c1758ef6789c7fd7f69f6a0b637a8e33c131616d60eb56d1269dfce81a04e97e

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2023, 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Braemar MTM Report.xlsx
Size

6KB
MD5

3804a454b737e8e8a537f76bc757cfd5
SHA1

64106a7e7f66b24cc95b65347cff58ad7cc88f1c
SHA256

c1758ef6789c7fd7f69f6a0b637a8e33c131616d60eb56d1269dfce81a04e97e
SHA512

fd7498ef05da9e7800f3be6041b44c4ee14985c643614c14ce787d906d7e5dd4bdd8e219ebf50c01809ebe70fdca1b18336ccb7bbe8c9f589fcc6d47422b49ed
SSDEEP

192:KSncztcR4cievArsmoVtnN8ECXxJCBUPwl5Quq2:VvUrrKtnGXx0ZlXt

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{58B5431D-2718-4A10-B489-EED492DAA7D1}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	EXCEL.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	EXCEL.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	EXCEL.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	EXCEL.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4564	EXCEL.EXE

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4564	EXCEL.EXE
4564	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE
4564	EXCEL.EXE

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\AppData\Local\Temp\Braemar MTM Report.xlsx"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4564

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:3708

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\wsuE724.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
1db14736ce77fe188fc4aabb1b3d36a8

SHA1
41850686c3fda516100d4644f70102902de5ea74

SHA256
61398f000206a4cff678791a8639fc42d864397cb60378bfd38048da5d5ac79f

SHA512
106bf6aeef5519c9bd3818288400a2ae39f36b6617eadba959bcd8ddc2696d4f9d8e938c442449ea43207d672486bae67d932fa7528e6255050657a38a95d1dc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
648b633f78f81dcbbe23604368091c03

SHA1
67bb3b6fe6c51e0c9655a2e43a3da974eb28041d

SHA256
2af0fcd0b0f2f531a1af8a1566c7e23b57296073928ce1f2c03a73179eb5dfc0

SHA512
e47ba02eaa8b54bd51635c60a8e908772ec7b349cc46a6cc73a865f98c2c06905ff599ce14831478b80160f596a37153c65f5715308218ecdca0dbdfa319a343

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
073f0560d877e29f698b0b4f8a2e0a60

SHA1
c6ee9425273051a830f8bb2bc7fd93a6f1233c67

SHA256
31112aade15adea7fbdf10928a1821f6db96b33a2b74a19f0bc9969e8fcecc73

SHA512
b8b213d8dc09c5c45e2b15a24852320434ec90f80264ceff5f97eb75cdf129266a50351d0ceb1e3a734fa17d3be44d4f7a4ec011908597c47f7ab398e0d0f035

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
535b0e8f9a2e31f6e38499c77528bfeb

SHA1
2d6757b3d7ffa40951e795a14956507f8c933c6e

SHA256
6476a9f98da7c1e67dc839e77ab75f61dfad38cf0e20a046c4169b978da24ce6

SHA512
c6b0436930b777008f6d16a4015ca8bc60aa57e2126a3a88ed6a4e8242ce39388f7e5c0ad4a62c90077a3b42ad240885bf8247855d90f19e897b95b689ff5a4a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
90934fa0db7e9c586dece2723aae9daa

SHA1
70edaa048d5ad6666036659ad80c5dcc3e9c3dfe

SHA256
f318645289a8d8d07685c92a0d6f511a57ac6f50e8dd6d1e72f76737aa8ccd02

SHA512
e3de4eee7f092863cd48d8a78296bfcd9cc81a08628ea57d7a3982217ab7eaa57180fd972d3bedf3041105cada42109e4dd367ab9642be12e83ce1bdb2c40c4e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
430cca71d8099585d6ea711e66f4ee39

SHA1
1307fa630eaaf9d5f6817ba7ae61bf2955ffe4de

SHA256
9be0182d92ddb4a4fd459e9da8d9c3532c586662aed264a6e7cdfe87d34ab6b9

SHA512
35ec0581773e20edd3d2df73f687cbf51768d464bd6f2df6895047bc43485438a6c892becabce7e77fc7fa600fdeaa7dfe769139349bd6791fec33d09e40527b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
ac087dea2490e97dd61843d0fd377288

SHA1
8534bda2c6894bd3ef162818003e680bfcbcd635

SHA256
60a62c7e6924d048ddaf9c67db5544cab132360ae36590a554a4b6aa3cef396a

SHA512
d2219919b20ff86e6c581c30c02109c48598abbbf6076cb3a65aeff002f93ae4d84ecb74c56e80de00427a9750927719f23a8f9c107f36646840a91fe33c7f8c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
572a8a0ddd150ba799341395e1b10341

SHA1
1e8ba8aa7696b568bf9ba9ba7062c19c5765dd22

SHA256
e697caae9342e297e3ab08167914442bf1c5aa4f7e8aa649b7c3cfdcda5b16ad

SHA512
5c69ed70df4148972cf7be515adbb39db4321a224973e53a6633d1802e9926894e10678f3f8ac82f385a755ac2ed2bffb3fa6159eef039e5d377313486004104

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
ef56f79cd19a463ae8b3247f080a4906

SHA1
4b3e229f1a017428bce5866e581c6952fb8749b1

SHA256
d32259d06964c4e39ba3247535c2e2bf4ffb0f8b396002d04d06fb2492404ce7

SHA512
48406852d6030cb415eb4ac66732970379c9b4f9f33a12e8848ccae7200db6aa88e6ee555702f41cfb76c12e74049b2b7cf315ec891e9017f479baf1e9b1eb4f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
f102a1d37754529e9f5308b337c9633d

SHA1
a5a2afa925ff5dd7f203aab816634eea7d3816e9

SHA256
6cb9ce7b5a5b9d9a687b14855446434d3e31357e26a095571123cbf3fbbc23ac

SHA512
418744aa7959a4a956e5150499e2791b228916c764b5823e7fb252f90924c0ad67aae66b48a765dd3d39892f3d190da56347b6fa016872c5619161d238f94142

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
8b14bd3f62f76823da379a8b60715cd8

SHA1
b7e6636e7d1a78f2e431b44c6826a88f6a11b8d1

SHA256
34c88b087310d69cafc6335f1d6cf7eec434a071f4394afbc9d1d088f8470dfe

SHA512
e1e05f986f0f1f413f033e613baae7c71135d0e36d02244dc7adcdc92750ca1f6eccda2047cf69d436afee83cecc78adb834ed8016c8505fe4198530568b10cb

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
98a8976c9a1e6d5290d55c9631fddfa2

SHA1
edcc12c6cd3020b3f70fc2afc796dfa200f6cfe0

SHA256
3f983edb73665da4a678ef327fd16c55b2f78f5fc388485bfcbd3a8c2bc8e0e5

SHA512
80deab8b6b41d985423dd5c27e3f0ffc3961a34c00c954de9102dd4947220348ce37f60c2a509186317f0e227ae966064b4ec34132d659bf5286a006a1dcb46a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
78962a9b34bc5a66ff9a0a470c46a1b8

SHA1
3600f0a9ba8b094cf2a5fcb81b50077a9676efbc

SHA256
97fb70916084302dfa579e805e6c75a20ba5f8f0adc9e4af6329ea50116dbb90

SHA512
00519971d50ceff6fa57012db3a1ca3a72ecc9de454e5092e5f541876888ac8c0a5a2542a34d2fb6b21d66b87497de8aa6de120db2933b5d00af5efff7fb0297

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
0eb30ad5b0b02cd783246885becc7059

SHA1
61ef09042d3f4ed8f4837b5dd120edc1e795c922

SHA256
9c84aa97c7f34544e9520b425395ad0fd7734fb3b3cfdb656b52df0ec2df2053

SHA512
65648c9a7f777221420d8fc388d53d93b7e1a4fd4e31c8bfe1a9916445d5405257a29843621b7905f9f3fca91fcdf9ae40b869a1c3f4a1616edf4acba46df2fc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
0dae76f695ca36357f3b9f0062974491

SHA1
e835cf846e02efea9e9fb39fe8b0b7b417577fd3

SHA256
2555e69d2be58ca7335741ef05905850d9f975de85fb7888ee6c1270f6a630da

SHA512
9f106ea8189eef8191b8c5d820f094011c08c3943e800b9944db4c203f13c5a521ac819ecbb44aed7be2f55907865c32d0cb9bef389f113edcfdf796d942b118

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
c9f014682b2b9700289ac07c7278f9cd

SHA1
821281ff53a7a8ea470b5582574ad50e0b850517

SHA256
09af9f438a8fc70c8e5a39750c9109f70c249a89ee45f757cebaeb7ca0cde6c1

SHA512
a0fdc8e2b0dea3d730a547c15e7d4ae0e71936b1585ea745b381a23ffb44429235e7b8e9e9917191eb1fa6d681a258d08b40532b99743a100f4ef0ec93649fc7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
cc669aa92545fbbd285c90453073ac61

SHA1
27623a38c45139662685144f13de747308a5259f

SHA256
4d7a9b273a12881f92a96aff6e0450a4d6dbfabf73fbd05c39e95d95ccfa9881

SHA512
45479290a4596499175f904d0f27315ab316f1261e449cc1dbb6bd69b1a2b4d758cb2bb00bd268ca4d8011470fa2779a40fbdc3e5aaa00a4d61a256cbcc8cc94

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
4bdcd85d0c860540438d0fb950016954

SHA1
b30eb7c14f0d24c32ba4c2064317d90afa9ace4c

SHA256
b63a8452149a689ef816e945616cd2786b12ad1af2194c25f6f5238d88507177

SHA512
4bca97ac9027acd34d6e605b9d2929c72148e15513c70620e19c13eadf6e3846ea84e939ace301fb31596b574268d99954804ce3d86a904cafd29c6de4318df9

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
b6ce4372d5dc643f8bb360529d5190e7

SHA1
189abdcbc24135f105b26b54de88dc43ce73af90

SHA256
f66d7bc0957f565ece70cc170b2075d1d68b1a93fd7adcfe968a26b19d56cc6a

SHA512
e078726f823fd9417d5cbbc75589a3f5e6d4717da7763608398063bd0bef674fd10874ad88f778f96a098d9bfee8a941b3dc4bec7d7a88872c3f25f220fa5701

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
8a39e09c0dffe8e86d6aea18b7b406c4

SHA1
699eea834d455d27bfd0ff939e3ec415a4174fc4

SHA256
ee92a5f4f778e8ca4ebb0f56fc40be2550eb7a643a71c33ac9db913d7bf5b9de

SHA512
d3bfd363617ff54a120ad38c19d1f8620f497ae9633a9292295844fb49bedfd1bdbc8d92eb48016c5fa858b8da5347c76db7d8de19e97e33b2743b7c1b640837

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
725853c47d96de1d00c57736218f0b1c

SHA1
c76ad33c94e2f573f5d67094e6eb8d1197ca37dc

SHA256
b6521c99ef1f10eacb1a8932497ed7d4000078c108a1fd39597e8ee28cf20777

SHA512
392dc79dc0c56b807a3253ec7a4e5786c5db036306099243db417a69024eab1309d4cb2dd45dd85e26df57a69318a24cf790933ef5524988d9edf6934356467c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
5750efafa058124ec2e216502b30c7c0

SHA1
aa7463f72452692cec6af08071550e4b3eea332f

SHA256
8d1dd1236275fe59e645907bbf0bea8a73601a2cfb0d521e19ebbd67ee4e0f35

SHA512
e7eea8527b483658db591d36e5c48de243c246aac82b5d3c2ff96e641a406d4b9c89b5b82a59449c20a232f8ed6c1218e0cceb39dc4696d70df0aa0f8239d087

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
649e3f2fc1fa0323edcee98ff1aa2435

SHA1
bcc138354d6deeb11129dd85c629630bb4a20dc6

SHA256
60aab52aea2f554a702f8a91dd40009de573ade9a94312938597934d033d6bab

SHA512
a43f7982a46b7fa4e96045d2feccb67566b0aeb474c197d53bb0e5fffa23a870ca4c58f1048c18d2c17b72a7ea7d226439d13e32878d2483e09e2c26908450d7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
5064f05e7c9918685294ced5b1c1aef7

SHA1
28e0bacd7750882864322854a332c56a6a532273

SHA256
505259888df234bb300d70fd8ceeaa321f0596539a1a9bacb6d111a96b072b8b

SHA512
7a7b894116fddaef55dffcb32a03f87bbc34e0cf94f18624aeb17f402f918c264620b67ad435f75545f572c118074272bde04b32d43370fbcff7daa0e7c95e0e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
a5ae49e64e531a1958ad2eca49a4b54d

SHA1
bcbfa7379bd138527fab8181eb255a83293c4f5e

SHA256
d5d4115343892cd9c3192333c98dffbf1e7a6cccbbd3f03ab069c2c908b8d4d5

SHA512
c745409be3dea828cb7bd5a19b95cc82e742e250d138b90a623c57fc9182902d415c951d7db020682b89e3bc9a93696f7a1ffc9412f9f6087335c986c0c6a55e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
0bac04f0fdb4fb497599eded766fd4fe

SHA1
b85cbf8b9d40852d33da061ac42b61f103d76dac

SHA256
f784dfa8849c1ac373219076154095468dde035b8cf971f5ff3afb47a2f7069a

SHA512
10f7f29206078946826983c7c8ffe0bc423a717eaad8e72250f667c6ac9aa52499c409e860937e395e18ddb8323b1bbf5573b7fa4651c87418ad9dfedd753c00

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
ffc27a33a843fee6ef0adc92f712943e

SHA1
b88c9fc61a0ed5165b3a48a4bf2a86e58b451968

SHA256
37a62eb4d6be9f752ec947ab290376e64ac01b65cf1f630c37b2a5b34cf7e4d0

SHA512
a7017ea9f794add5015ee752816d5640ee014adf5434651b72ae6b2cc840f8cf3c80b6f8b0adc91763cf3abe8ef703e4917132df073b07ac0c2919705272ee4f

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
8829b1608ea9acfed2d4b54e3b00b0d8

SHA1
37a523951ff19df31c152f79714bc2585b96630c

SHA256
5b8990a5a58b088849d6720d0c9d05f28610bfce2a26d7f5a54a788c580ec8d5

SHA512
fe4cf22379c84af16c8fcefea44f871b5b1aa65ebfea7f4e8ebcb178d20bddc6df3f919f0103e5af4fa82e73bb54a26d5d332cb1e6494c782e8f82c98b6b2553

Download Submit
memory/4564-146-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-154-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-153-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-149-0x00007FFBDC0B0000-0x00007FFBDC0C0000-memory.dmp

Filesize
64KB

Download
memory/4564-151-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-150-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-491-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/4564-490-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/4564-489-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/4564-492-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/4564-493-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-148-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-147-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-133-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/4564-145-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-143-0x00007FFBDC0B0000-0x00007FFBDC0C0000-memory.dmp

Filesize
64KB

Download
memory/4564-144-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-142-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-141-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-136-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/4564-139-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/4564-140-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/4564-138-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-137-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download
memory/4564-135-0x00007FFBDE850000-0x00007FFBDE860000-memory.dmp

Filesize
64KB

Download
memory/4564-134-0x00007FFC1E7D0000-0x00007FFC1E9C5000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads