jigsaw | 0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811

Resubmissions

09-10-2023 22:49

231009-2rxwfsgh8z 10

06-03-2021 22:20

210306-e542m4kcwn 10

09-11-2020 19:51

201109-ldpapz7ekx 10

Analysis

max time kernel
144s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
09-10-2023 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe
Size

291KB
MD5

5a5c745bf3e97fe2be01880132662f28
SHA1

924af25d379fc88319bc55958db898dbf5054309
SHA256

0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811
SHA512

151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10
SSDEEP

6144:mdSK04ETTZ+4TBpvjLC4Ho/C1rCyPucrFqBFTbL39rqHRs8:moL4EnU4T/vjLTHtrCWurTpruF

Score

10^/10

jigsaw persistence ransomware spyware stealer

Malware Config

Signatures

Jigsaw Ransomware
Ransomware family first created in 2016. Named based on wallpaper set after infection in the early versions.
ransomware jigsaw

Executes dropped EXE 1 IoCs

pid	Process
2816	drpbx.exe

Loads dropped DLL 1 IoCs

pid	Process
2212	SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3750544865-3773649541-1858556521-1000\Software\Microsoft\Windows\CurrentVersion\Run\firefox.exe = "C:\\Users\\Admin\\AppData\\Roaming\\Frfx\\firefox.exe"	SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveDocumentReview\BodyPaneBackground.jpg	drpbx.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierWindowMaskRTL.bmp.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar	drpbx.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\library.js	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar	drpbx.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar	drpbx.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h	drpbx.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png	drpbx.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png	drpbx.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\25.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js	drpbx.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FieldTypePreview\SectionHeading.jpg	drpbx.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png	drpbx.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml	drpbx.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\button_right_over.gif	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.zemblax	drpbx.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\NotifierDownArrow.jpg.zemblax	drpbx.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\QuestionIconMask.bmp.zemblax	drpbx.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar	drpbx.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\currency.js	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\license.html.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar	drpbx.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.zemblax	drpbx.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html	drpbx.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\ICU\icudt26l.dat	drpbx.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveProjectToolset\SplashImageMask.bmp.zemblax	drpbx.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.zemblax	drpbx.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\bg_Groove.gif	drpbx.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\flyout.html	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar	drpbx.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_FileOffMask.bmp	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_s.png	drpbx.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\Shared16x16ImagesMask.bmp.zemblax	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.zemblax	drpbx.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	drpbx.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png	drpbx.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml	drpbx.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml	drpbx.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.zemblax	drpbx.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\AlertImage_AutoMask.bmp.zemblax	drpbx.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png	drpbx.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Foundry.xml	drpbx.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\rtf_hyperlink.gif.zemblax	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.zemblax	drpbx.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.zemblax	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar	drpbx.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif	drpbx.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\AddToViewArrow.jpg	drpbx.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplateRTL.html.zemblax	drpbx.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2212	SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe
Token: SeDebugPrivilege	2816	drpbx.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2816	2212	SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe	28
PID 2212 wrote to memory of 2816	2212	SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe	28
PID 2212 wrote to memory of 2816	2212	SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe	28
PID 2212 wrote to memory of 2816	2212	SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe	28

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe
  "C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.BehavesLike.Win32.Generic.dc.exe
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.zemblax

Filesize
160B

MD5
03186ca0229630a6928fa98ef4c3391b

SHA1
8deed189ee4ae64db770d5755f9c199c8213eaa9

SHA256
f171defc92b8fda921aae4bd1696d3252effc17dff52b567e19559ab29f287bc

SHA512
5a712127004b6506fbe562f2eb402e8a40844cb4a6edeb010c833bf552be784cf4ce560cd0235367823d7f77c38e80b83e2f3cafb6e1d613944a9b38c8f886ab

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.zemblax

Filesize
12KB

MD5
3e91afea42e65b6ef2434693f1307f99

SHA1
2e529680a82d0847d10a8e6290c92b161d57f98e

SHA256
65cfafbad3fb6c3eb46b39eb7e1ec5437d1a2c85f9b063db04efa6f05ec3a822

SHA512
059405e8602f8fdc572f4dc00b9757d913b1a6de5989d33dcea1116534cad6c85e581e25337f23a87bcb6b81281d74a3e1a29dbf8bde9dd1174a6a63d3524607

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.zemblax

Filesize
8KB

MD5
cf75643ba7d46ff26bdf871bddd23f9f

SHA1
0d21764fbe1ecbfd73ba7d150ff7be9a9fd9a9e3

SHA256
37ce802664c0715ea1b528b0bd16fe0e3bcbc008e115a1e257be102ad255bbc7

SHA512
8b44dbf2028e0b3d51addf87eeeba15abf57660aaeb5259b4a97adb06b83c4a41012f84cc28b3f4072228016c75fd1b31e4e5964f869c13e2bf5ab6ad3ec3f7a

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
291KB

MD5
5a5c745bf3e97fe2be01880132662f28

SHA1
924af25d379fc88319bc55958db898dbf5054309

SHA256
0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811

SHA512
151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10

Download Submit
C:\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
291KB

MD5
5a5c745bf3e97fe2be01880132662f28

SHA1
924af25d379fc88319bc55958db898dbf5054309

SHA256
0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811

SHA512
151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\container.dat.zemblax

Filesize
16B

MD5
826ba14567ed55f5b8379572f2f4c18f

SHA1
058d2dd1512aff32324c5c82f56ee6bb3db11fdb

SHA256
485e5116cf106b073e5a4277b6f73ebbc97546aef23bccae4ddd5cfd7ca9ca16

SHA512
9256d414e06142134d260206fd763fdcd0002e66a2ece26ed295a1c5f761659b545bb7c81fefa1d0a72478e3dd71343dd653e65bdf66954c4991e3ee0bb57911

Download Submit
\Users\Admin\AppData\Local\Drpbx\drpbx.exe

Filesize
291KB

MD5
5a5c745bf3e97fe2be01880132662f28

SHA1
924af25d379fc88319bc55958db898dbf5054309

SHA256
0ec947a4f30a6ad7d055c72f5d6c1ffe7a538349f41e8156e9aa5c7a8b0d7811

SHA512
151e4a07e19350d677e049c57c971b64924150eec007e665843cb6142ec73fc06ae4145c64164d3f7f25a376a7536ac6d9b3c85180503549a0c86f09cc0ded10

Download Submit
memory/2212-54-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-66-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-4-0x0000000001D70000-0x0000000001DB0000-memory.dmp

Filesize
256KB

Download
memory/2212-5-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-6-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-8-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-10-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-12-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-14-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-16-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-18-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-20-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-22-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-24-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-26-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-30-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-32-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-36-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-38-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-42-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-46-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-48-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-52-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-2-0x0000000001D70000-0x0000000001DB0000-memory.dmp

Filesize
256KB

Download
memory/2212-58-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-60-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-64-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-3-0x0000000001D70000-0x0000000001DB0000-memory.dmp

Filesize
256KB

Download
memory/2212-68-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-62-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-56-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-50-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-44-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-40-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-34-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-28-0x0000000004520000-0x0000000004553000-memory.dmp

Filesize
204KB

Download
memory/2212-163-0x0000000004710000-0x0000000004711000-memory.dmp

Filesize
4KB

Download
memory/2212-171-0x0000000074A30000-0x0000000074FDB000-memory.dmp

Filesize
5.7MB

Download
memory/2212-0-0x0000000074A30000-0x0000000074FDB000-memory.dmp

Filesize
5.7MB

Download
memory/2212-1-0x0000000074A30000-0x0000000074FDB000-memory.dmp

Filesize
5.7MB

Download
memory/2816-172-0x0000000074A30000-0x0000000074FDB000-memory.dmp

Filesize
5.7MB

Download
memory/2816-180-0x0000000074A30000-0x0000000074FDB000-memory.dmp

Filesize
5.7MB

Download
memory/2816-334-0x0000000002030000-0x0000000002031000-memory.dmp

Filesize
4KB

Download
memory/2816-335-0x0000000074A30000-0x0000000074FDB000-memory.dmp

Filesize
5.7MB

Download
memory/2816-336-0x0000000002040000-0x0000000002080000-memory.dmp

Filesize
256KB

Download
memory/2816-174-0x0000000002040000-0x0000000002080000-memory.dmp

Filesize
256KB

Download
memory/2816-176-0x0000000002040000-0x0000000002080000-memory.dmp

Filesize
256KB

Download
memory/2816-337-0x0000000002040000-0x0000000002080000-memory.dmp

Filesize
256KB

Download
memory/2816-338-0x0000000002040000-0x0000000002080000-memory.dmp

Filesize
256KB

Download
memory/2816-2424-0x0000000002040000-0x0000000002080000-memory.dmp

Filesize
256KB

Download
memory/2816-2425-0x0000000005DC0000-0x0000000005EC0000-memory.dmp

Filesize
1024KB

Download
memory/2816-2428-0x0000000002040000-0x0000000002080000-memory.dmp

Filesize
256KB

Download
memory/2816-2429-0x0000000005DC0000-0x0000000005EC0000-memory.dmp

Filesize
1024KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads