ramnit | b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb

General

Target

b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe
Size

120KB
MD5

00a9e76cd50f13a7824ea09947434c2d
SHA1

8e2a5aa7ddbd96c4347be109dd4191aa8f1f703c
SHA256

b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb
SHA512

7f0ec8268bd7bbf76e9c002d32dae82db0da1239180680ee1ab43871f2414f443a1c8843aec0b8e9c289a3b4414674843b774f195b45d60a4ebbca91e8e1f9b9
SSDEEP

3072:Ig+3fh/PHrgNUqOBx4J2vNbGfvGnd3gW5ZM4/uBnm:h+3fRb9NdndPZMTs

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 1 IoCs

Processes:

lywhuwhekrpafjlk.exe

pid process

380 lywhuwhekrpafjlk.exe

pid	process
380	lywhuwhekrpafjlk.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/3116-134-0x0000000000400000-0x000000000043957C-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\lywhuwhekrpafjlk.exe	upx
behavioral2/memory/3116-142-0x0000000000400000-0x000000000043957C-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\lywhuwhekrpafjlk.exe	upx
behavioral2/memory/380-143-0x0000000000400000-0x000000000043957C-memory.dmp	upx

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

4192 2444 WerFault.exe svchost.exe
2548 2128 WerFault.exe svchost.exe

pid	pid_target	process	target process
4192	2444	WerFault.exe	svchost.exe
2548	2128	WerFault.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "381751784"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2048035285"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2049284682"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31011785"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2242723900"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31011785"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{A4C8DE43-9FBC-11ED-A0EE-E289BC6C3020} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2049284682"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31011785"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31011785"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2048035285"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31011785"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

iexplore.exe

pid process

1380 iexplore.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

656

pid	process
656

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exelywhuwhekrpafjlk.exe

description	pid	process
Token: SeSecurityPrivilege	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe
Token: SeDebugPrivilege	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe
Token: SeSecurityPrivilege	380	lywhuwhekrpafjlk.exe
Token: SeLoadDriverPrivilege	380	lywhuwhekrpafjlk.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exe

pid process

1380 iexplore.exe
1380 iexplore.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
1380	iexplore.exe
1380	iexplore.exe
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE
1728	IEXPLORE.EXE
1380	iexplore.exe
1380	iexplore.exe
1656	IEXPLORE.EXE
1656	IEXPLORE.EXE
1656	IEXPLORE.EXE
1656	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 31 IoCs

Processes:

b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exeiexplore.exe

description	pid	process	target process
PID 3116 wrote to memory of 2444	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2444	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2444	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2444	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2444	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2444	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2444	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2444	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2444	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 1380	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	iexplore.exe
PID 3116 wrote to memory of 1380	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	iexplore.exe
PID 1380 wrote to memory of 1728	1380	iexplore.exe	IEXPLORE.EXE
PID 1380 wrote to memory of 1728	1380	iexplore.exe	IEXPLORE.EXE
PID 1380 wrote to memory of 1728	1380	iexplore.exe	IEXPLORE.EXE
PID 3116 wrote to memory of 2128	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2128	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2128	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2128	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2128	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2128	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2128	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2128	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2128	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	svchost.exe
PID 3116 wrote to memory of 2324	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	iexplore.exe
PID 3116 wrote to memory of 2324	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	iexplore.exe
PID 1380 wrote to memory of 1656	1380	iexplore.exe	IEXPLORE.EXE
PID 1380 wrote to memory of 1656	1380	iexplore.exe	IEXPLORE.EXE
PID 1380 wrote to memory of 1656	1380	iexplore.exe	IEXPLORE.EXE
PID 3116 wrote to memory of 380	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	lywhuwhekrpafjlk.exe
PID 3116 wrote to memory of 380	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	lywhuwhekrpafjlk.exe
PID 3116 wrote to memory of 380	3116	b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe	lywhuwhekrpafjlk.exe

C:\Users\Admin\AppData\Local\Temp\b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe
"C:\Users\Admin\AppData\Local\Temp\b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3116

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 204
3⤵
- Program crash
PID:4192

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1380

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1380 CREDAT:17410 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1380 CREDAT:17416 /prefetch:2
3⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
2⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 204
3⤵
- Program crash
PID:2548

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
2⤵
- Modifies Internet Explorer settings
PID:2324

C:\Users\Admin\AppData\Local\Temp\lywhuwhekrpafjlk.exe
"C:\Users\Admin\AppData\Local\Temp\lywhuwhekrpafjlk.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2444 -ip 2444
1⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2128 -ip 2128
1⤵
PID:1804

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
26cb63224b51d99ce887c9ff8130a338

SHA1
108ad165d80234621dfba3fb62195a26ce821acb

SHA256
c0a8afd7b1a047144b9cf337e4518f7ce1b5108dbbd135e593b4411855222a41

SHA512
5f0782919fdc942a1614fd76e25b62c74e96e4e8a12a30b1162db2d9bd3fd6ae8160c3edc101f7ea80137aabdbae62ae57bbe29b96b995b66f80162a647bd76d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
434B

MD5
0cd7fe96dba72a04d229142fb51ac23e

SHA1
f5c1b6bafedc57cee8f0cca6776b7fb4bf423bb5

SHA256
ff18183c9690ea043fb42e83c99a0a1878a517b88a7c384a57b937bc1c89c16e

SHA512
996bc0e2363e346e6c74ac59f7127556e0fd44442b73ded9c1c464c361383c84d3865fd388b9d54b4846b59842edaaa8d1dc60c9fc0230ffce6d235b6e8ef08b

Download Submit
C:\Users\Admin\AppData\Local\Temp\lywhuwhekrpafjlk.exe
Filesize
120KB

MD5
00a9e76cd50f13a7824ea09947434c2d

SHA1
8e2a5aa7ddbd96c4347be109dd4191aa8f1f703c

SHA256
b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb

SHA512
7f0ec8268bd7bbf76e9c002d32dae82db0da1239180680ee1ab43871f2414f443a1c8843aec0b8e9c289a3b4414674843b774f195b45d60a4ebbca91e8e1f9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\lywhuwhekrpafjlk.exe
Filesize
120KB

MD5
00a9e76cd50f13a7824ea09947434c2d

SHA1
8e2a5aa7ddbd96c4347be109dd4191aa8f1f703c

SHA256
b203dfabbbd4297522ae9e4c2fee4dfa24a186411afe2d5d9de1ce2f03943bfb

SHA512
7f0ec8268bd7bbf76e9c002d32dae82db0da1239180680ee1ab43871f2414f443a1c8843aec0b8e9c289a3b4414674843b774f195b45d60a4ebbca91e8e1f9b9

Download Submit
memory/380-139-0x0000000000000000-mapping.dmp

Download
memory/380-143-0x0000000000400000-0x000000000043957C-memory.dmp

Filesize
229KB

Download
memory/2128-136-0x0000000000000000-mapping.dmp

Download
memory/2444-133-0x0000000000000000-mapping.dmp

Download
memory/3116-134-0x0000000000400000-0x000000000043957C-memory.dmp

Filesize
229KB

Download
memory/3116-142-0x0000000000400000-0x000000000043957C-memory.dmp

Filesize
229KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads