732cfacaafe15f55c177d929eeb4b129dc5a44ce04c8d6d83da236d74c50979f

Resubmissions

30/09/2023, 07:51

230930-jpwaqsbc35 10

29/09/2023, 22:10

230929-13rm5sgc42 10

29/09/2023, 21:44

230929-1lmymagb76 10

Analysis

max time kernel
1800s
max time network
1760s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
29/09/2023, 22:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nicht bestätigt 788413.doc
Size

2.1MB
MD5

d7519b822434fb89fb3643bc2f450e23
SHA1

4fcf10a8fe9db80c3eaf172636a602f95b64b0fc
SHA256

732cfacaafe15f55c177d929eeb4b129dc5a44ce04c8d6d83da236d74c50979f
SHA512

d8b2e5eb888f3ca464e56aebcd6e4eab2b678739663aba90745e6d244a36a7e4e622afaa11f5a0a6effd5991cf26e37e4775837ff97c415ad5feee2969640e95
SSDEEP

12288:t+xefqnAWcv37wHxULygl0kPf5h2BSoPy+OnwGcOuU4N5:oAqnAHTwHK+g00Cy+OnSOz4r

Score

10^/10

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	2560	552	cmd.exe	29

Executes dropped EXE 1 IoCs

pid	Process
4180	chats.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Creates scheduled task(s) 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3660	schtasks.exe
2504	schtasks.exe
3928	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
552	WINWORD.EXE
552	WINWORD.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
552	WINWORD.EXE
552	WINWORD.EXE
552	WINWORD.EXE
552	WINWORD.EXE
552	WINWORD.EXE
552	WINWORD.EXE
552	WINWORD.EXE

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 2560	552	WINWORD.EXE	86
PID 552 wrote to memory of 2560	552	WINWORD.EXE	86
PID 2560 wrote to memory of 3660	2560	cmd.exe	88
PID 2560 wrote to memory of 3660	2560	cmd.exe	88
PID 2560 wrote to memory of 2504	2560	cmd.exe	90
PID 2560 wrote to memory of 2504	2560	cmd.exe	90
PID 2560 wrote to memory of 3928	2560	cmd.exe	91
PID 2560 wrote to memory of 3928	2560	cmd.exe	91
PID 3752 wrote to memory of 996	3752	cmd.exe	117
PID 3752 wrote to memory of 996	3752	cmd.exe	117
PID 3668 wrote to memory of 3420	3668	cmd.exe	122
PID 3668 wrote to memory of 3420	3668	cmd.exe	122
PID 904 wrote to memory of 4456	904	cmd.exe	135
PID 904 wrote to memory of 4456	904	cmd.exe	135
PID 2852 wrote to memory of 2652	2852	cmd.exe	138
PID 2852 wrote to memory of 2652	2852	cmd.exe	138
PID 1988 wrote to memory of 2376	1988	cmd.exe	143
PID 1988 wrote to memory of 2376	1988	cmd.exe	143
PID 2180 wrote to memory of 5092	2180	cmd.exe	153
PID 2180 wrote to memory of 5092	2180	cmd.exe	153
PID 1828 wrote to memory of 1468	1828	cmd.exe	156
PID 1828 wrote to memory of 1468	1828	cmd.exe	156

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Nicht bestätigt 788413.doc" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:552
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Public\rtwitoghbklj.bat
  2⤵
  - Process spawned unexpected child process
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Windows\system32\schtasks.exe
    schtasks /create /sc minute /mo 4 /f /tn rtret /tr "C:\Users\Public\fghsd.bat"
    3⤵
    - Creates scheduled task(s)
    PID:3660
- - C:\Windows\system32\schtasks.exe
    schtasks /create /sc minute /mo 6 /f /tn sgsg /tr "C:\Users\Public\Pictures\oned.bat"
    3⤵
    - Creates scheduled task(s)
    PID:2504
- - C:\Windows\system32\schtasks.exe
    schtasks /create /sc minute /mo 8 /f /tn jhkff /tr "C:\Users\Public\chats\chats.exe"
    3⤵
    - Creates scheduled task(s)
    PID:3928

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\fghsd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3752
- C:\Windows\system32\cscript.exe
  cscript //nologo "C:\Users\Admin\AppData\Local\Temp\_.vbs"
  2⤵
  PID:996

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\Pictures\oned.bat"
1⤵
PID:1468

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\fghsd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\system32\cscript.exe
  cscript //nologo "C:\Users\Admin\AppData\Local\Temp\_.vbs"
  2⤵
  PID:3420

C:\Users\Public\chats\chats.exe
C:\Users\Public\chats\chats.exe
1⤵
- Executes dropped EXE
PID:4180

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\fghsd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\system32\cscript.exe
  cscript //nologo "C:\Users\Admin\AppData\Local\Temp\_.vbs"
  2⤵
  PID:4456

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\Pictures\oned.bat"
1⤵
PID:2832

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\fghsd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Windows\system32\cscript.exe
  cscript //nologo "C:\Users\Admin\AppData\Local\Temp\_.vbs"
  2⤵
  PID:2652

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\Pictures\oned.bat"
1⤵
PID:3668

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\fghsd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\system32\cscript.exe
  cscript //nologo "C:\Users\Admin\AppData\Local\Temp\_.vbs"
  2⤵
  PID:2376

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\fghsd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\system32\cscript.exe
  cscript //nologo "C:\Users\Admin\AppData\Local\Temp\_.vbs"
  2⤵
  PID:5092

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\Pictures\oned.bat"
1⤵
PID:4908

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\fghsd.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1828
- C:\Windows\system32\cscript.exe
  cscript //nologo "C:\Users\Admin\AppData\Local\Temp\_.vbs"
  2⤵
  PID:1468

C:\Windows\SYSTEM32\cmd.exe
C:\Windows\SYSTEM32\cmd.exe /c "C:\Users\Public\Pictures\oned.bat"
1⤵
PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
86B

MD5
80e1fe9562b1bd391b0feeff6f8bf202

SHA1
6ce0a5c8eb75f4877bb91dac87d0815f31b68480

SHA256
0110b6c2b7270239627aaa62aa8371112572d6525a464dee81e82658999c025e

SHA512
36ff805f8ed1e88404ddd2b280eae8ab3b083b28a1fe4fb9e6819685524e44a95bbd63fa63faf033c04e8fa0a38e457942a221e531f61d310698eed9de230f4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
106B

MD5
e90fbcbdcfb5b152a9f7c0f1d40c7ac9

SHA1
45139cc37c1105d6a51056158450710004537b31

SHA256
b0f34b31d6e45ed11b53f380dbd4f796e0cc0acc4d287a4d74f3824efefe64b7

SHA512
6819ac1cd92ea3b7da5ffbf0d12af2d2de422d0d814ff16e719352a843227d0f85ccb33be51ab15130dbbdf3e7ffc7f9b7a980a51e245cc2eeabeba287e52b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
114B

MD5
f27532f6e01f840923cf8fe8ba84fadf

SHA1
5a7976062ad84da5d41769accee4db3025608c14

SHA256
130f575e56e3757ff793c00ed0e957a7c231a9bdbd5403829abe563010247a42

SHA512
7364b62417fab5d692046bcc8a73210ef85a85fa167336530e9afc7e05f48d29b8e90252228b9396ab2bdd8e92c7450c5edfd14a0d52a4e2b87b92677533eb73

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
164B

MD5
bab5c47e282215782bf03eff8f041c9d

SHA1
87375c1cd28060aac17139fc81f560de5951ee3e

SHA256
bbe8e6327fe86977d5a028fa1faa768513a2af1a2234dc498513e1cc548eede8

SHA512
265b35869e1e8b51d0081e3e008ba9cbb764750dbfb0cfe12947f6840cab19c585e4153e06ca50750ee6a204f368998eb15661a49d8b14dd3e91d9e543997312

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
207B

MD5
2875eb4740de383e185f2e3e76a957d9

SHA1
c6f9be0064269d2a358df4dd6650bc26d898383b

SHA256
c7bcd02fa0590b6ce206af2834f99fc5652aa64450b3e7911844b5e01d193c3e

SHA512
6ada5ac32248c5d1274c3fd464a4ab2272499b2a58f88aef264474a1b9ef7b6e7229b46864f5e0f12214e5170e2055317cd34882526ac601e6f2104cd499a7d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
250B

MD5
fea0e2b124f69f6dfc63bfefa5b47c56

SHA1
e5f45d6cbd81b70df7d0216c2e9827aa2cbe4e38

SHA256
2762c7f6dbfef046066a2893efd2976da30fc503775bca43684405043de566f0

SHA512
7c397b702fec6e32bcc570a7df1709cb1ee312d53596c415d352d0037f4802586e922d33d71b0b5ecadf291edcbad2af0778b1ce07b3ad1e73c694cc5ac8aaf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
269B

MD5
4723ec4f36a275722efa3204b762e10d

SHA1
27308ecb7ceff6cb3283ed481b0f649efda73d72

SHA256
cc82e370367946111cc1c34efcdd561ef776f0383f37f3b0ac437f07e91376bf

SHA512
069e54478cb72db1ec6cda1ac62eef33ca75ed299fdd1bec7af86f7e7725436395f5a0be461f3c6335c0926374e6123ef05cb0d3f72a019dba03f9f61ae22177

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
293B

MD5
5c204cd90cd0fc8e06ae478a6060f8e8

SHA1
6c8d3f828b5457ab20d78bc6f6fd768e2b318caa

SHA256
9c325f4c822346e33240a3dcf3a624a692ede0cd552b4374d0eb61a9be571012

SHA512
76ab29d00585571285905428428ab13e1cffb72a49f92538eed8a62399b33238313f186084c300a9986887f5395d3b257f6e6ca3929eb91360726240aa37afd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
293B

MD5
5c204cd90cd0fc8e06ae478a6060f8e8

SHA1
6c8d3f828b5457ab20d78bc6f6fd768e2b318caa

SHA256
9c325f4c822346e33240a3dcf3a624a692ede0cd552b4374d0eb61a9be571012

SHA512
76ab29d00585571285905428428ab13e1cffb72a49f92538eed8a62399b33238313f186084c300a9986887f5395d3b257f6e6ca3929eb91360726240aa37afd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
293B

MD5
5c204cd90cd0fc8e06ae478a6060f8e8

SHA1
6c8d3f828b5457ab20d78bc6f6fd768e2b318caa

SHA256
9c325f4c822346e33240a3dcf3a624a692ede0cd552b4374d0eb61a9be571012

SHA512
76ab29d00585571285905428428ab13e1cffb72a49f92538eed8a62399b33238313f186084c300a9986887f5395d3b257f6e6ca3929eb91360726240aa37afd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
374B

MD5
f7527f42289d19e38d328c8b9bf6c3c1

SHA1
11f79451278295174fc55e411ce43ae34a96a08e

SHA256
6b521ad07453a6c79a87e855c44861209f9ae687bb99f480e19d28b03dcfd9ac

SHA512
e80b3f93e3cca4352bb7c85b58c4486a331033531d9b83e3df35cd9ed2a7aef25eaa2b843f8f83b48d639fc9ea04608c0dcdf15b0a678cf0e4acb3c110dee82e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
293B

MD5
5c204cd90cd0fc8e06ae478a6060f8e8

SHA1
6c8d3f828b5457ab20d78bc6f6fd768e2b318caa

SHA256
9c325f4c822346e33240a3dcf3a624a692ede0cd552b4374d0eb61a9be571012

SHA512
76ab29d00585571285905428428ab13e1cffb72a49f92538eed8a62399b33238313f186084c300a9986887f5395d3b257f6e6ca3929eb91360726240aa37afd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
293B

MD5
5c204cd90cd0fc8e06ae478a6060f8e8

SHA1
6c8d3f828b5457ab20d78bc6f6fd768e2b318caa

SHA256
9c325f4c822346e33240a3dcf3a624a692ede0cd552b4374d0eb61a9be571012

SHA512
76ab29d00585571285905428428ab13e1cffb72a49f92538eed8a62399b33238313f186084c300a9986887f5395d3b257f6e6ca3929eb91360726240aa37afd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
293B

MD5
5c204cd90cd0fc8e06ae478a6060f8e8

SHA1
6c8d3f828b5457ab20d78bc6f6fd768e2b318caa

SHA256
9c325f4c822346e33240a3dcf3a624a692ede0cd552b4374d0eb61a9be571012

SHA512
76ab29d00585571285905428428ab13e1cffb72a49f92538eed8a62399b33238313f186084c300a9986887f5395d3b257f6e6ca3929eb91360726240aa37afd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
54B

MD5
d9b673a7658d4e650850a8f0a384336e

SHA1
55dac464d09e7c502b8d62fb1d14f9ce662e4e19

SHA256
2ff399685922cad7c37b0eddec78b4e5ea21082855b6ad5290db421aa5e946eb

SHA512
3e37e530e7052d3d3b5ca122f59d3dac186706a460219c549e9c0db7f636d9026a058d8ab43b877d791841374b4e5a8a5d42cfacb432014d9aaf26a32fbadfa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_.vbs

Filesize
293B

MD5
5c204cd90cd0fc8e06ae478a6060f8e8

SHA1
6c8d3f828b5457ab20d78bc6f6fd768e2b318caa

SHA256
9c325f4c822346e33240a3dcf3a624a692ede0cd552b4374d0eb61a9be571012

SHA512
76ab29d00585571285905428428ab13e1cffb72a49f92538eed8a62399b33238313f186084c300a9986887f5395d3b257f6e6ca3929eb91360726240aa37afd1

Download Submit
C:\Users\Public\chats

Filesize
10KB

MD5
5e4ef26e46869b1cfa9b7f803eed5b33

SHA1
26d00ed8633f7ce0ea433b29a88f3602e38b7b0f

SHA256
2ab4d420f543103c1f0188445a3a47eaa77817514573cb07cb8810903ae1f67d

SHA512
7d2b36ac7f982b2885577d4c0d7fc467959bed68a07667b073fbf0bb072fd810099745567afa4e7a41bd1f0ce5a61efbff082173212542b8a38762faa4bf988e

Download Submit
C:\Users\Public\chats\chats.exe

Filesize
21KB

MD5
2cacf99569c85091ea987a02dc1e6bec

SHA1
b7bf707938cc0cef3d3e24be0c8748ee699beb15

SHA256
40e43aac9888c433d796e106c03846f48a1422d0950f27e0a2b793261e9f9e08

SHA512
38d2397b71b83c1f5eb2453fa6a6b3c7457671835fef13d8c92e6c1ac5fd1677682f0a7219bf9ddf922891caf0021a680fcd6ac8dd03116acd149710430c5a02

Download Submit
C:\Users\Public\chats\chats.exe

Filesize
21KB

MD5
2cacf99569c85091ea987a02dc1e6bec

SHA1
b7bf707938cc0cef3d3e24be0c8748ee699beb15

SHA256
40e43aac9888c433d796e106c03846f48a1422d0950f27e0a2b793261e9f9e08

SHA512
38d2397b71b83c1f5eb2453fa6a6b3c7457671835fef13d8c92e6c1ac5fd1677682f0a7219bf9ddf922891caf0021a680fcd6ac8dd03116acd149710430c5a02

Download Submit
C:\Users\Public\fghsd.bat

Filesize
712B

MD5
36b06d73347fe0da8177bd212e2b3f77

SHA1
f1fc033763b931a729b9da3eb29a0724fd3eb6b9

SHA256
a2f68aacf94a11678abd24039f1a26c65c257c26ac7c31c87b442fbd7f6583d9

SHA512
c2f90456644fd136c7ed33e83b9501d4c0323e294427b942a1bd078067be63ff3c5b3bc3c99f253b30d3ff579b64ef1699e3684612e9a4f4880e4a806f65c937

Download Submit
C:\Users\Public\rtwitoghbklj.bat

Filesize
480B

MD5
2981447b673ed84cf8a20457f175ff52

SHA1
f92a9f28c9da1d09a8332d68287a74cd7d3a2538

SHA256
f9459c9065454839cd1306c2e7759513bc5d204eb9a8095f5d49bd88654d8309

SHA512
2ac7562bbf63d2befc037c02a6bd89d1d76e7df28004b151d7d6c4d61cfa0347a21879995b797f40da20da1ce763147cf18864e0a90906fbb71b74d190f8193b

Download Submit
C:\Users\Public\tbd.txt

Filesize
93B

MD5
b33633c39e97015a56f82bebf3883f79

SHA1
5b1237ae05a0d493328f00a6828299b678a5b7ca

SHA256
905bcd4c4246d200b81b26183f10b80f233c021d69b2fcc832cb2907e13ef623

SHA512
53eebbf8e6a06907e07f781a0c146ba63a9627f07a356ddf0c44657592c38eee5434a6d3733d94d6dac409b033fe6a924c49aed92dad7ee2d9f5e9be3bf2239a

Download Submit
memory/552-16-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-18-0x00007FFDD3560000-0x00007FFDD3570000-memory.dmp

Filesize
64KB

Download
memory/552-50-0x00000269FCD50000-0x00000269FDD20000-memory.dmp

Filesize
15.8MB

Download
memory/552-48-0x00000269FCD50000-0x00000269FDD20000-memory.dmp

Filesize
15.8MB

Download
memory/552-44-0x00000269FCD50000-0x00000269FDD20000-memory.dmp

Filesize
15.8MB

Download
memory/552-58-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-59-0x00000269FA480000-0x00000269FA4AC000-memory.dmp

Filesize
176KB

Download
memory/552-60-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-61-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-67-0x00000269FCD50000-0x00000269FDD20000-memory.dmp

Filesize
15.8MB

Download
memory/552-68-0x00000269FCD50000-0x00000269FDD20000-memory.dmp

Filesize
15.8MB

Download
memory/552-69-0x00000269FCD50000-0x00000269FDD20000-memory.dmp

Filesize
15.8MB

Download
memory/552-95-0x00007FFDD5D30000-0x00007FFDD5D40000-memory.dmp

Filesize
64KB

Download
memory/552-97-0x00007FFDD5D30000-0x00007FFDD5D40000-memory.dmp

Filesize
64KB

Download
memory/552-99-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-102-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-101-0x00000269FA480000-0x00000269FA4AC000-memory.dmp

Filesize
176KB

Download
memory/552-100-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-98-0x00007FFDD5D30000-0x00007FFDD5D40000-memory.dmp

Filesize
64KB

Download
memory/552-96-0x00007FFDD5D30000-0x00007FFDD5D40000-memory.dmp

Filesize
64KB

Download
memory/552-30-0x00000269FCD50000-0x00000269FDD20000-memory.dmp

Filesize
15.8MB

Download
memory/552-49-0x00000269FCD50000-0x00000269FDD20000-memory.dmp

Filesize
15.8MB

Download
memory/552-20-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-19-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-17-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-0-0x00007FFDD5D30000-0x00007FFDD5D40000-memory.dmp

Filesize
64KB

Download
memory/552-15-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-2-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-14-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-13-0x00007FFDD3560000-0x00007FFDD3570000-memory.dmp

Filesize
64KB

Download
memory/552-12-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-11-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-10-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-9-0x00007FFDD5D30000-0x00007FFDD5D40000-memory.dmp

Filesize
64KB

Download
memory/552-8-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-6-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-1-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-7-0x00007FFDD5D30000-0x00007FFDD5D40000-memory.dmp

Filesize
64KB

Download
memory/552-5-0x00007FFE15CB0000-0x00007FFE15EA5000-memory.dmp

Filesize
2.0MB

Download
memory/552-4-0x00007FFDD5D30000-0x00007FFDD5D40000-memory.dmp

Filesize
64KB

Download
memory/552-3-0x00007FFDD5D30000-0x00007FFDD5D40000-memory.dmp

Filesize
64KB

Download
memory/4180-133-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads