ramnit | b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf

General

Target

b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe
Size

120KB
MD5

fc767171269c89ab964faa2daa471e31
SHA1

05a912999017ede0c5885dd65db92fd8200542c2
SHA256

b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf
SHA512

6ffff7778c4dc5fdc49676872820301e5107145d64f8304ccb0e434157efdaafbe3dfb963041539b410cdff7bb0dd6b4888a7bea9a6884ec64a58d3a3782e849
SSDEEP

768:DQxkwifBsIqHpcrkMEYEhA7P4RhAtmaZFb79U9MKAjBEig6/1k21m3uHRdMNDj2Y:D8kwilTEhU4HDa1KkjWXUa21mc/Mue9

Score

10^/10

ramnit banker spyware stealer trojan upx worm

Malware Config

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Executes dropped EXE 1 IoCs

Processes:

WaterMark.exe

pid process

4792 WaterMark.exe

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/4044-132-0x0000000000400000-0x0000000000428000-memory.dmp	upx
behavioral2/memory/4792-138-0x0000000000400000-0x0000000000428000-memory.dmp	upx
behavioral2/memory/4792-142-0x0000000000400000-0x0000000000428000-memory.dmp	upx
behavioral2/memory/4792-145-0x0000000000400000-0x0000000000428000-memory.dmp	upx

Drops file in Program Files directory 3 IoCs

Processes:

b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\WaterMark.exe	b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe
File opened for modification	C:\Program Files (x86)\Microsoft\px62A.tmp	b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe
File created	C:\Program Files (x86)\Microsoft\WaterMark.exe	b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1152 4324 WerFault.exe svchost.exe

pid	pid_target	process	target process
1152	4324	WerFault.exe	svchost.exe

Modifies Internet Explorer settings 1 TTPs 48 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31011790"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3e0000003e000000c4040000a3020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31011790"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "381753838"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5C6D883D-9FC1-11ED-919F-C2D7A23AFBD4} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "941433676"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31011790"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31011790"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1063776844"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5C724D20-9FC1-11ED-919F-C2D7A23AFBD4} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31011790"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1018464639"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "941433676"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1063776844"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31011790"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1018464639"	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

WaterMark.exe

pid	process
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe
4792	WaterMark.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

WaterMark.exe

description pid process

Token: SeDebugPrivilege 4792 WaterMark.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

iexplore.exeiexplore.exe

pid process

2380 iexplore.exe
2648 iexplore.exe

description	pid	process
Token: SeDebugPrivilege	4792	WaterMark.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

iexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXE

pid	process
2380	iexplore.exe
2380	iexplore.exe
2648	iexplore.exe
2648	iexplore.exe
4460	IEXPLORE.EXE
4460	IEXPLORE.EXE
1444	IEXPLORE.EXE
1444	IEXPLORE.EXE
4460	IEXPLORE.EXE
4460	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 22 IoCs

Processes:

b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exeWaterMark.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 4044 wrote to memory of 4792	4044	b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe	WaterMark.exe
PID 4044 wrote to memory of 4792	4044	b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe	WaterMark.exe
PID 4044 wrote to memory of 4792	4044	b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe	WaterMark.exe
PID 4792 wrote to memory of 4324	4792	WaterMark.exe	svchost.exe
PID 4792 wrote to memory of 4324	4792	WaterMark.exe	svchost.exe
PID 4792 wrote to memory of 4324	4792	WaterMark.exe	svchost.exe
PID 4792 wrote to memory of 4324	4792	WaterMark.exe	svchost.exe
PID 4792 wrote to memory of 4324	4792	WaterMark.exe	svchost.exe
PID 4792 wrote to memory of 4324	4792	WaterMark.exe	svchost.exe
PID 4792 wrote to memory of 4324	4792	WaterMark.exe	svchost.exe
PID 4792 wrote to memory of 4324	4792	WaterMark.exe	svchost.exe
PID 4792 wrote to memory of 4324	4792	WaterMark.exe	svchost.exe
PID 4792 wrote to memory of 2380	4792	WaterMark.exe	iexplore.exe
PID 4792 wrote to memory of 2380	4792	WaterMark.exe	iexplore.exe
PID 4792 wrote to memory of 2648	4792	WaterMark.exe	iexplore.exe
PID 4792 wrote to memory of 2648	4792	WaterMark.exe	iexplore.exe
PID 2380 wrote to memory of 4460	2380	iexplore.exe	IEXPLORE.EXE
PID 2380 wrote to memory of 4460	2380	iexplore.exe	IEXPLORE.EXE
PID 2380 wrote to memory of 4460	2380	iexplore.exe	IEXPLORE.EXE
PID 2648 wrote to memory of 1444	2648	iexplore.exe	IEXPLORE.EXE
PID 2648 wrote to memory of 1444	2648	iexplore.exe	IEXPLORE.EXE
PID 2648 wrote to memory of 1444	2648	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe
"C:\Users\Admin\AppData\Local\Temp\b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:4044

C:\Program Files (x86)\Microsoft\WaterMark.exe
"C:\Program Files (x86)\Microsoft\WaterMark.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4792

C:\Windows\SysWOW64\svchost.exe
C:\Windows\system32\svchost.exe
3⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 212
4⤵
- Program crash
PID:1152

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2380 CREDAT:17410 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4460

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
3⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2648 CREDAT:17410 /prefetch:2
4⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 4324 -ip 4324
1⤵
PID:2156

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\WaterMark.exe
Filesize
120KB

MD5
fc767171269c89ab964faa2daa471e31

SHA1
05a912999017ede0c5885dd65db92fd8200542c2

SHA256
b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf

SHA512
6ffff7778c4dc5fdc49676872820301e5107145d64f8304ccb0e434157efdaafbe3dfb963041539b410cdff7bb0dd6b4888a7bea9a6884ec64a58d3a3782e849

Download Submit
C:\Program Files (x86)\Microsoft\WaterMark.exe
Filesize
120KB

MD5
fc767171269c89ab964faa2daa471e31

SHA1
05a912999017ede0c5885dd65db92fd8200542c2

SHA256
b548592f80db58c1571a31920aafb2a42ee0caf364723bd1d50204f8639366bf

SHA512
6ffff7778c4dc5fdc49676872820301e5107145d64f8304ccb0e434157efdaafbe3dfb963041539b410cdff7bb0dd6b4888a7bea9a6884ec64a58d3a3782e849

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
26cb63224b51d99ce887c9ff8130a338

SHA1
108ad165d80234621dfba3fb62195a26ce821acb

SHA256
c0a8afd7b1a047144b9cf337e4518f7ce1b5108dbbd135e593b4411855222a41

SHA512
5f0782919fdc942a1614fd76e25b62c74e96e4e8a12a30b1162db2d9bd3fd6ae8160c3edc101f7ea80137aabdbae62ae57bbe29b96b995b66f80162a647bd76d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
404B

MD5
952a2aa3ffef99b1e14a10d7a894de89

SHA1
75abe69c7aab8e423262f2ff62aaf3068a8f5904

SHA256
429dacc95c262ac137a637896e642dee695495cc717406116975c087cb569fce

SHA512
c80c62a0c80a03c9d2dec9fb09e26e96239fd774d349c8285025ae0d1c096a22e5734977c89385b461126812eb0fd630a2c2f782ed740271b9f7692a38d56922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5C6D883D-9FC1-11ED-919F-C2D7A23AFBD4}.dat
Filesize
3KB

MD5
75cfac59b706a0aa81b9f08090fd7a60

SHA1
918883c3f16f539f0776f68becd8b788d8387d97

SHA256
b047082f96f1ae84bbf337eefaccb0b1116991e9161cde04bfae57cadb26e41a

SHA512
4d771291ee28ba3c4b840a3f46887a5d1e088c6c6a4e93c1f3fdf8222d19bdb62306e53e1d203d9620c46f6813a67d90bc1fcf5c4505e77b2f4a561c0cbbad73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5C724D20-9FC1-11ED-919F-C2D7A23AFBD4}.dat
Filesize
3KB

MD5
723df9c0799ccea0fdcf78fc58fbdb9c

SHA1
d28c0dbc591f2d9fd34ba2f57c1b16276f14cefa

SHA256
0898a416b9efce88eb630808eacd66106e47380284d1183cf5cade718d8bc7da

SHA512
22640addd01e34a9e52be0c013f234c9c35f9fea4e3df01a17694b89d6aa87eea46dc90a5d617241630d5225469365675140c1bcd33c50a2a791982fcfba2d1a

Download Submit
memory/4044-133-0x00000000004B0000-0x00000000004D8000-memory.dmp

Filesize
160KB

Download
memory/4044-132-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4324-140-0x0000000000000000-mapping.dmp

Download
memory/4792-138-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4792-142-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4792-141-0x0000000000460000-0x0000000000488000-memory.dmp

Filesize
160KB

Download
memory/4792-145-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4792-137-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4792-134-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads