ramnit | bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd

General

Target

bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe
Size

112KB
MD5

2963268727690914add09a80e7a45440
SHA1

dd61e1797813960ae1d033a10cc9a231c1c919a3
SHA256

bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd
SHA512

67d3a5e1c249f7ff0b323f0e4ee70a2b7352315843f008001419812a1528b325a676fb08dc66144677697a0b447fbf4bdf207d1efefda63a31b5d9c1f0cf6fdc
SSDEEP

1536:tVZnxm6MG9xgfrvEaoiT/GyphjXDYjKwttoswRmhApE:dnxwgxgfR/DVG7wBpE

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 1 IoCs

Processes:

WaterMark.exe

pid process

924 WaterMark.exe

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4196-134-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4196-135-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/4196-138-0x0000000000400000-0x0000000000421000-memory.dmp	upx
behavioral2/memory/924-142-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral2/memory/924-144-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral2/memory/924-145-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral2/memory/924-149-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral2/memory/924-152-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral2/memory/924-153-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral2/memory/924-154-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral2/memory/924-155-0x0000000000400000-0x00000000004A4000-memory.dmp	upx
behavioral2/memory/924-156-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\px73BE.tmp	bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe
File created	C:\Program Files (x86)\Microsoft\WaterMark.exe	bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe
File opened for modification	C:\Program Files (x86)\Microsoft\WaterMark.exe	bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4364 4032 WerFault.exe svchost.exe

pid	pid_target	process	target process
4364	4032	WerFault.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 48 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4258808595"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31011782"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4260371611"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "381750694"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4258808595"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4260371611"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31011782"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4258808595"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31011782"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31011782"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1BC2B940-9FBA-11ED-89AC-E62D9FD3CB0B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31011782"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31011782"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{1BBB93C6-9FBA-11ED-89AC-E62D9FD3CB0B} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4258808595"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

WaterMark.exe

pid	process
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe
924	WaterMark.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

4880 iexplore.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WaterMark.exe

description pid process

Token: SeDebugPrivilege 924 WaterMark.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeiexplore.exe

pid process

4880 iexplore.exe
4800 iexplore.exe

pid	process
4880	iexplore.exe

description	pid	process
Token: SeDebugPrivilege	924	WaterMark.exe

pid	process
4880	iexplore.exe
4800	iexplore.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
4800	iexplore.exe
4800	iexplore.exe
4880	iexplore.exe
4880	iexplore.exe
5064	IEXPLORE.EXE
5064	IEXPLORE.EXE
4740	IEXPLORE.EXE
4740	IEXPLORE.EXE
4740	IEXPLORE.EXE
4740	IEXPLORE.EXE

Suspicious use of UnmapMainImage 2 IoCs

Processes:

bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exeWaterMark.exe

pid process

4196 bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe
924 WaterMark.exe

pid	process
4196	bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe
924	WaterMark.exe

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exeWaterMark.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 4196 wrote to memory of 924	4196	bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe	WaterMark.exe
PID 4196 wrote to memory of 924	4196	bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe	WaterMark.exe
PID 4196 wrote to memory of 924	4196	bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe	WaterMark.exe
PID 924 wrote to memory of 4032	924	WaterMark.exe	svchost.exe
PID 924 wrote to memory of 4032	924	WaterMark.exe	svchost.exe
PID 924 wrote to memory of 4032	924	WaterMark.exe	svchost.exe
PID 924 wrote to memory of 4032	924	WaterMark.exe	svchost.exe
PID 924 wrote to memory of 4032	924	WaterMark.exe	svchost.exe
PID 924 wrote to memory of 4032	924	WaterMark.exe	svchost.exe
PID 924 wrote to memory of 4032	924	WaterMark.exe	svchost.exe
PID 924 wrote to memory of 4032	924	WaterMark.exe	svchost.exe
PID 924 wrote to memory of 4032	924	WaterMark.exe	svchost.exe
PID 924 wrote to memory of 4880	924	WaterMark.exe	iexplore.exe
PID 924 wrote to memory of 4880	924	WaterMark.exe	iexplore.exe
PID 924 wrote to memory of 4800	924	WaterMark.exe	iexplore.exe
PID 924 wrote to memory of 4800	924	WaterMark.exe	iexplore.exe
PID 4800 wrote to memory of 5064	4800	iexplore.exe	IEXPLORE.EXE
PID 4800 wrote to memory of 5064	4800	iexplore.exe	IEXPLORE.EXE
PID 4800 wrote to memory of 5064	4800	iexplore.exe	IEXPLORE.EXE
PID 4880 wrote to memory of 4740	4880	iexplore.exe	IEXPLORE.EXE
PID 4880 wrote to memory of 4740	4880	iexplore.exe	IEXPLORE.EXE
PID 4880 wrote to memory of 4740	4880	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe
"C:\Users\Admin\AppData\Local\Temp\bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:4196

C:\Program Files (x86)\Microsoft\WaterMark.exe
"C:\Program Files (x86)\Microsoft\WaterMark.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:924

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 204
4⤵
- Program crash
PID:4364

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
3⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4880

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4880 CREDAT:17410 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4740

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4800

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4800 CREDAT:17410 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4032 -ip 4032
1⤵
PID:4064

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\WaterMark.exe
Filesize
112KB

MD5
2963268727690914add09a80e7a45440

SHA1
dd61e1797813960ae1d033a10cc9a231c1c919a3

SHA256
bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd

SHA512
67d3a5e1c249f7ff0b323f0e4ee70a2b7352315843f008001419812a1528b325a676fb08dc66144677697a0b447fbf4bdf207d1efefda63a31b5d9c1f0cf6fdc

Download Submit
C:\Program Files (x86)\Microsoft\WaterMark.exe
Filesize
112KB

MD5
2963268727690914add09a80e7a45440

SHA1
dd61e1797813960ae1d033a10cc9a231c1c919a3

SHA256
bc367abc849c73de4ca1e5b79763cb04897b268210a2462628e888b01bee9bdd

SHA512
67d3a5e1c249f7ff0b323f0e4ee70a2b7352315843f008001419812a1528b325a676fb08dc66144677697a0b447fbf4bdf207d1efefda63a31b5d9c1f0cf6fdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1BBB93C6-9FBA-11ED-89AC-E62D9FD3CB0B}.dat
Filesize
3KB

MD5
656191187d41be3b6ef77163453b6df7

SHA1
a9c9187712b7700a0ca710c4835fe8276fde0a1e

SHA256
015c05d5af7ff96c4c7bdd8db56d8a0891da93688fe9c0503b4c54a2bef908bd

SHA512
9dbe6f40ebe0df4660d7e036357543edc36cb0d9be4fa8515808e82fd5b775ba262eb952043a7b0c154783ddc9f945736b8c84f8fe7bd25cf3cb858d798fa766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1BC2B940-9FBA-11ED-89AC-E62D9FD3CB0B}.dat
Filesize
5KB

MD5
78a78d7937ea9561cb6619fd0cc2629c

SHA1
3777902d60576a0370534b1280f1bb8f3f5e1def

SHA256
ff73a33e087cc07d5b6d0edd515d47f58e2e33f3b8784d59dac2b119a94de051

SHA512
13490f05013c77e566b61efcba591e1b57713c8c4aa0490a0bc4554a47ef3252c9df267b7d6b2c65419c0ee30abd3d0b16a94bff97cb016538fb0653b66c0777

Download Submit
memory/924-145-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/924-153-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/924-156-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/924-144-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/924-155-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/924-154-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/924-149-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/924-136-0x0000000000000000-mapping.dmp

Download
memory/924-142-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/924-152-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/4032-148-0x0000000000000000-mapping.dmp

Download
memory/4196-135-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4196-134-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4196-138-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads