33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0

Analysis

max time kernel
293s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
17/03/2023, 22:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe
Size

3.4MB
MD5

41b8532d997713259f828693c247e2f6
SHA1

91ad435234c77841bdd2df3879752e4d0340d093
SHA256

33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0
SHA512

65a50595b57de8a6b79796ed4bfed86abfb6dabf84f830e25a4e40cf3c7f4ab663bfd079b7665a671b0594b9b17ec5d5a2bbd3367cd8f317887b00c1d63c8050
SSDEEP

98304:7aD2xzt49ndR/hqOAX7Jhh15VRN6UnNOzF7:vt4rqN19ne

Score

9^/10

discovery evasion trojan upx

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Executes dropped EXE 2 IoCs

pid	Process
956	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe
1164	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Loads dropped DLL 4 IoCs

pid	Process
2012	AppLaunch.exe
2012	AppLaunch.exe
1052	taskeng.exe
1052	taskeng.exe

Modifies file permissions 1 TTPs 3 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1708	icacls.exe
1720	icacls.exe
1388	icacls.exe

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000013987-69.dat	upx
behavioral1/files/0x0007000000013987-70.dat	upx
behavioral1/files/0x0007000000013987-73.dat	upx
behavioral1/files/0x0007000000013987-76.dat	upx
behavioral1/files/0x0007000000013987-74.dat	upx
behavioral1/memory/956-78-0x000000013FB30000-0x000000014004F000-memory.dmp	upx
behavioral1/memory/956-79-0x000000013FB30000-0x000000014004F000-memory.dmp	upx
behavioral1/memory/956-80-0x000000013FB30000-0x000000014004F000-memory.dmp	upx
behavioral1/memory/956-81-0x000000013FB30000-0x000000014004F000-memory.dmp	upx
behavioral1/files/0x0007000000013987-82.dat	upx
behavioral1/files/0x0007000000013987-83.dat	upx
behavioral1/files/0x0007000000013987-84.dat	upx
behavioral1/memory/1164-87-0x000000013FC30000-0x000000014014F000-memory.dmp	upx
behavioral1/memory/1164-88-0x000000013FC30000-0x000000014014F000-memory.dmp	upx
behavioral1/memory/1164-89-0x000000013FC30000-0x000000014014F000-memory.dmp	upx
behavioral1/memory/1164-90-0x000000013FC30000-0x000000014014F000-memory.dmp	upx
behavioral1/memory/1164-92-0x000000013FC30000-0x000000014014F000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2016 set thread context of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29

Program crash 1 IoCs

pid	pid_target	Process	procid_target
580	2016	WerFault.exe	27

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task

T1053

pid	Process
540	schtasks.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29
PID 2016 wrote to memory of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29
PID 2016 wrote to memory of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29
PID 2016 wrote to memory of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29
PID 2016 wrote to memory of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29
PID 2016 wrote to memory of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29
PID 2016 wrote to memory of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29
PID 2016 wrote to memory of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29
PID 2016 wrote to memory of 2012	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	29
PID 2016 wrote to memory of 580	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	30
PID 2016 wrote to memory of 580	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	30
PID 2016 wrote to memory of 580	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	30
PID 2016 wrote to memory of 580	2016	33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe	30
PID 2012 wrote to memory of 1708	2012	AppLaunch.exe	31
PID 2012 wrote to memory of 1708	2012	AppLaunch.exe	31
PID 2012 wrote to memory of 1708	2012	AppLaunch.exe	31
PID 2012 wrote to memory of 1708	2012	AppLaunch.exe	31
PID 2012 wrote to memory of 1708	2012	AppLaunch.exe	31
PID 2012 wrote to memory of 1708	2012	AppLaunch.exe	31
PID 2012 wrote to memory of 1708	2012	AppLaunch.exe	31
PID 2012 wrote to memory of 1720	2012	AppLaunch.exe	32
PID 2012 wrote to memory of 1720	2012	AppLaunch.exe	32
PID 2012 wrote to memory of 1720	2012	AppLaunch.exe	32
PID 2012 wrote to memory of 1720	2012	AppLaunch.exe	32
PID 2012 wrote to memory of 1720	2012	AppLaunch.exe	32
PID 2012 wrote to memory of 1720	2012	AppLaunch.exe	32
PID 2012 wrote to memory of 1720	2012	AppLaunch.exe	32
PID 2012 wrote to memory of 1388	2012	AppLaunch.exe	35
PID 2012 wrote to memory of 1388	2012	AppLaunch.exe	35
PID 2012 wrote to memory of 1388	2012	AppLaunch.exe	35
PID 2012 wrote to memory of 1388	2012	AppLaunch.exe	35
PID 2012 wrote to memory of 1388	2012	AppLaunch.exe	35
PID 2012 wrote to memory of 1388	2012	AppLaunch.exe	35
PID 2012 wrote to memory of 1388	2012	AppLaunch.exe	35
PID 2012 wrote to memory of 540	2012	AppLaunch.exe	36
PID 2012 wrote to memory of 540	2012	AppLaunch.exe	36
PID 2012 wrote to memory of 540	2012	AppLaunch.exe	36
PID 2012 wrote to memory of 540	2012	AppLaunch.exe	36
PID 2012 wrote to memory of 540	2012	AppLaunch.exe	36
PID 2012 wrote to memory of 540	2012	AppLaunch.exe	36
PID 2012 wrote to memory of 540	2012	AppLaunch.exe	36
PID 2012 wrote to memory of 956	2012	AppLaunch.exe	39
PID 2012 wrote to memory of 956	2012	AppLaunch.exe	39
PID 2012 wrote to memory of 956	2012	AppLaunch.exe	39
PID 2012 wrote to memory of 956	2012	AppLaunch.exe	39
PID 1052 wrote to memory of 1164	1052	taskeng.exe	41
PID 1052 wrote to memory of 1164	1052	taskeng.exe	41
PID 1052 wrote to memory of 1164	1052	taskeng.exe	41

C:\Users\Admin\AppData\Local\Temp\33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe
"C:\Users\Admin\AppData\Local\Temp\33745b0b347bcf79ef1f3aa234b939e9cb0d0171cd20c7073b1a7317350f75a0.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
  "C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\AppLaunch.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Windows\SysWOW64\icacls.exe
    "C:\Windows\System32\icacls.exe" "C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8" /inheritance:e /deny "*S-1-1-0:(R,REA,RA,RD)"
    3⤵
    - Modifies file permissions
    PID:1708
- - C:\Windows\SysWOW64\icacls.exe
    "C:\Windows\System32\icacls.exe" "C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8" /inheritance:e /deny "*S-1-5-7:(R,REA,RA,RD)"
    3⤵
    - Modifies file permissions
    PID:1720
- - C:\Windows\SysWOW64\icacls.exe
    "C:\Windows\System32\icacls.exe" "C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8" /inheritance:e /deny "admin:(R,REA,RA,RD)"
    3⤵
    - Modifies file permissions
    PID:1388
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /CREATE /TN "MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8" /TR "C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe" /SC MINUTE
    3⤵
    - Creates scheduled task(s)
    PID:540
- - C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe
    "C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe" "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:956
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 144
  2⤵
  - Program crash
  PID:580

C:\Windows\system32\taskeng.exe
taskeng.exe {1A81ADE1-AFF0-48A9-8E07-F4A00BD4E78D} S-1-5-21-1283023626-844874658-3193756055-1000:THEQWNRW\Admin:Interactive:[1]
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1052
- C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe
  C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  PID:1164

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

File and Directory Permissions Modification

T1222

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Filesize
512.6MB

MD5
b23abe4c83cd3336ce78fb1efb0a2c7f

SHA1
1703870fb8b027e1554d1e28bfe4cf61db6dc310

SHA256
729a092edaf1ab636fd9b1dc98b1202bc85f57bc1e1fa3f98c2ce6775a098a6c

SHA512
b4caf9ea070dab32f2534b6957b683d6acdffd7a67130f2a7a5d0d353d8d1d72b89cd1c8aa1bc48481bf561d560d2fe4e561898f8ca24b315f611b6ee711d769

Download Submit
C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Filesize
549.1MB

MD5
ad11159213a7c038edfcaba522173837

SHA1
75ccd98e62b819016bb309b1609edebff15ae8d8

SHA256
db2ef8846d09218454d9db72d5838a227d853020b5d5a34f05397ddd8f1e6b6d

SHA512
9930a8fb269d9ed0792cdb48e48e7c31f780084e8fccdf74730da87763389eec3a57b46c5b077f050384b9979009d1130110f11b9269de3c46b7f5fbd99ab533

Download Submit
C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Filesize
536.4MB

MD5
1e9b96698904094a17f34924a75cec4a

SHA1
a705831652e8bd1e2f5cfa6ac09781d78cc3782a

SHA256
c568948fded340142fe62691e59b5600df0e9d9c9d9cc5bb7716255c3118b808

SHA512
1ac9a695ac8453afaa4fe3d7023bd83718d14a834272cacac64f07e81eb0abefe135deac7f9fc41d386633f2e31d6a2e3d1cdfba132229568acf69f6987429f4

Download Submit
C:\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Filesize
504.9MB

MD5
5ce3055671acbb4d345524d884297c28

SHA1
5b5e424ee856a8847cb837f8944b4529a65d05a1

SHA256
12f5ee0efcd35bd18f980806e8c396ca32e6abf6648f7f5771e4d27b2063a69c

SHA512
613873f84e357c851dc08aa15de39cd3d5af0f99b54e5c6c43122f0f8fb30f97ab04b9771cd8ffb6a0af05ca1f3f33a5a1e02f13cdf955e7f64c0ea53064c720

Download Submit
\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Filesize
569.6MB

MD5
28c37077bc50cec8c97e277cd5754ae3

SHA1
38ad3819bcb2c717f6ff98a3f0bdd8af8cbec53a

SHA256
e0494eeccd59c223470496927dbe788c0d65e8f351d4bee883530ca1783a3982

SHA512
a50fabe0a03457a6262d6a21255d4502e8dc912c083eb2543d8643b8ed401f985560ef5a30c717d1da653588c9837cd1e5e05f26e24bae5432860b6f72b9e5a0

Download Submit
\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Filesize
491.9MB

MD5
dcaa24e0a81d4bb6c77f15b1bbfef115

SHA1
02594179802374da5a5e5218245d7053fe241b07

SHA256
c561d8b1038ac427d7bbc1177ebf54a5a22842b3f69ef93398928bedf040faf5

SHA512
ff496784cd3831dec4a8b0589bc438f0a738c5e4d9a2190ebce94b482d4319bb0871e4d24ac71862a92d747e72593ad97cd169ec69625b9e1c49afebdcbf32cc

Download Submit
\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Filesize
496.9MB

MD5
760422753315ca66d48894f9a03f5744

SHA1
4fb53255284f94d0e14fa9c03a5de93cd0bda439

SHA256
e3552828290d9983942c21c031f8b8adbd07a814664a38dbba139ec52440b698

SHA512
1f43aee66f49ca6f66f648caf0b4af1327a1e5f2262a42506fec2da639a9396cc313a74b86004f5ec7256e93b250a41bdb508c76b4b4d1ca13b4f7aca8a0dd03

Download Submit
\ProgramData\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8\MicrosoftMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-type0.5.1.8.exe

Filesize
493.1MB

MD5
ad2a3021b288f3df1c0469bb036b0d91

SHA1
3dc6594fca9e015af0eb76cdd7c82cd456ecdbdd

SHA256
62dc889057bc16f17861645588cf129ebdb662f0195eed91fbaf5013e5438c51

SHA512
4b692dd45ba1066bfbc7ee20c935a9472904029b0a503ad28f40e625316f17a525484101d588002b4ea4cc2a5c542861b29a03ca0767840a8b4bd16dba079fe4

Download Submit
memory/956-78-0x000000013FB30000-0x000000014004F000-memory.dmp

Filesize
5.1MB

Download
memory/956-81-0x000000013FB30000-0x000000014004F000-memory.dmp

Filesize
5.1MB

Download
memory/956-80-0x000000013FB30000-0x000000014004F000-memory.dmp

Filesize
5.1MB

Download
memory/956-79-0x000000013FB30000-0x000000014004F000-memory.dmp

Filesize
5.1MB

Download
memory/1052-85-0x000000013FC30000-0x000000014014F000-memory.dmp

Filesize
5.1MB

Download
memory/1052-86-0x000000013FC30000-0x000000014014F000-memory.dmp

Filesize
5.1MB

Download
memory/1052-91-0x000000013FC30000-0x000000014014F000-memory.dmp

Filesize
5.1MB

Download
memory/1164-92-0x000000013FC30000-0x000000014014F000-memory.dmp

Filesize
5.1MB

Download
memory/1164-90-0x000000013FC30000-0x000000014014F000-memory.dmp

Filesize
5.1MB

Download
memory/1164-89-0x000000013FC30000-0x000000014014F000-memory.dmp

Filesize
5.1MB

Download
memory/1164-88-0x000000013FC30000-0x000000014014F000-memory.dmp

Filesize
5.1MB

Download
memory/1164-87-0x000000013FC30000-0x000000014014F000-memory.dmp

Filesize
5.1MB

Download
memory/2012-63-0x0000000005110000-0x0000000005150000-memory.dmp

Filesize
256KB

Download
memory/2012-54-0x0000000000410000-0x000000000076C000-memory.dmp

Filesize
3.4MB

Download
memory/2012-55-0x0000000000410000-0x000000000076C000-memory.dmp

Filesize
3.4MB

Download
memory/2012-66-0x0000000005110000-0x0000000005150000-memory.dmp

Filesize
256KB

Download
memory/2012-59-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2012-65-0x0000000005110000-0x0000000005150000-memory.dmp

Filesize
256KB

Download
memory/2012-64-0x0000000005110000-0x0000000005150000-memory.dmp

Filesize
256KB

Download
memory/2012-75-0x0000000008100000-0x000000000861F000-memory.dmp

Filesize
5.1MB

Download
memory/2012-62-0x0000000000410000-0x000000000076C000-memory.dmp

Filesize
3.4MB

Download
memory/2012-77-0x0000000008100000-0x000000000861F000-memory.dmp

Filesize
5.1MB

Download
memory/2012-61-0x0000000000410000-0x000000000076C000-memory.dmp

Filesize
3.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads