9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8

Analysis

max time kernel
19s
max time network
22s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
29/08/2023, 18:09

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Size

2.8MB
MD5

5019c23d46df2cfe1c904ea28b0b14b4
SHA1

3b86003d5d9abaf1deb5be445348f63f1cf47cb6
SHA256

9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8
SHA512

e3f397f2ec4e413cd1ed5c37dd82566c5578ea7cbc293b779dadd3f5b1ad0de8d53efb9033defec1fc81d80b0bb4070db4b1d3d7fd9e0a6daf20198134956af2
SSDEEP

49152:hkjrl341G+I5Gk0s9EuULF6ubJrWbrKWoVY88QZGZfqHMzLUdsNiivLB33pcGAzf:hkj+vI5GnsxUk0VgrKWom80pUdUi8B3G

Score

8^/10

evasion

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Deletes itself 1 IoCs

pid	Process
2708	cmd.exe

Drops startup file 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

Executes dropped EXE 2 IoCs

pid	Process
2936	7z.exe
2796	lock.exe

Loads dropped DLL 5 IoCs

pid	Process
1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2936	7z.exe
1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2796	lock.exe

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/1716-52-0x0000000000400000-0x000000000059A000-memory.dmp	autoit_exe
behavioral1/memory/1716-50-0x0000000000400000-0x000000000059A000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Default_Page_URL = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\First Home Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Key created	\REGISTRY\MACHINE\Software\Microsoft\Internet Explorer\Main	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Default_Page_URL = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\First Home Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\First Home Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

Modifies Internet Explorer start page 1 TTPs 3 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\Start Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3408354897-1169622894-3874090110-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Start Page = "http://dh.xiongmaoxitong.net"	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
2848	PING.EXE
548	PING.EXE

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
Token: SeDebugPrivilege	2796	lock.exe
Token: SeShutdownPrivilege	2928	shutdown.exe
Token: SeRemoteShutdownPrivilege	2928	shutdown.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
2796	lock.exe
2796	lock.exe
2796	lock.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2796	lock.exe
2796	lock.exe
2796	lock.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2936	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	28
PID 1716 wrote to memory of 2936	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	28
PID 1716 wrote to memory of 2936	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	28
PID 1716 wrote to memory of 2936	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	28
PID 1716 wrote to memory of 2796	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	30
PID 1716 wrote to memory of 2796	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	30
PID 1716 wrote to memory of 2796	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	30
PID 1716 wrote to memory of 2796	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	30
PID 1716 wrote to memory of 2708	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	32
PID 1716 wrote to memory of 2708	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	32
PID 1716 wrote to memory of 2708	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	32
PID 1716 wrote to memory of 2708	1716	9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe	32
PID 2708 wrote to memory of 2848	2708	cmd.exe	33
PID 2708 wrote to memory of 2848	2708	cmd.exe	33
PID 2708 wrote to memory of 2848	2708	cmd.exe	33
PID 2796 wrote to memory of 2412	2796	lock.exe	34
PID 2796 wrote to memory of 2412	2796	lock.exe	34
PID 2796 wrote to memory of 2412	2796	lock.exe	34
PID 2796 wrote to memory of 2412	2796	lock.exe	34
PID 2412 wrote to memory of 548	2412	cmd.exe	36
PID 2412 wrote to memory of 548	2412	cmd.exe	36
PID 2412 wrote to memory of 548	2412	cmd.exe	36
PID 2412 wrote to memory of 548	2412	cmd.exe	36
PID 2412 wrote to memory of 2928	2412	cmd.exe	37
PID 2412 wrote to memory of 2928	2412	cmd.exe	37
PID 2412 wrote to memory of 2928	2412	cmd.exe	37
PID 2412 wrote to memory of 2928	2412	cmd.exe	37

C:\Users\Admin\AppData\Local\Temp\9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe
"C:\Users\Admin\AppData\Local\Temp\9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Drops desktop.ini file(s)
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Users\Admin\AppData\Local\Temp\7z.exe
  C:\Users\Admin\AppData\Local\Temp\7z.exe x "C:\Users\Admin\AppData\Local\Temp\9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe" -y -o"C:\Users\Admin\AppData\Local\Temp" -p"QQ3012262930"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2936
- C:\Users\Admin\AppData\Local\Temp\lock.exe
  C:\Users\Admin\AppData\Local\Temp\lock.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\2r83u7ETHS.bat" "
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Windows\SysWOW64\PING.EXE
      ping 127.0.0.1 -n 1
      4⤵
      Runs ping.exe
      PID:548
  - - C:\Windows\SysWOW64\shutdown.exe
      Shutdown -r -t 0
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ping 127.0.0.1 -n 3&del /q "C:\Users\Admin\AppData\Local\Temp\9cb2b64528e0a06dfea6acbe865eba4c56cdb327f4a92bbef3dde5740318fbe8.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1 -n 3
    3⤵
    - Runs ping.exe
    PID:2848

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2444

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:2868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2r83u7ETHS.bat

Filesize
319B

MD5
6a63ae0f9f852a09f0ea5dde37aee83b

SHA1
20a68431d91ef38f8b8826ab92d57034acd7f0d1

SHA256
3db056dec7c8d69d357461ab33b89c390b6ea2ff869cb659b838cdced3fc8e5b

SHA512
694532ba1656677caa05370af7c25d72f50d15cf03b51ecebea22e4eb3fd3624f93552fa5898384cb60586e4661151b77b9187d9a0f393beb1c2a567eeafd570

Download Submit
C:\Users\Admin\AppData\Local\Temp\2r83u7ETHS.bat

Filesize
319B

MD5
6a63ae0f9f852a09f0ea5dde37aee83b

SHA1
20a68431d91ef38f8b8826ab92d57034acd7f0d1

SHA256
3db056dec7c8d69d357461ab33b89c390b6ea2ff869cb659b838cdced3fc8e5b

SHA512
694532ba1656677caa05370af7c25d72f50d15cf03b51ecebea22e4eb3fd3624f93552fa5898384cb60586e4661151b77b9187d9a0f393beb1c2a567eeafd570

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z.dll

Filesize
893KB

MD5
04ad4b80880b32c94be8d0886482c774

SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z.exe

Filesize
160KB

MD5
a51d90f2f9394f5ea0a3acae3bd2b219

SHA1
20fea1314dbed552d5fedee096e2050369172ee1

SHA256
ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f

SHA512
c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z.exe

Filesize
160KB

MD5
a51d90f2f9394f5ea0a3acae3bd2b219

SHA1
20fea1314dbed552d5fedee096e2050369172ee1

SHA256
ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f

SHA512
c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\LOCK.exe

Filesize
2.6MB

MD5
94e774adace269fd6fe582fb9fe71e6a

SHA1
c4704a7fb0dd51b2ca4070c6303aa4ee6e529f13

SHA256
cda44d8718352a0cee3a0e55f3aa67fd70db3511be8136e761b4fb45bba18181

SHA512
4e5a40acf50450c1d58286c50f24cc0990e6dd54bcdd16c7a507589367e0824155bf9d0350ce38c19c8e56c6686da46d3eb6bfc75e87d39ec1b64563ab29ee98

Download Submit
C:\Users\Admin\AppData\Local\Temp\LOCK.exe

Filesize
2.6MB

MD5
94e774adace269fd6fe582fb9fe71e6a

SHA1
c4704a7fb0dd51b2ca4070c6303aa4ee6e529f13

SHA256
cda44d8718352a0cee3a0e55f3aa67fd70db3511be8136e761b4fb45bba18181

SHA512
4e5a40acf50450c1d58286c50f24cc0990e6dd54bcdd16c7a507589367e0824155bf9d0350ce38c19c8e56c6686da46d3eb6bfc75e87d39ec1b64563ab29ee98

Download Submit
C:\Users\Admin\AppData\Local\Temp\LockHook.dll

Filesize
4.0MB

MD5
d6d3bb932810f061d0cf74eb5209e582

SHA1
7310165d68b6b8b80f41f9f8ba3a3f0893dfc1ca

SHA256
d595f05e178bab7421a6afece9ae6bca06ce287445af7c2cb1b9cc4da5152fe5

SHA512
d9efc00d211ba46a2c64906ef6bfe170eb086241d63a620f3e92e1eb5af9abc2a038d5e00d8fffc3eab979ee5e3117142979caabdaaa9ede9680b77a9414e189

Download Submit
C:\Users\Admin\Favorites\链接\网止导航.url

Filesize
54B

MD5
29e69469aa10b444ad1dff7c525291ab

SHA1
eaf4fdef46a085a5658220906a54713f9481f5a5

SHA256
5f71cf00d7917c16705ea1e5f5f5bf4d4f629fbfd093b89ccec1db72a29e01fd

SHA512
5629304eb5097a32f1f941a62172a518de3f9f0e5a7db8d189cd5a6464894b3a78ae8c4a3b8e83e188e866f3f1431c2843619b41a7e48a427860d2e79c1bc025

Download Submit
\Users\Admin\AppData\Local\Temp\7z.dll

Filesize
893KB

MD5
04ad4b80880b32c94be8d0886482c774

SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

Download Submit
\Users\Admin\AppData\Local\Temp\7z.exe

Filesize
160KB

MD5
a51d90f2f9394f5ea0a3acae3bd2b219

SHA1
20fea1314dbed552d5fedee096e2050369172ee1

SHA256
ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f

SHA512
c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

Download Submit
\Users\Admin\AppData\Local\Temp\7z.exe

Filesize
160KB

MD5
a51d90f2f9394f5ea0a3acae3bd2b219

SHA1
20fea1314dbed552d5fedee096e2050369172ee1

SHA256
ac9674feb8f2fad20c1e046de67f899419276ae79a60e8cc021a4bf472ae044f

SHA512
c11f981136db7d9bde01046b1953fd924ff29447d41257da09dd762451e27390cea9b69e43206a8fff825ebcd4ddec5a6247bb502aefbd6e8285622caa985bf6

Download Submit
\Users\Admin\AppData\Local\Temp\LOCK.exe

Filesize
2.6MB

MD5
94e774adace269fd6fe582fb9fe71e6a

SHA1
c4704a7fb0dd51b2ca4070c6303aa4ee6e529f13

SHA256
cda44d8718352a0cee3a0e55f3aa67fd70db3511be8136e761b4fb45bba18181

SHA512
4e5a40acf50450c1d58286c50f24cc0990e6dd54bcdd16c7a507589367e0824155bf9d0350ce38c19c8e56c6686da46d3eb6bfc75e87d39ec1b64563ab29ee98

Download Submit
\Users\Admin\AppData\Local\Temp\LockHook.dll

Filesize
4.0MB

MD5
d6d3bb932810f061d0cf74eb5209e582

SHA1
7310165d68b6b8b80f41f9f8ba3a3f0893dfc1ca

SHA256
d595f05e178bab7421a6afece9ae6bca06ce287445af7c2cb1b9cc4da5152fe5

SHA512
d9efc00d211ba46a2c64906ef6bfe170eb086241d63a620f3e92e1eb5af9abc2a038d5e00d8fffc3eab979ee5e3117142979caabdaaa9ede9680b77a9414e189

Download Submit
memory/1716-7-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

Filesize
4KB

Download
memory/1716-5-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/1716-10-0x0000000001090000-0x0000000001091000-memory.dmp

Filesize
4KB

Download
memory/1716-9-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

Filesize
4KB

Download
memory/1716-0-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/1716-12-0x0000000001250000-0x0000000001251000-memory.dmp

Filesize
4KB

Download
memory/1716-8-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/1716-17-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/1716-13-0x0000000001260000-0x0000000001261000-memory.dmp

Filesize
4KB

Download
memory/1716-14-0x0000000001270000-0x0000000001271000-memory.dmp

Filesize
4KB

Download
memory/1716-6-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/1716-11-0x00000000010A0000-0x00000000010A1000-memory.dmp

Filesize
4KB

Download
memory/1716-15-0x0000000001280000-0x0000000001281000-memory.dmp

Filesize
4KB

Download
memory/1716-3-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/1716-4-0x0000000000A90000-0x0000000000A93000-memory.dmp

Filesize
12KB

Download
memory/1716-52-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/1716-50-0x0000000000400000-0x000000000059A000-memory.dmp

Filesize
1.6MB

Download
memory/1716-16-0x0000000001290000-0x0000000001291000-memory.dmp

Filesize
4KB

Download
memory/1716-2-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/1716-1-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2444-63-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download
memory/2868-64-0x00000000027A0000-0x00000000027A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads