize
2KB

MD5
38dd285f5facfa746c55bfd6b48d274c

SHA1
e1b4f63b7de0bd53ea1d9a59248c3b3745bfd7e8

SHA256
5ec933e087ea41d9433182bd78e366753aa2eaecf2ce7a1a4490bbc45ebe69cc

SHA512
28f00033feb48396dccb33f8f0c20a7efd9a6c56f8bad98d09dea49f462cb7a550216ce94033a4fd7acf9733fd01dd4aaf5083265a4f85f0e21342984b72999a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\defaults\operating_system.rb

Filesize
609B

MD5
17849453a18a428aeb6317519a72cc79

SHA1
b7bc41fca347eb063a8ab1a87d17635763824794

SHA256
2fbf4b99c2de3af97c0fead757512a90b17d7830134197a68085815a268d4fab

SHA512
f1e2a66a6c413f1a81618d1a1cd9ba72257337e53f066dc33e5de844e4bf3724703a0d8d039188ba42e12600818e0932dd627a07daf756ae79058f398a74da8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\dependency.rb

Filesize
6KB

MD5
c785d7333a5b7a9707a225c0e3900029

SHA1
93934b98c9803e3906cf4836d81b961ce4c799ad

SHA256
17f37f006cacc1d036f142f617b0e70c57a19294facf637234d62bb83b391395

SHA512
c566a4f4bb68e6d6c84137f5fbfc8a635aacda64c1e842910811e70b0b81b513499c4836eae5e446925a84eda529024e082656774c22fa8b933e1ee3dfea123f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\deprecate.rb

Filesize
1KB

MD5
bfa88b569dd7aa9fd36944ce0b823181

SHA1
ef312b6741a05ffa200d480b437c36686fe15f97

SHA256
b7baec83f12403d5543552b9ad9a9f3a25b17809f3bc8ccb2838645d08f17288

SHA512
ec67e33d25ce7f5d375b6c79bdf680aad8e4af70488b69e90feabed78fcdcb17d171bec44aaede05f73838a1c4ef99b2b2c0f687156d09508e49688b5ccdb385

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\exceptions.rb

Filesize
2KB

MD5
77c9bb0ae6da40d7cd7f909ccf0ca998

SHA1
aa7f212566f11c5a154d7fe4236e7d2806bba534

SHA256
5c23963e7d9ce027fab4c0d8f6020d042668cf12d3edfbbfe538d540eb67dfbc

SHA512
59b963f52cc9e9c96a3c691b4454489addf7d5fa5afb1e09213bd75877e03754e9bf0447d828504f9c88b8656ade48b41191fddf848ded5117234e21e0689c5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\path_support.rb

Filesize
1KB

MD5
b7d722f228ca8b188fa4b2d9ca678395

SHA1
eb2e3fef5d3491f9c581af414ce2a076da0d60a4

SHA256
fa70f5179b0260051d24be1ce0adeccf0de847c60cc3e2d96fac569dacae9b67

SHA512
ace58268d325dd5c3d3572e54d2ff2633103ce2db2d9bb8b58e9d19188bca91ab5a8ca79fd3e0ba256f67c0db491c14bf760a19093b46d54a949255331431d66

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\platform.rb

Filesize
5KB

MD5
82929caa689e6f1f8720845208f29550

SHA1
9cf6ab9ba16fd2826bb870f54d3cd3623a2b6f89

SHA256
bd90723a1bfffe01ae03ab53e93bbbdd22f0d17456554ad1622faa339681cad1

SHA512
bc52b630ffb97e3d0e780175ce6ae9087b1eaa036dcdc3d5fd6dc14842e04dc5413ff433497fa169f72b73d3b292c72bd22f2b53c85f3280e9bb9933c2e73df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\requirement.rb

Filesize
4KB

MD5
51ee1d2287f1a37b729701c22b295d89

SHA1
2a0deb097d482b7e793eb9a133cc3f8f906f5296

SHA256
32701ece5e454cad0e4e5a29df841ef435bab29bfe2e561eb1a57b0ef084e411

SHA512
c0b4c679c04c3777b695b8c503474e990fb016fd98bff75e185f750e560b34ccf3c8c788327968ca360b1265ec0fefeb73ad1af99865e7e49e5a165c56466b6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\specification.rb

Filesize
54KB

MD5
7228bdc1dccfa1bd98a5b5022736dc46

SHA1
9999050e88c44f01e1e26383b97406087f24975c

SHA256
15f793888e3b315020528f3ed821e16b15ee2886f2a557066b50205dea3a9592

SHA512
c8c10fae77e04fe0ee564e16540c13ef881d1368703eeef318f23327a134a9c9ba23e8d46b7f7ccec644bcc37a2de6a3963b2e5225d4858f99eb287441b38440

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\site_ruby\1.8\rubygems\version.rb

Filesize
10KB

MD5
596e3a9d4ad4ced8a78ba10485de65b3

SHA1
b0527bc9e6f15bddde5cc3bf5e6d66e806ecf877

SHA256
2794562d7412abfb1538e27b13c31d85ef8698a31665a43349369ea5929e443b

SHA512
3eee32908434917a4bcbdb8ab3bf720bd63574fe0a51178967770a30722cad52161771157975c7a3a5220adc436536ceba147a5a80acbb4cea1ceb42afb3cbff

Download Submit
C:\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\src\test.rb

Filesize
914B

MD5
be12c01dc6a4da04292b6d84ad9a2fa1

SHA1
c3ac16bffa20ac6c4ceac41b7ca7f1437fc59c0c

SHA256
81120ff071ec7b5a80fcf3f072867f945bf4e1b47da27da1f1570a6bcf2c2267

SHA512
e260b50e7fbe473cc274dbc872ade0145878a0fd93a585505f7f8f5fd3d49fc35dcd6243d2a8b84401a03592b763a1f2f768b8b41eb1e0dfee67ec25deab328a

Download Submit
\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\bin\msvcrt-ruby18.dll

Filesize
815KB

MD5
8bb28aa8d3f2a09974b364aa294093d2

SHA1
1d3275b0c21813b4dd4a965745354a98d24d3a5c

SHA256
8a218e9c54c8fdf659637e7021857b6634cf7c329173dec62df91ce0cdf747cb

SHA512
cc05376591b206b98352e436b211ef1dfdc5e15c96ca6409af4932a8f805e9bd2c36b916cf46c9f116e5ea7bd5bf4a3a0dfbbedefdcba288451e4c33eade23ff

Download Submit
\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\bin\rubyw.exe

Filesize
69KB

MD5
e9bf1e9b24a80e819ab3629852338945

SHA1
ea9609fc53733a329a64223bc5cfda3df0a20192

SHA256
b76b016a8bb443b58b21cfac7ab99a749d56fd47616f48af9cc5ce9323ba6c4e

SHA512
e8b9967cd1998683b79cc38c9681729cb5679ce12e52cad55c7027e5d6fb9c71b11c90646a7a06a947e000bc1d9edae6c02a9d741de70a6040df9cb24becc035

Download Submit
\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\bin\rubyw.exe

Filesize
69KB

MD5
e9bf1e9b24a80e819ab3629852338945

SHA1
ea9609fc53733a329a64223bc5cfda3df0a20192

SHA256
b76b016a8bb443b58b21cfac7ab99a749d56fd47616f48af9cc5ce9323ba6c4e

SHA512
e8b9967cd1998683b79cc38c9681729cb5679ce12e52cad55c7027e5d6fb9c71b11c90646a7a06a947e000bc1d9edae6c02a9d741de70a6040df9cb24becc035

Download Submit
\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\1.8\i386-mingw32\socket.so

Filesize
57KB

MD5
05c2d63c47408fcee38387eea9a6021c

SHA1
c6df63f310c3156b574b834ab7c6fa4b8805caf8

SHA256
f05d113fb07eae2aa62d2755d890b92889edffeb7aaf27595fd54aeb72e54359

SHA512
16e0a6788c471f6f05cea5ddaaa3465f83cc481b8af1a891c1165a6ee4b4397a7baae8e767b13d93cbf8a9911e25bbd8a0a7e323f9335921a39c7a82221ca2b9

Download Submit
\Users\Admin\AppData\Local\Temp\ocr24C1.tmp\lib\ruby\gems\1.8\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby18\win32\api.so

Filesize
29KB

MD5
cebe040a23b7f5fdcceb5ffd7fffb68b

SHA1
74952ab2e0fe891616673de7eac6280a4e17dec0

SHA256
c3eebc6643e454dd1ac9e7491a639666e28b91f76322076bc4ced8aa3dd4345e

SHA512
552c13ef5b38950bda8b057ab17cdd457e71d214057995fb1598c0c225cb97e7c54fd894e1e36d5108a69225437eb28b19d1287f6ad45657851b01a9ebc88bfa

Download Submit
memory/1940-94-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-107-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-82-0x0000000066940000-0x000000006694F000-memory.dmp

Filesize
60KB

Download
memory/1940-80-0x0000000066940000-0x000000006694F000-memory.dmp

Filesize
60KB

Download
memory/1940-85-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-60-0x0000000075C61000-0x0000000075C63000-memory.dmp

Filesize
8KB

Download
memory/1940-86-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-87-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-88-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-89-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-90-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-91-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-92-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-93-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-95-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-96-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-97-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-98-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-99-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-100-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-101-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-102-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-103-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-104-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-105-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-106-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-81-0x0000000066940000-0x000000006694F000-memory.dmp

Filesize
60KB

Download
memory/1940-108-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-109-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-110-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-111-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-112-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-113-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-114-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-115-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-116-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-117-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-118-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-119-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-120-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-121-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-122-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-123-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-124-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-125-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-126-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-127-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-128-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-129-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-130-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-131-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-132-0x0000000066940000-0x000000006694F000-memory.dmp

Filesize
60KB

Download
memory/1940-133-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download
memory/1940-134-0x0000000066940000-0x000000006694F000-memory.dmp

Filesize
60KB

Download
memory/1940-135-0x000000006E600000-0x000000006E616000-memory.dmp

Filesize
88KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads