trigona | 8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376

General

Target

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
Size

1.1MB
MD5

eb9fdc083164c0cead39fecaad9aafb4
SHA1

19c8782165f56d4153658da5f88f9edd14ae2022
SHA256

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376
SHA512

c4c54de23730f5265d29372c21f4f2212a0204f9b83d7fba5dacb0578fbe9f1c95e7521ff892364253f0cd8f4cfbf5befbef387af942714eb4b1b983b0258603
SSDEEP

24576:2Y5sZYIcpO4Y4w+xEjN7oQr+O+uvjx8t2mEdp:/Y4470JYj+kmEf

Score

10^/10

trigona persistence ransomware spyware stealer

Malware Config

Signatures

Detects Trigona ransomware 14 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2704-133-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-134-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-135-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-137-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-139-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-1080-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-2831-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-4238-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-4239-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-4841-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-6007-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-9154-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-12590-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona
behavioral2/memory/2704-15768-0x0000000000400000-0x0000000000526000-memory.dmp	family_trigona

Trigona
A ransomware first seen at the beginning of the 2022.
ransomware trigona

Drops startup file 1 IoCs

Processes:

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

description	ioc	process
File created	\??\c:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\B1785F8BE82DCC36CA3ABB3C93156F22 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe"	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

Drops desktop.ini file(s) 3 IoCs

Processes:

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

description	ioc	process
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-144354903-2550862337-1367551827-1000\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\desktop.ini	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

Drops file in Program Files directory 64 IoCs

Processes:

8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

description	ioc	process
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\pl-pl\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\da-dk\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\lib\hijrah-config-umalqura.properties	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\pl-PL\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ppd.xrm-ms	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sv-se\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\sv-se\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\Microsoft.VisualStudio.Tools.Office.AppInfoDocument\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\ringless_calls\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app-api\dev\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\FPA_f33\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Windows Photo Viewer\en-US\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\db\lib\derbyclient.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Collections\contrast-white\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.23.28002.0_neutral_~_8wekyb3d8bbwe\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\pt_BR\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\archives\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\XLICONS.EXE	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\fr-CA\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_de_DE.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\lib\ext\sunpkcs11.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeStudentDemoR_BypassTrial180-ppd.xrm-ms	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\FPA_w1\WA104381125	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\sk-sk\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdaosp.dll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\images\bing.ico	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\OSFROAMINGPROXY.DLL	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jre1.8.0_66\lib\deploy\messages_it.properties	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jre1.8.0_66\lib\javafx.properties	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Resources\1033\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\uk-ua\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\am\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
File created	\??\c:\Program Files\WindowsApps\Microsoft.Wallet_2.4.18324.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\how_to_decrypt.hta	8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe

C:\Users\Admin\AppData\Local\Temp\8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe
"C:\Users\Admin\AppData\Local\Temp\8cbe32f31befe7c4169f25614afd1778006e4bda6c6091531bc7b4ff4bf62376.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2704

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-144354903-2550862337-1367551827-1000\desktop.ini
Filesize
2KB

MD5
acb3c7f34c4249cbde349a65298cf018

SHA1
9d53910d38c3e0206728b09ca97795a5e8d41bef

SHA256
06dbe68b6f93d4c9bf92ebd6437966585c0d501a33483d3e00fa610c2ebb5e75

SHA512
a6516de93242db1bbffdf54af87ecdc6d81a6902ae2a925d2f0c9452900f712fcf13e6f3eba3018a2bd991711c5c981ef5edac7c8e2d375cdf817e21cec3b0a4

Download Submit
C:\PerfLogs\how_to_decrypt.hta
Filesize
12KB

MD5
1e699be31956fff6c200b584ba94765c

SHA1
6008fd7e136b69083c6c36a8ea1792b4a5911c3a

SHA256
e851eecc74e557221825d66ca885bcf16602037557a6ee902de8fe13f4a16cbb

SHA512
83f60c1fca8a4d471dfd4a81fc1a361303963f48c7e91ca7cac12e7e97e98484f158af175e663eda8c72cd624963eccf022c92a107a4da557d285d253d03ea71

Download Submit
memory/2704-4238-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-4239-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-139-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-135-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-1080-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-2831-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-133-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-137-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-134-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-4841-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-6007-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-9154-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-12590-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download
memory/2704-15768-0x0000000000400000-0x0000000000526000-memory.dmp

Filesize
1.1MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads