darkcomet | 5d7f6ab4f324bfaa347af5917a59a9b633f4dd891a96870235c6509fb9e7b5d4

General

Target

2abeee8718f57cf5318197003550909d.exe
Size

1.4MB
MD5

2abeee8718f57cf5318197003550909d
SHA1

9e4662401cc01283eb03ad9b79a52b02713963fb
SHA256

5d7f6ab4f324bfaa347af5917a59a9b633f4dd891a96870235c6509fb9e7b5d4
SHA512

4897d94a4263451890e060a5488570c889dbd54e55fe9f4dc8c8ce00739ecf696392d9534d4f534370c59c073d496e0e5afac985cfb12b3c5d5e2a11523b06d8
SSDEEP

24576:tVrEOG6glVYeR74l7UiAHbdgSMs3hn3x2VpuDJGhuNKx/la60x:ttE16gLYK7BBHMox2buDYQQh060x

Score

10^/10

darkcomet luxygt evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

luxygt

C2

dartkom22.ddns.net:2009

Mutex

DCMIN_MUTEX-UT0S86Q

Attributes

InstallPath
DCSCMIN\IMDCSC.exe
gencode
fT1b0Py34wS5
install
true
offline_keylogger
true
persistence
false
reg_key
DarkComet RAT

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

Processes:

2abeee8718f57cf5318197003550909d.exeIMDCSC.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Users\\Admin\\Documents\\DCSCMIN\\IMDCSC.exe"	2abeee8718f57cf5318197003550909d.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe"	IMDCSC.exe

Modifies firewall policy service 2 TTPs 3 IoCs

evasion

Modify Registry

T1112

Modify Existing Service

T1031

Processes:

IMDCSC.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	IMDCSC.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "1"	IMDCSC.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "1"	IMDCSC.exe

Modifies security service 2 TTPs 1 IoCs
evasion

Modify Registry
T1112

Modify Existing Service
T1031

Processes:

IMDCSC.exe

description ioc process

Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "1" IMDCSC.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\wscsvc\Start = "1"	IMDCSC.exe

Windows security bypass 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

Processes:

IMDCSC.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "0"	IMDCSC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "0"	IMDCSC.exe

Disables RegEdit via registry modification 1 IoCs

evasion

Processes:

IMDCSC.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "0"	IMDCSC.exe

Disables Task Manager via registry modification
evasion
Executes dropped EXE 2 IoCs

Processes:

IMDCSC.exeIMDCSC.exe

pid process

664 IMDCSC.exe
588 IMDCSC.exe
Loads dropped DLL 1 IoCs

Processes:

2abeee8718f57cf5318197003550909d.exe

pid process

872 2abeee8718f57cf5318197003550909d.exe

pid	process
664	IMDCSC.exe
588	IMDCSC.exe

pid	process
872	2abeee8718f57cf5318197003550909d.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

Processes:

IMDCSC.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\AntiVirusDisableNotify = "0"	IMDCSC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UpdatesDisableNotify = "0"	IMDCSC.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

2abeee8718f57cf5318197003550909d.exeIMDCSC.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Windows\CurrentVersion\Run\DarkComet RAT = "C:\\Users\\Admin\\Documents\\DCSCMIN\\IMDCSC.exe"	2abeee8718f57cf5318197003550909d.exe
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run	IMDCSC.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

2abeee8718f57cf5318197003550909d.exeIMDCSC.exe

description	pid	process	target process
PID 308 set thread context of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 664 set thread context of 588	664	IMDCSC.exe	IMDCSC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

IMDCSC.exe

pid process

588 IMDCSC.exe
588 IMDCSC.exe

pid	process
588	IMDCSC.exe
588	IMDCSC.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

Processes:

2abeee8718f57cf5318197003550909d.exeIMDCSC.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeSecurityPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeTakeOwnershipPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeLoadDriverPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeSystemProfilePrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeSystemtimePrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeProfSingleProcessPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeIncBasePriorityPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeCreatePagefilePrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeBackupPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeRestorePrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeShutdownPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeDebugPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeSystemEnvironmentPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeChangeNotifyPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeRemoteShutdownPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeUndockPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeManageVolumePrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeImpersonatePrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: SeCreateGlobalPrivilege	872	2abeee8718f57cf5318197003550909d.exe
Token: 33	872	2abeee8718f57cf5318197003550909d.exe
Token: 34	872	2abeee8718f57cf5318197003550909d.exe
Token: 35	872	2abeee8718f57cf5318197003550909d.exe
Token: SeIncreaseQuotaPrivilege	588	IMDCSC.exe
Token: SeSecurityPrivilege	588	IMDCSC.exe
Token: SeTakeOwnershipPrivilege	588	IMDCSC.exe
Token: SeLoadDriverPrivilege	588	IMDCSC.exe
Token: SeSystemProfilePrivilege	588	IMDCSC.exe
Token: SeSystemtimePrivilege	588	IMDCSC.exe
Token: SeProfSingleProcessPrivilege	588	IMDCSC.exe
Token: SeIncBasePriorityPrivilege	588	IMDCSC.exe
Token: SeCreatePagefilePrivilege	588	IMDCSC.exe
Token: SeBackupPrivilege	588	IMDCSC.exe
Token: SeRestorePrivilege	588	IMDCSC.exe
Token: SeShutdownPrivilege	588	IMDCSC.exe
Token: SeDebugPrivilege	588	IMDCSC.exe
Token: SeSystemEnvironmentPrivilege	588	IMDCSC.exe
Token: SeChangeNotifyPrivilege	588	IMDCSC.exe
Token: SeRemoteShutdownPrivilege	588	IMDCSC.exe
Token: SeUndockPrivilege	588	IMDCSC.exe
Token: SeManageVolumePrivilege	588	IMDCSC.exe
Token: SeImpersonatePrivilege	588	IMDCSC.exe
Token: SeCreateGlobalPrivilege	588	IMDCSC.exe
Token: 33	588	IMDCSC.exe
Token: 34	588	IMDCSC.exe
Token: 35	588	IMDCSC.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

IMDCSC.exe

pid process

588 IMDCSC.exe

pid	process
588	IMDCSC.exe

Suspicious use of WriteProcessMemory 48 IoCs

Processes:

2abeee8718f57cf5318197003550909d.exe2abeee8718f57cf5318197003550909d.exeIMDCSC.exeIMDCSC.exe

description	pid	process	target process
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 308 wrote to memory of 872	308	2abeee8718f57cf5318197003550909d.exe	2abeee8718f57cf5318197003550909d.exe
PID 872 wrote to memory of 664	872	2abeee8718f57cf5318197003550909d.exe	IMDCSC.exe
PID 872 wrote to memory of 664	872	2abeee8718f57cf5318197003550909d.exe	IMDCSC.exe
PID 872 wrote to memory of 664	872	2abeee8718f57cf5318197003550909d.exe	IMDCSC.exe
PID 872 wrote to memory of 664	872	2abeee8718f57cf5318197003550909d.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 664 wrote to memory of 588	664	IMDCSC.exe	IMDCSC.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe
PID 588 wrote to memory of 1380	588	IMDCSC.exe	notepad.exe

System policy modification 1 TTPs 3 IoCs

evasion

Modify Registry

T1112

Processes:

IMDCSC.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion	IMDCSC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion\Explorern	IMDCSC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CurrentVersion\Explorern\NoControlPanel = "0"	IMDCSC.exe

C:\Users\Admin\AppData\Local\Temp\2abeee8718f57cf5318197003550909d.exe
"C:\Users\Admin\AppData\Local\Temp\2abeee8718f57cf5318197003550909d.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:308

C:\Users\Admin\AppData\Local\Temp\2abeee8718f57cf5318197003550909d.exe
"C:\Users\Admin\AppData\Local\Temp\2abeee8718f57cf5318197003550909d.exe"
2⤵
- Modifies WinLogon for persistence
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:872

C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe
"C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:664

C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe
"C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe"
4⤵
- Modifies WinLogon for persistence
- Modifies firewall policy service
- Modifies security service
- Windows security bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- Windows security modification
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:588

C:\Windows\SysWOW64\notepad.exe
notepad
5⤵
PID:1380

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

1

T1004

Modify Existing Service

2

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

7

T1112

Disabling Security Tools

2

T1089

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe
Filesize
1.4MB

MD5
2abeee8718f57cf5318197003550909d

SHA1
9e4662401cc01283eb03ad9b79a52b02713963fb

SHA256
5d7f6ab4f324bfaa347af5917a59a9b633f4dd891a96870235c6509fb9e7b5d4

SHA512
4897d94a4263451890e060a5488570c889dbd54e55fe9f4dc8c8ce00739ecf696392d9534d4f534370c59c073d496e0e5afac985cfb12b3c5d5e2a11523b06d8

Download Submit
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe
Filesize
1.4MB

MD5
2abeee8718f57cf5318197003550909d

SHA1
9e4662401cc01283eb03ad9b79a52b02713963fb

SHA256
5d7f6ab4f324bfaa347af5917a59a9b633f4dd891a96870235c6509fb9e7b5d4

SHA512
4897d94a4263451890e060a5488570c889dbd54e55fe9f4dc8c8ce00739ecf696392d9534d4f534370c59c073d496e0e5afac985cfb12b3c5d5e2a11523b06d8

Download Submit
C:\Users\Admin\Documents\DCSCMIN\IMDCSC.exe
Filesize
1.4MB

MD5
2abeee8718f57cf5318197003550909d

SHA1
9e4662401cc01283eb03ad9b79a52b02713963fb

SHA256
5d7f6ab4f324bfaa347af5917a59a9b633f4dd891a96870235c6509fb9e7b5d4

SHA512
4897d94a4263451890e060a5488570c889dbd54e55fe9f4dc8c8ce00739ecf696392d9534d4f534370c59c073d496e0e5afac985cfb12b3c5d5e2a11523b06d8

Download Submit
\Users\Admin\Documents\DCSCMIN\IMDCSC.exe
Filesize
1.4MB

MD5
2abeee8718f57cf5318197003550909d

SHA1
9e4662401cc01283eb03ad9b79a52b02713963fb

SHA256
5d7f6ab4f324bfaa347af5917a59a9b633f4dd891a96870235c6509fb9e7b5d4

SHA512
4897d94a4263451890e060a5488570c889dbd54e55fe9f4dc8c8ce00739ecf696392d9534d4f534370c59c073d496e0e5afac985cfb12b3c5d5e2a11523b06d8

Download Submit
memory/308-63-0x0000000005120000-0x0000000005160000-memory.dmp

Filesize
256KB

Download
memory/308-54-0x0000000000D90000-0x0000000000F08000-memory.dmp

Filesize
1.5MB

Download
memory/308-55-0x0000000000520000-0x000000000058E000-memory.dmp

Filesize
440KB

Download
memory/308-56-0x00000000003D0000-0x00000000003DE000-memory.dmp

Filesize
56KB

Download
memory/588-97-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/588-99-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/588-98-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/588-100-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/588-96-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/588-95-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/588-92-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/588-91-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/588-120-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/588-86-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/664-77-0x0000000000B90000-0x0000000000D08000-memory.dmp

Filesize
1.5MB

Download
memory/872-66-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/872-93-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-58-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-69-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-59-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-94-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/872-57-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-67-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-68-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-65-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-64-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-62-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-61-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/872-60-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/1380-115-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1380-101-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads