060ccee34d28fdcd93978fcd2e7d21be1edcd5839a6a9b57bf81b348bcc275b6

Analysis

max time kernel
151s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2023 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0347902196148ab771382b99d424660b_magniber_JC.exe
Size

19.2MB
MD5

0347902196148ab771382b99d424660b
SHA1

ec10e23dd1243172bf32f2c3a6708c7c8c77d29a
SHA256

060ccee34d28fdcd93978fcd2e7d21be1edcd5839a6a9b57bf81b348bcc275b6
SHA512

46b0e41bfc570cd348fa5f136a5947aba0ee3a3385d3df42fa8eb39e72a7247b3950be7c5776e8cada2cbb95b3d6b74ee2cc2c93368821a903767d699513e8f5
SSDEEP

393216:o3ifOR8Cd9UTc1eHxpLkrdInmvj67qyzcIPnG8cPcT6v:dq7UA1eHxlkJInmvmqCGhMk

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5056-157-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-161-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-163-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-167-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-168-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-195-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-280-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-328-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-808-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-1225-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-1233-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-1237-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-1241-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-1245-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-1249-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-1253-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx
behavioral2/memory/5056-1257-0x00000000039B0000-0x0000000005CAE000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	0347902196148ab771382b99d424660b_magniber_JC.exe

Loads dropped DLL 3 IoCs

pid	Process
5056	0347902196148ab771382b99d424660b_magniber_JC.exe
5056	0347902196148ab771382b99d424660b_magniber_JC.exe
5056	0347902196148ab771382b99d424660b_magniber_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2436	wmic.exe
Token: SeSecurityPrivilege	2436	wmic.exe
Token: SeTakeOwnershipPrivilege	2436	wmic.exe
Token: SeLoadDriverPrivilege	2436	wmic.exe
Token: SeSystemProfilePrivilege	2436	wmic.exe
Token: SeSystemtimePrivilege	2436	wmic.exe
Token: SeProfSingleProcessPrivilege	2436	wmic.exe
Token: SeIncBasePriorityPrivilege	2436	wmic.exe
Token: SeCreatePagefilePrivilege	2436	wmic.exe
Token: SeBackupPrivilege	2436	wmic.exe
Token: SeRestorePrivilege	2436	wmic.exe
Token: SeShutdownPrivilege	2436	wmic.exe
Token: SeDebugPrivilege	2436	wmic.exe
Token: SeSystemEnvironmentPrivilege	2436	wmic.exe
Token: SeRemoteShutdownPrivilege	2436	wmic.exe
Token: SeUndockPrivilege	2436	wmic.exe
Token: SeManageVolumePrivilege	2436	wmic.exe
Token: 33	2436	wmic.exe
Token: 34	2436	wmic.exe
Token: 35	2436	wmic.exe
Token: 36	2436	wmic.exe
Token: SeIncreaseQuotaPrivilege	2436	wmic.exe
Token: SeSecurityPrivilege	2436	wmic.exe
Token: SeTakeOwnershipPrivilege	2436	wmic.exe
Token: SeLoadDriverPrivilege	2436	wmic.exe
Token: SeSystemProfilePrivilege	2436	wmic.exe
Token: SeSystemtimePrivilege	2436	wmic.exe
Token: SeProfSingleProcessPrivilege	2436	wmic.exe
Token: SeIncBasePriorityPrivilege	2436	wmic.exe
Token: SeCreatePagefilePrivilege	2436	wmic.exe
Token: SeBackupPrivilege	2436	wmic.exe
Token: SeRestorePrivilege	2436	wmic.exe
Token: SeShutdownPrivilege	2436	wmic.exe
Token: SeDebugPrivilege	2436	wmic.exe
Token: SeSystemEnvironmentPrivilege	2436	wmic.exe
Token: SeRemoteShutdownPrivilege	2436	wmic.exe
Token: SeUndockPrivilege	2436	wmic.exe
Token: SeManageVolumePrivilege	2436	wmic.exe
Token: 33	2436	wmic.exe
Token: 34	2436	wmic.exe
Token: 35	2436	wmic.exe
Token: 36	2436	wmic.exe
Token: SeIncreaseQuotaPrivilege	1132	wmic.exe
Token: SeSecurityPrivilege	1132	wmic.exe
Token: SeTakeOwnershipPrivilege	1132	wmic.exe
Token: SeLoadDriverPrivilege	1132	wmic.exe
Token: SeSystemProfilePrivilege	1132	wmic.exe
Token: SeSystemtimePrivilege	1132	wmic.exe
Token: SeProfSingleProcessPrivilege	1132	wmic.exe
Token: SeIncBasePriorityPrivilege	1132	wmic.exe
Token: SeCreatePagefilePrivilege	1132	wmic.exe
Token: SeBackupPrivilege	1132	wmic.exe
Token: SeRestorePrivilege	1132	wmic.exe
Token: SeShutdownPrivilege	1132	wmic.exe
Token: SeDebugPrivilege	1132	wmic.exe
Token: SeSystemEnvironmentPrivilege	1132	wmic.exe
Token: SeRemoteShutdownPrivilege	1132	wmic.exe
Token: SeUndockPrivilege	1132	wmic.exe
Token: SeManageVolumePrivilege	1132	wmic.exe
Token: 33	1132	wmic.exe
Token: 34	1132	wmic.exe
Token: 35	1132	wmic.exe
Token: 36	1132	wmic.exe
Token: SeIncreaseQuotaPrivilege	1132	wmic.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 2436	5056	0347902196148ab771382b99d424660b_magniber_JC.exe	81
PID 5056 wrote to memory of 2436	5056	0347902196148ab771382b99d424660b_magniber_JC.exe	81
PID 5056 wrote to memory of 2436	5056	0347902196148ab771382b99d424660b_magniber_JC.exe	81
PID 5056 wrote to memory of 1132	5056	0347902196148ab771382b99d424660b_magniber_JC.exe	86
PID 5056 wrote to memory of 1132	5056	0347902196148ab771382b99d424660b_magniber_JC.exe	86
PID 5056 wrote to memory of 1132	5056	0347902196148ab771382b99d424660b_magniber_JC.exe	86

C:\Users\Admin\AppData\Local\Temp\0347902196148ab771382b99d424660b_magniber_JC.exe
"C:\Users\Admin\AppData\Local\Temp\0347902196148ab771382b99d424660b_magniber_JC.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic csproduct get UUID
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2436
- C:\Windows\SysWOW64\Wbem\wmic.exe
  wmic csproduct get UUID
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\evb4C09.tmp

Filesize
1KB

MD5
c41255933a1b7b4aa656a7de8667e704

SHA1
bed4eada23fce8759a20f80cc3750056de3560e6

SHA256
de0e17aea3fe13d919e011bca1179ff56b59b0e3c7f5583304f9185724ed2767

SHA512
a3761f5be9e20777c426de57fa3cab1be0acc2dd8e10e9cda3c23d6004af88d3c71af68228c80105833f6ed5b41dcaad991f8387336a7deefa63926a26c7e414

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb4C87.tmp

Filesize
1KB

MD5
ffd68007d091d34416952217235ce8a9

SHA1
e032c79fcfbe3a91895fa2545da45e152b597e9e

SHA256
5aa4931ef072188ac33e5250a515a905fff4b298ce897e32dcf8c7e696f77061

SHA512
1cd6261337606e4a448cd065eb5b031cd0d9a6190fce21da59c7862d0a3a18df64a40334fbb44a3a48565f2920aea7b1272bc93d31e439c8cd210fd125aeca43

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb5A43.tmp

Filesize
1KB

MD5
d6303208414ea9d403db3761712d1aff

SHA1
b4b817b6d8720cba6f55db709326f5f4334b7d33

SHA256
f28b9c74c53ce02a0877ce21b053e362dd963e53a9defd38d7dd37daa7f3726c

SHA512
3ac72925a4933df123c2bdb9c4954be5f90f4d577264d1e5bfb6371dd5dbb8e035dcc7dc5d15a1882310d92ba2e48f6ba5a6ffd4b5bad01b122a47d67190faa1

Download Submit
C:\Users\Admin\AppData\Roaming\37mobile\ysc_pc\0347902196148ab771382b99d424660b_magniber_JC\cookies.dat

Filesize
254B

MD5
fd63ca1bd34901d9a2e35a828c719b04

SHA1
87c390057948011c391d1ef02b1ac2eef52b91ec

SHA256
c7674d464bb3f2da2f2f035c2c9a285fd8cef9fb6de8d85e639312cf67d9f1c3

SHA512
d03f67a218f47a0756027aa8cc9efff7ebc0b9b9a7858ac39b34db312ccf75a31a9538a5d4d3a6df0f805e12a5253cd38fbe12d2271b3be7f84c4caeace5a8e0

Download Submit
C:\Users\Admin\AppData\Roaming\37mobile\ysc_pc\0347902196148ab771382b99d424660b_magniber_JC\userconfig.ini

Filesize
52B

MD5
7958829910c74fe243e891f57f864444

SHA1
4978887a437462618c5ce245ee354a42a5bbe654

SHA256
930ac644ca179862ceb673437d6de8e6228018889f98063140e4e9fcfdb2bf6e

SHA512
728195ae06ae24c1296fc3b2e451d75beac7750ada18704b7786526591be3bedfd0159c401d0aadb0c5cf3a3cdb725bcd17fcf86ff6efa33b6fd88918c74c11c

Download Submit
C:\Users\Admin\AppData\Roaming\37mobile\ysc_pc\0347902196148ab771382b99d424660b_magniber_JC\userconfig.ini

Filesize
194B

MD5
38b3aa4d2caee49b823cb3c424e14835

SHA1
c1077a0a30055d7c23c6e1db90cdb7eaf763804e

SHA256
e57f400d7fa4287484f2a5c52d268c11f4f3ebea6b2526ad0a106ea9cf0371df

SHA512
38a7e0b043394a0d59fe6a3024801734e46c1e7b40b6002ae385bdf6aa592231ae2e4427094aa7606eba2ee33b545aedc35638e30843b67714697f733236c353

Download Submit
memory/5056-230-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-1249-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-140-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/5056-146-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/5056-145-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/5056-157-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-158-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-162-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-161-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-163-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-164-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-165-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/5056-166-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/5056-167-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-168-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-169-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/5056-170-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/5056-173-0x00000000207C0000-0x00000000208D0000-memory.dmp

Filesize
1.1MB

Download
memory/5056-174-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-175-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-176-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-186-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-191-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-190-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-192-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/5056-194-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/5056-195-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-207-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-208-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-209-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-210-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-211-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-212-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-206-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-213-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-215-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-217-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-204-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-134-0x0000000077732000-0x0000000077733000-memory.dmp

Filesize
4KB

Download
memory/5056-220-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-221-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-222-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-223-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-224-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-225-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-226-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-228-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-235-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-133-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-231-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-233-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-232-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-229-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-135-0x0000000077733000-0x0000000077734000-memory.dmp

Filesize
4KB

Download
memory/5056-1237-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-236-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-237-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-239-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-238-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-242-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-241-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-243-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-240-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-244-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-245-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-247-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-248-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-249-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-250-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-251-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-246-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-253-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-252-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-255-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-254-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-256-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-277-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-278-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/5056-279-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/5056-280-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-326-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/5056-325-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-327-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/5056-328-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-794-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-808-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-1222-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-1223-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download
memory/5056-1224-0x0000000011000000-0x000000001111C000-memory.dmp

Filesize
1.1MB

Download
memory/5056-1225-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-1230-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-1233-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-1234-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-227-0x000000000AB80000-0x000000000ABC0000-memory.dmp

Filesize
256KB

Download
memory/5056-1238-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-1241-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-1242-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-1245-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-1246-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-234-0x000000001F5C0000-0x000000001F600000-memory.dmp

Filesize
256KB

Download
memory/5056-1250-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-1253-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-1254-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download
memory/5056-1257-0x00000000039B0000-0x0000000005CAE000-memory.dmp

Filesize
35.0MB

Download
memory/5056-1258-0x0000000000400000-0x00000000007DC000-memory.dmp

Filesize
3.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads