cobaltstrike | 5c0b2dbb42ddedd4e4d0c6d1011a585566aa0f7b118a85611c1e5f1eb94ad3ec

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c0b2dbb42ddedd4e4d0c6d1011a585566aa0f7b118a85611c1e5f1eb94ad3ec.exe
Size

73KB
MD5

88a11fbc99c2dce851430cd93257e967
SHA1

80aca3436274e5cbe64453531f16692d6c2b016e
SHA256

5c0b2dbb42ddedd4e4d0c6d1011a585566aa0f7b118a85611c1e5f1eb94ad3ec
SHA512

02fe97048a0b62e8f060d750ad0c3c24fdf23e9ae7c620e1aed9cffcfa3b4f2a5cf1a9894e3dd3b1624049b64b836886dddc964c6546c0d88a7fa5626d99efc4
SSDEEP

768:WvB41cktnhe2QNlhi5jXuwHCM/Xdcu748SSSSSSSSSfw:O21ckfeJNji9XuSCM/Na8SSSSSSSSSY

Score

10^/10

cobaltstrike metasploit 1234567890 backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/download_exec

http://files.jslibc.com:443/jquery-3.3.1.slim.min.js

Extracted

Family

cobaltstrike

Botnet

1234567890

http://files.jslibc.com:443/jquery-3.3.1.min.js

Attributes

access_type
512
beacon_type
2048
host
files.jslibc.com,/jquery-3.3.1.min.js
http_header1
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADQAAAAIAAAAJX19jZmR1aWQ9AAAABgAAAAZDb29raWUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_header2
AAAACgAAAEdBY2NlcHQ6IHRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LCovKjtxPTAuOAAAAAoAAAAgUmVmZXJlcjogaHR0cDovL2NvZGUuanF1ZXJ5LmNvbS8AAAAKAAAAHkFjY2VwdC1FbmNvZGluZzogZ3ppcCwgZGVmbGF0ZQAAAAcAAAAAAAAADwAAAA0AAAAFAAAACF9fY2ZkdWlkAAAABwAAAAEAAAAPAAAADQAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
http_method1
GET
http_method2
POST
jitter
9472
polling_time
45000
port_number
443
sc_process32
%windir%\syswow64\dllhost.exe
sc_process64
%windir%\sysnative\dllhost.exe
state_machine
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCh7/UOtyOgbc5pWVJf3WT9Bj7Ovio5EVE40BSrvw7OSte1hww8+3BipVqPgUPoRr9Tjf/03mbLRUwLBHlbWY/OCC4bjowGmJgJUC/lVwksmwwOwcADNcwuyjb217ZPd2LculXIgvwqe4U+So+2xROfSYi3/AFd/Lomec55/kzq9wIDAQABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
unknown1
4.234810624e+09
unknown2
AAAABAAAAAEAAAXyAAAAAgAAAFQAAAACAAAPWwAAAA0AAAAPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA==
uri
/jquery-3.3.2.min.js
user_agent
Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
watermark
1234567890

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Blocklisted process makes network request 9 IoCs

flow	pid	Process
56	4804	rundll32.exe
59	4804	rundll32.exe
61	4804	rundll32.exe
64	4804	rundll32.exe
65	4804	rundll32.exe
89	4804	rundll32.exe
90	4804	rundll32.exe
91	4804	rundll32.exe
95	4804	rundll32.exe

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4148	Update.exe

Loads dropped DLL 1 IoCs

pid	Process
4148	Update.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4148 set thread context of 4804	4148	Update.exe	93

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	rundll32.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 5c0000000100000004000000000800001900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286040000000100000010000000497904b0eb8719ac47b0bc11519b74d0200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 4148	2964	5c0b2dbb42ddedd4e4d0c6d1011a585566aa0f7b118a85611c1e5f1eb94ad3ec.exe	91
PID 2964 wrote to memory of 4148	2964	5c0b2dbb42ddedd4e4d0c6d1011a585566aa0f7b118a85611c1e5f1eb94ad3ec.exe	91
PID 2964 wrote to memory of 4148	2964	5c0b2dbb42ddedd4e4d0c6d1011a585566aa0f7b118a85611c1e5f1eb94ad3ec.exe	91
PID 4148 wrote to memory of 4804	4148	Update.exe	93
PID 4148 wrote to memory of 4804	4148	Update.exe	93
PID 4148 wrote to memory of 4804	4148	Update.exe	93
PID 4148 wrote to memory of 4804	4148	Update.exe	93

C:\Users\Admin\AppData\Local\Temp\5c0b2dbb42ddedd4e4d0c6d1011a585566aa0f7b118a85611c1e5f1eb94ad3ec.exe
"C:\Users\Admin\AppData\Local\Temp\5c0b2dbb42ddedd4e4d0c6d1011a585566aa0f7b118a85611c1e5f1eb94ad3ec.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Users\Public\.Startup\Update.exe
  C:\Users\Public\.Startup\Update.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:4148
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe
    3⤵
    - Blocklisted process makes network request
    - Modifies system certificate store
    PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\10BDC45B4A27319429BBC4F08A4E8A10

Filesize
1KB

MD5
58aa23107c8d5aedeabd0d5e32578592

SHA1
c81a8bd1f9cf6d84c525f378ca1d3f8c30770e34

SHA256
21acc1dbd6944f9ac18c782cb5c328d6c2821c6b63731fa3b8987f5625de8a0d

SHA512
ed89ca15a1a6150246a3a92eef6e1e962928bcb2e70fa802513581076c907f276ca0639e700fb4ba7e20f2276a0184d8c19168c9e466ccda5fe2500d16b8c432

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD

Filesize
1KB

MD5
285ec909c4ab0d2d57f5086b225799aa

SHA1
d89e3bd43d5d909b47a18977aa9d5ce36cee184c

SHA256
68b9c761219a5b1f0131784474665db61bbdb109e00f05ca9f74244ee5f5f52b

SHA512
4cf305b95f94c7a9504c53c7f2dc8068e647a326d95976b7f4d80433b2284506fc5e3bb9a80a4e9a9889540bbf92908dd39ee4eb25f2566fe9ab37b4dc9a7c09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\10BDC45B4A27319429BBC4F08A4E8A10

Filesize
274B

MD5
645563a65429b9a9f7ee474513a44d7d

SHA1
6bc64cbbce5308642774477a1d9fc5f8c28c4b91

SHA256
fc748989275fe1c2b0e3e57108de7cb6ecae8a520678a86273844a7f325e1631

SHA512
2b7b96502a5c3ed777c88a9e0a90475a3351c8ebdd29519be34938c02f48dd8f127a3ab0cefe116dabf0b8f00a8222d991e68d622dda493ff3d962a5ec086393

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0968A1E3A40D2582E7FD463BAEB59CD

Filesize
250B

MD5
e366e41fea0ad4224c7e1021d412b96d

SHA1
3cafe219822508a4f7d62abee11567e63641a439

SHA256
91e8dfe597a2e4430c2df5c8599c07a93be553bcee12b99cbff6e456bbeeed7c

SHA512
f326eae5ff99d53930b0183366d9956a9f11dd1eb68a606181d51686d10bb8c723fe1ffb84a3a036b760f83fb6691331a2504f6cb2c1e094b52691620c145ac6

Download Submit
C:\Users\Public\.Startup\Update.exe

Filesize
595KB

MD5
4b33e702ec9550e27254f90f05955761

SHA1
9edb5667c6f819c65c59c487b85a55218d875faf

SHA256
57077469944bc5555979f2da66d97cc253a08e99ecb2df22886d6edd2ce5a7ed

SHA512
2b2cc520fbff2bdbe1163619eecf70b3a875ba6b70c20a2def49f20422c52d855280801e788e7946f22c2d8dc91d26112eeea9289ebbbb4ad155a854f6810094

Download Submit
C:\Users\Public\.Startup\Update.exe

Filesize
595KB

MD5
4b33e702ec9550e27254f90f05955761

SHA1
9edb5667c6f819c65c59c487b85a55218d875faf

SHA256
57077469944bc5555979f2da66d97cc253a08e99ecb2df22886d6edd2ce5a7ed

SHA512
2b2cc520fbff2bdbe1163619eecf70b3a875ba6b70c20a2def49f20422c52d855280801e788e7946f22c2d8dc91d26112eeea9289ebbbb4ad155a854f6810094

Download Submit
C:\Users\Public\.Startup\Update.exe

Filesize
595KB

MD5
4b33e702ec9550e27254f90f05955761

SHA1
9edb5667c6f819c65c59c487b85a55218d875faf

SHA256
57077469944bc5555979f2da66d97cc253a08e99ecb2df22886d6edd2ce5a7ed

SHA512
2b2cc520fbff2bdbe1163619eecf70b3a875ba6b70c20a2def49f20422c52d855280801e788e7946f22c2d8dc91d26112eeea9289ebbbb4ad155a854f6810094

Download Submit
C:\Users\Public\.Startup\libcurl.dll

Filesize
14KB

MD5
60357c6b1fde8e82162da5aa051ab582

SHA1
00bce79b8010344624bbeb9570dccaf53d30eb61

SHA256
db6cefc34370dbb2e1711b63a3181e9c6b6b4b3f0e483225fc3f7be0fa134cf5

SHA512
0aea4dc628c6d9c1291aff56a098b26ca5b9c853af9892129dc53fae7ccdaa4abfb0d723bd49cfd6c4bceaca7a1b6842cde5de656770024c82ee7fc19c06d964

Download Submit
C:\Users\Public\.Startup\libcurl.dll

Filesize
14KB

MD5
60357c6b1fde8e82162da5aa051ab582

SHA1
00bce79b8010344624bbeb9570dccaf53d30eb61

SHA256
db6cefc34370dbb2e1711b63a3181e9c6b6b4b3f0e483225fc3f7be0fa134cf5

SHA512
0aea4dc628c6d9c1291aff56a098b26ca5b9c853af9892129dc53fae7ccdaa4abfb0d723bd49cfd6c4bceaca7a1b6842cde5de656770024c82ee7fc19c06d964

Download Submit
memory/4804-20-0x00000000037B0000-0x0000000003BB0000-memory.dmp

Filesize
4.0MB

Download
memory/4804-27-0x00000000037B0000-0x0000000003BB0000-memory.dmp

Filesize
4.0MB

Download
memory/4804-26-0x0000000003BB0000-0x0000000004022000-memory.dmp

Filesize
4.4MB

Download
memory/4804-21-0x0000000003BB0000-0x0000000004022000-memory.dmp

Filesize
4.4MB

Download
memory/4804-13-0x00000000012B0000-0x00000000012B1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads