4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20/08/2023, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Size

13.9MB
MD5

80f508eff755034e451ba4f204683a15
SHA1

12a07eaf9424dd1ceef85fff3ce62820fd4eb717
SHA256

4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781
SHA512

c435292ed4d10a2b11eba57ac5ff9e2ea5d4e5913178d5137c886bb9c2ae6c43c2985a989774748eeb76c0d693b8e451ed77e3ad59c3e7536e93dc00cf2a2aa5
SSDEEP

393216:hgCHPA3JsVCPjQYEusRdaxfP/2xrxkAQ7zVpd6:xHPA3J7MYEusRdax8yAQ9T6

Score

7^/10

bootkit persistence upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0035000000015c80-173.dat	acprotect
behavioral1/files/0x0035000000015c80-177.dat	acprotect
behavioral1/files/0x0035000000015c80-180.dat	acprotect
behavioral1/files/0x000b00000001225f-185.dat	acprotect

Loads dropped DLL 3 IoCs

pid	Process
2772	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
2772	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
2772	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2772-54-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-56-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-59-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-60-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-65-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-69-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-71-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-75-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-73-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-67-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-63-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-58-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-79-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-81-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-86-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-90-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-92-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-97-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-101-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-99-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-95-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-103-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-88-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-84-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/memory/2772-77-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/files/0x0035000000015c80-173.dat	upx
behavioral1/memory/2772-175-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/files/0x0035000000015c80-177.dat	upx
behavioral1/memory/2772-179-0x0000000010000000-0x000000001003E000-memory.dmp	upx
behavioral1/files/0x0035000000015c80-180.dat	upx
behavioral1/memory/2772-183-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/files/0x000b00000001225f-185.dat	upx
behavioral1/memory/2772-187-0x0000000007560000-0x0000000007572000-memory.dmp	upx
behavioral1/memory/2772-188-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-190-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-189-0x0000000007560000-0x0000000007572000-memory.dmp	upx
behavioral1/memory/2772-191-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-192-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-194-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-196-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-198-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-200-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-202-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-204-0x0000000007000000-0x0000000007276000-memory.dmp	upx
behavioral1/memory/2772-206-0x0000000007000000-0x0000000007276000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe

Modifies registry class 37 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\Version = "1.0"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\FLAGS\ = "0"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0\win32	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ProgID\ = "dm.dmsoft"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\ = "dm"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dm.dmsoft\CLSID\ = "{26037A0E-7CBD-4FFF-9C63-56F2D0770214}"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\Version = "1.0"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ProgID	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ = "Idmsoft"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dm.dmsoft\CurVer	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ = "Idmsoft"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\HELPDIR	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dm.dmsoft\CLSID	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32\ThreadingModel = "Apartment"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dm.dmsoft\ = "dm.dmsoft"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\ = "dm.dmsoft"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{26037A0E-7CBD-4FFF-9C63-56F2D0770214}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dm.dll"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\FLAGS	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\dm.dll"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\ProxyStubClsid32	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\ = "{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\dm.dmsoft	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\dm.dmsoft\CurVer\ = "dm.dmsoft"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F3F54BC2-D6D1-4A85-B943-16287ECEA64C}\TypeLib\ = "{84288AAD-BA02-4EF2-85EC-3FAD4D11354D}"	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2772	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
Token: SeDebugPrivilege	2772	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2772	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
2772	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
2772	4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe

C:\Users\Admin\AppData\Local\Temp\4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe
"C:\Users\Admin\AppData\Local\Temp\4f93a8d6ba99ff1b2a9e8b480b3fe0d3259668260073ff1b9e403c0c676d4781.exe"
1⤵
- Loads dropped DLL
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\dm.dll

Filesize
1.9MB

MD5
5609d85fb62da8c74878defb8b05bc6d

SHA1
1f13f921ee03200a461e1e1f393a7700fa42fb58

SHA256
0a2778c81f7cbcea2818a44f1dbd09dfa95fdf320c8ce8584953c069f537d6a9

SHA512
755dd173c3c57ec8aa2131b257555818bc146d44f49bde0e89b7b5bc8c3db9b7195558840b7fb438347119a55e069ce3e36959f1fc206987e452e9ad5412f0d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ç¿»¯ÅäÖÃ.ini

Filesize
1KB

MD5
8804f56b2ace8dd4169922d73239dc3a

SHA1
1a41dab9881f68d6b0e8cbb961004b85fa870527

SHA256
cc5e1d96ce9191b714cd0d960ba38585449bce468efc5ec0484b120c1298b2d0

SHA512
dda1a9600ecfe330308c817c5fdad39eeaa72eff545facfc503f969d4475db0cfcde49283cf24cd0dbe74ba65c1d4bf000ae16cab27da764cc353f47cd35ba03

Download Submit
\Users\Admin\AppData\Local\Temp\DmReg.dll

Filesize
17KB

MD5
c4ee552669705f3668d564ced2a32c0b

SHA1
72954ca98cd9d26638cc2d04a1e8f820e64e1b74

SHA256
06d6586943c7fd4360d10077f6b98365ed4aa4e0b7b551c97fcf98204dd78620

SHA512
0186058f7ee74cae9a0064e6ca3cf4f4bf2fed841741f043d3a0dcb0a00e56ea084277d7e43baa7de0c387defaa4fe18ec3536b714d392fcb0a38f832d41d3d5

Download Submit
\Users\Admin\AppData\Local\Temp\dm.dll

Filesize
1.9MB

MD5
5609d85fb62da8c74878defb8b05bc6d

SHA1
1f13f921ee03200a461e1e1f393a7700fa42fb58

SHA256
0a2778c81f7cbcea2818a44f1dbd09dfa95fdf320c8ce8584953c069f537d6a9

SHA512
755dd173c3c57ec8aa2131b257555818bc146d44f49bde0e89b7b5bc8c3db9b7195558840b7fb438347119a55e069ce3e36959f1fc206987e452e9ad5412f0d1

Download Submit
\Users\Admin\AppData\Local\Temp\dm.dll

Filesize
1.9MB

MD5
5609d85fb62da8c74878defb8b05bc6d

SHA1
1f13f921ee03200a461e1e1f393a7700fa42fb58

SHA256
0a2778c81f7cbcea2818a44f1dbd09dfa95fdf320c8ce8584953c069f537d6a9

SHA512
755dd173c3c57ec8aa2131b257555818bc146d44f49bde0e89b7b5bc8c3db9b7195558840b7fb438347119a55e069ce3e36959f1fc206987e452e9ad5412f0d1

Download Submit
memory/2772-88-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-65-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-75-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-73-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-67-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-63-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-58-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-79-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-81-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-86-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-90-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-92-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-97-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-101-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-99-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-95-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-103-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-54-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-84-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-77-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-69-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-71-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-175-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-60-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-179-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-59-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-183-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-56-0x0000000010000000-0x000000001003E000-memory.dmp

Filesize
248KB

Download
memory/2772-187-0x0000000007560000-0x0000000007572000-memory.dmp

Filesize
72KB

Download
memory/2772-188-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-190-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-189-0x0000000007560000-0x0000000007572000-memory.dmp

Filesize
72KB

Download
memory/2772-191-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-192-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-194-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-196-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-198-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-200-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-202-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-204-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download
memory/2772-206-0x0000000007000000-0x0000000007276000-memory.dmp

Filesize
2.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads