43c9c228baf00bc4614fdeb578eb84ad2232cef6c2820046b0b9fec502be573f

General

Target

Crypter.exe
Size

129KB
MD5

9c62af504ce79cc4c0bbcc2612f3c4db
SHA1

37c01dc0342c161569e9d434246dc42962c00860
SHA256

43c9c228baf00bc4614fdeb578eb84ad2232cef6c2820046b0b9fec502be573f
SHA512

3572b9dde32844ba873de6c994dcf42e71bc217806390d6cf9d767d4c837266592087837aa70991604e3bd283a27a6e11d1d48177996213e8575326f86f839f3
SSDEEP

3072:qLbLpVIYbQf91G3im/2Ef07JysgNv8Ofr4pt6Y46ab6koEMQBfjS3f2vYeBgrOi4:qTpVXvxyq6ko0BSveYprzOu3ScuT06

Score

9^/10

ransomware spyware stealer

Malware Config

Signatures

Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
ransomware

Processes:

Crypter.exe

description ioc process

File opened for modification C:\Users\Admin\Pictures\UseWrite.tiff Crypter.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\UseWrite.tiff	Crypter.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Crypter.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	Crypter.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

Crypter.exe

description ioc process

File opened (read-only) \??\D: Crypter.exe

description	ioc	process
File opened (read-only)	\??\D:	Crypter.exe

Drops file in Program Files directory 64 IoCs

Processes:

Crypter.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BREEZE\BREEZE.INF.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\compare.png	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\css\tool-selector.css	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL026.XML	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\zh-tw\ui-strings.js	Crypter.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square150x150Logo.scale-200.png	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-125_contrast-black.png	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16.png	Crypter.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\es\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\SmallTile.scale-125.png	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailAppList.targetsize-30.png	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_pt_BR.properties	Crypter.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\lib\resources.jar.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-150.png	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\it-it\ui-strings.js	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ca-es\ui-strings.js	Crypter.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Light.scale-400.png	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-140.png	Crypter.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\sl.pak.DATA.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\MedTile.scale-125.png	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File created	C:\Program Files\Java\jre1.8.0_66\lib\applet\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageSplashScreen.scale-150_contrast-black.png	Crypter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\it-it\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchWide310x150Logo.scale-125_contrast-white.png	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-40_altform-colorize.png	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-72.png	Crypter.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunec.jar.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\12.png	Crypter.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\COPYRIGHT.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms	Crypter.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_US\Excluded.txt.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ja-jp\#FILE ENCRYPTED.txt	Crypter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\MEIPreload\manifest.json	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PerfBoost.exe	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\Toast.svg.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White@3x.png	Crypter.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\vcruntime140.dll.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\manifests\BuiltinResearcher.xml	Crypter.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.scale-200_contrast-white.png	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\root\ui-strings.js.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms	Crypter.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\de.pak	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_organize_18.svg	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\pl-pl\ui-strings.js.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.EMAIL=[antistrees2000@keemail.me]ID=[6A3C5245BE2098C3].BTC	Crypter.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL	Crypter.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\themes\dark\new_icons.png	Crypter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Interacts with shadow copies 2 TTPs 2 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1107

Inhibit System Recovery
T1490

Processes:

vssadmin.exevssadmin.exe

pid process

224 vssadmin.exe
4876 vssadmin.exe

pid	process
224	vssadmin.exe
4876	vssadmin.exe

Modifies registry class 1 IoCs

Processes:

StartMenuExperienceHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Crypter.exe

pid	process
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe
4568	Crypter.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

vssvc.exe

description pid process

Token: SeBackupPrivilege 8 vssvc.exe
Token: SeRestorePrivilege 8 vssvc.exe
Token: SeAuditPrivilege 8 vssvc.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

StartMenuExperienceHost.exe

pid process

6072 StartMenuExperienceHost.exe

description	pid	process
Token: SeBackupPrivilege	8	vssvc.exe
Token: SeRestorePrivilege	8	vssvc.exe
Token: SeAuditPrivilege	8	vssvc.exe

pid	process
6072	StartMenuExperienceHost.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

Crypter.execmd.execmd.exe

description	pid	process	target process
PID 4568 wrote to memory of 4572	4568	Crypter.exe	cmd.exe
PID 4568 wrote to memory of 4572	4568	Crypter.exe	cmd.exe
PID 4572 wrote to memory of 224	4572	cmd.exe	vssadmin.exe
PID 4572 wrote to memory of 224	4572	cmd.exe	vssadmin.exe
PID 4568 wrote to memory of 3224	4568	Crypter.exe	cmd.exe
PID 4568 wrote to memory of 3224	4568	Crypter.exe	cmd.exe
PID 3224 wrote to memory of 4876	3224	cmd.exe	vssadmin.exe
PID 3224 wrote to memory of 4876	3224	cmd.exe	vssadmin.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\Crypter.exe
"C:\Users\Admin\AppData\Local\Temp\Crypter.exe"
1⤵
- Modifies extensions of user files
- Checks computer location settings
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4568

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
2⤵
- Suspicious use of WriteProcessMemory
PID:4572

C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
3⤵
- Interacts with shadow copies
PID:224

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c vssadmin.exe delete shadows /all /quiet
2⤵
- Suspicious use of WriteProcessMemory
PID:3224

C:\Windows\system32\vssadmin.exe
vssadmin.exe delete shadows /all /quiet
3⤵
- Interacts with shadow copies
PID:4876

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:8

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:444

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6072

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\#FILE ENCRYPTED.txt
1⤵
PID:5204

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5144

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2

T1107

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Peripheral Device Discovery

1

T1120

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\#FILE ENCRYPTED.txt
Filesize
332B

MD5
94250996214fbc1194e5d00ca0472059

SHA1
4aa601fd325613df0d1e070cd9b97aaeba31033e

SHA256
9dbda2ff049da53281eb3336461d309b8da1de14c11169187dcfc08dcbfe4b7d

SHA512
8ff4dfbe8cfd6c7ab86d045827a3fa79303f77e6fa4c9ef1d5000cbf36e9a8b8c397ec2fc98de341305151872e7a50e9184a385fc703907384cb5fdaba57938f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\~tartUnifiedTileModelCache.tmp
Filesize
14KB

MD5
d1526c611fbfa91ce5d14239ae65da65

SHA1
9a0e562796985467c8e64545427f13506a4e7487

SHA256
167aa904fbe7aab5885a364596c3f01efca69badbb90ca8c2660ea3e46ec4ae2

SHA512
94e5601e35a84ac3d8838ff2ee45c60a2072a5e030fdfbb6e518f731b88b56e0da4b002d34129598d64e8025274aef8a0e44ca82ddb32c8214073def3740105d

Download Submit
C:\Users\Admin\Desktop\#FILE ENCRYPTED.txt
Filesize
332B

MD5
94250996214fbc1194e5d00ca0472059

SHA1
4aa601fd325613df0d1e070cd9b97aaeba31033e

SHA256
9dbda2ff049da53281eb3336461d309b8da1de14c11169187dcfc08dcbfe4b7d

SHA512
8ff4dfbe8cfd6c7ab86d045827a3fa79303f77e6fa4c9ef1d5000cbf36e9a8b8c397ec2fc98de341305151872e7a50e9184a385fc703907384cb5fdaba57938f

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads