mystic | f2f14e6530afa877205e78cd8d60eb1594a3607fad77fe66135005e257325ef3

Analysis

max time kernel
122s
max time network
142s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 12:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8cf19247877aa7c2491171cdccd5230.exe
Size

942KB
MD5

a8cf19247877aa7c2491171cdccd5230
SHA1

eb8a9375ce6791ec03609ff8bce01ec6a8f0bcd3
SHA256

f2f14e6530afa877205e78cd8d60eb1594a3607fad77fe66135005e257325ef3
SHA512

9fd99b5d5ad81d1f04f23ad9ffa4493af64985ea9e079005bbd73667c013b449d098a0f5e9c2217fe9434312e22a56ad08a6791f2976553ebff240c3412b5f35
SSDEEP

24576:FypHxujvHbJAd/MhaXnJyzJP33jr3Lfk8:gCbHbJuMhMnuJT

Score

10^/10

mystic persistence stealer

Malware Config

Extracted

Family

mystic

http://5.42.92.211/loghub/master

Signatures

Detect Mystic stealer payload 8 IoCs

resource	yara_rule
behavioral1/memory/2792-49-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2792-51-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2792-53-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2792-56-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2792-58-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2792-60-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2792-61-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic
behavioral1/memory/2792-66-0x0000000000400000-0x0000000000428000-memory.dmp	family_mystic

Mystic
Mystic is an infostealer written in C++.
stealer mystic

Executes dropped EXE 4 IoCs

pid	Process
2212	x4122673.exe
2352	x2426218.exe
2708	x4070711.exe
2628	g6192356.exe

Loads dropped DLL 13 IoCs

pid	Process
1728	a8cf19247877aa7c2491171cdccd5230.exe
2212	x4122673.exe
2212	x4122673.exe
2352	x2426218.exe
2352	x2426218.exe
2708	x4070711.exe
2708	x4070711.exe
2708	x4070711.exe
2628	g6192356.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	x4122673.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	x2426218.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	x4070711.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	a8cf19247877aa7c2491171cdccd5230.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2628 set thread context of 2792	2628	g6192356.exe	32

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2676	2628	WerFault.exe	31

Suspicious use of WriteProcessMemory 49 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2212	1728	a8cf19247877aa7c2491171cdccd5230.exe	28
PID 1728 wrote to memory of 2212	1728	a8cf19247877aa7c2491171cdccd5230.exe	28
PID 1728 wrote to memory of 2212	1728	a8cf19247877aa7c2491171cdccd5230.exe	28
PID 1728 wrote to memory of 2212	1728	a8cf19247877aa7c2491171cdccd5230.exe	28
PID 1728 wrote to memory of 2212	1728	a8cf19247877aa7c2491171cdccd5230.exe	28
PID 1728 wrote to memory of 2212	1728	a8cf19247877aa7c2491171cdccd5230.exe	28
PID 1728 wrote to memory of 2212	1728	a8cf19247877aa7c2491171cdccd5230.exe	28
PID 2212 wrote to memory of 2352	2212	x4122673.exe	29
PID 2212 wrote to memory of 2352	2212	x4122673.exe	29
PID 2212 wrote to memory of 2352	2212	x4122673.exe	29
PID 2212 wrote to memory of 2352	2212	x4122673.exe	29
PID 2212 wrote to memory of 2352	2212	x4122673.exe	29
PID 2212 wrote to memory of 2352	2212	x4122673.exe	29
PID 2212 wrote to memory of 2352	2212	x4122673.exe	29
PID 2352 wrote to memory of 2708	2352	x2426218.exe	30
PID 2352 wrote to memory of 2708	2352	x2426218.exe	30
PID 2352 wrote to memory of 2708	2352	x2426218.exe	30
PID 2352 wrote to memory of 2708	2352	x2426218.exe	30
PID 2352 wrote to memory of 2708	2352	x2426218.exe	30
PID 2352 wrote to memory of 2708	2352	x2426218.exe	30
PID 2352 wrote to memory of 2708	2352	x2426218.exe	30
PID 2708 wrote to memory of 2628	2708	x4070711.exe	31
PID 2708 wrote to memory of 2628	2708	x4070711.exe	31
PID 2708 wrote to memory of 2628	2708	x4070711.exe	31
PID 2708 wrote to memory of 2628	2708	x4070711.exe	31
PID 2708 wrote to memory of 2628	2708	x4070711.exe	31
PID 2708 wrote to memory of 2628	2708	x4070711.exe	31
PID 2708 wrote to memory of 2628	2708	x4070711.exe	31
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2792	2628	g6192356.exe	32
PID 2628 wrote to memory of 2676	2628	g6192356.exe	33
PID 2628 wrote to memory of 2676	2628	g6192356.exe	33
PID 2628 wrote to memory of 2676	2628	g6192356.exe	33
PID 2628 wrote to memory of 2676	2628	g6192356.exe	33
PID 2628 wrote to memory of 2676	2628	g6192356.exe	33
PID 2628 wrote to memory of 2676	2628	g6192356.exe	33
PID 2628 wrote to memory of 2676	2628	g6192356.exe	33

C:\Users\Admin\AppData\Local\Temp\a8cf19247877aa7c2491171cdccd5230.exe
"C:\Users\Admin\AppData\Local\Temp\a8cf19247877aa7c2491171cdccd5230.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x4122673.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x4122673.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\x2426218.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\x2426218.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\x4070711.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\x4070711.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:2628
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        
        PID:2792
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 272
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x4122673.exe

Filesize
840KB

MD5
8a3d5810c1af9616c70c3ff4c26a971c

SHA1
7a2f12e067bdcac8ea528e5f85ff37f65b7f9aa3

SHA256
30c1ddc7a3c156c3c3666d0158bae67974d4962688089803ac8ade9482670f1a

SHA512
a4045430d46524a66aea66e958c1e58921b0c5add4c3a2edb39354e84587f24c732b76fff5f43e4cef99256a239ec4b07a13a833a159a51cde5f163f7bb9d98f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\x4122673.exe

Filesize
840KB

MD5
8a3d5810c1af9616c70c3ff4c26a971c

SHA1
7a2f12e067bdcac8ea528e5f85ff37f65b7f9aa3

SHA256
30c1ddc7a3c156c3c3666d0158bae67974d4962688089803ac8ade9482670f1a

SHA512
a4045430d46524a66aea66e958c1e58921b0c5add4c3a2edb39354e84587f24c732b76fff5f43e4cef99256a239ec4b07a13a833a159a51cde5f163f7bb9d98f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\x2426218.exe

Filesize
562KB

MD5
ae1336013144644dad2d5c389b3b8a3e

SHA1
b19ac959e3eadee52bee13b26c387b6a47465f76

SHA256
f9d3696b656285663221a1804616dfcdb8ed30aee7735990e717849bc3c9662e

SHA512
7810bccd6368967a1bd90117be267387740c54388407a08bd8672b9a9908336a540963452db3465de94c68f3e29a76ef8d957cd628c0747de163c1c66b568d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\x2426218.exe

Filesize
562KB

MD5
ae1336013144644dad2d5c389b3b8a3e

SHA1
b19ac959e3eadee52bee13b26c387b6a47465f76

SHA256
f9d3696b656285663221a1804616dfcdb8ed30aee7735990e717849bc3c9662e

SHA512
7810bccd6368967a1bd90117be267387740c54388407a08bd8672b9a9908336a540963452db3465de94c68f3e29a76ef8d957cd628c0747de163c1c66b568d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\x4070711.exe

Filesize
396KB

MD5
40ff098803c4a11a28f27fb954c774ba

SHA1
a77a759cb697889a02b418da4e5baaafba0bec63

SHA256
1b2ead1cf52f23c364324d4754377f5ac2ba0f09372f290989de504d33074ede

SHA512
c91cc08f614ea2364536ab687faa2f4f7fdbedbfd83988af38d45a2b7f3bc6a5e8bba4e12ee82bd261372ec971ca21893459f9c792470fe575d93a4f577ed742

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\x4070711.exe

Filesize
396KB

MD5
40ff098803c4a11a28f27fb954c774ba

SHA1
a77a759cb697889a02b418da4e5baaafba0bec63

SHA256
1b2ead1cf52f23c364324d4754377f5ac2ba0f09372f290989de504d33074ede

SHA512
c91cc08f614ea2364536ab687faa2f4f7fdbedbfd83988af38d45a2b7f3bc6a5e8bba4e12ee82bd261372ec971ca21893459f9c792470fe575d93a4f577ed742

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\x4122673.exe

Filesize
840KB

MD5
8a3d5810c1af9616c70c3ff4c26a971c

SHA1
7a2f12e067bdcac8ea528e5f85ff37f65b7f9aa3

SHA256
30c1ddc7a3c156c3c3666d0158bae67974d4962688089803ac8ade9482670f1a

SHA512
a4045430d46524a66aea66e958c1e58921b0c5add4c3a2edb39354e84587f24c732b76fff5f43e4cef99256a239ec4b07a13a833a159a51cde5f163f7bb9d98f

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\x4122673.exe

Filesize
840KB

MD5
8a3d5810c1af9616c70c3ff4c26a971c

SHA1
7a2f12e067bdcac8ea528e5f85ff37f65b7f9aa3

SHA256
30c1ddc7a3c156c3c3666d0158bae67974d4962688089803ac8ade9482670f1a

SHA512
a4045430d46524a66aea66e958c1e58921b0c5add4c3a2edb39354e84587f24c732b76fff5f43e4cef99256a239ec4b07a13a833a159a51cde5f163f7bb9d98f

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\x2426218.exe

Filesize
562KB

MD5
ae1336013144644dad2d5c389b3b8a3e

SHA1
b19ac959e3eadee52bee13b26c387b6a47465f76

SHA256
f9d3696b656285663221a1804616dfcdb8ed30aee7735990e717849bc3c9662e

SHA512
7810bccd6368967a1bd90117be267387740c54388407a08bd8672b9a9908336a540963452db3465de94c68f3e29a76ef8d957cd628c0747de163c1c66b568d93

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\x2426218.exe

Filesize
562KB

MD5
ae1336013144644dad2d5c389b3b8a3e

SHA1
b19ac959e3eadee52bee13b26c387b6a47465f76

SHA256
f9d3696b656285663221a1804616dfcdb8ed30aee7735990e717849bc3c9662e

SHA512
7810bccd6368967a1bd90117be267387740c54388407a08bd8672b9a9908336a540963452db3465de94c68f3e29a76ef8d957cd628c0747de163c1c66b568d93

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\x4070711.exe

Filesize
396KB

MD5
40ff098803c4a11a28f27fb954c774ba

SHA1
a77a759cb697889a02b418da4e5baaafba0bec63

SHA256
1b2ead1cf52f23c364324d4754377f5ac2ba0f09372f290989de504d33074ede

SHA512
c91cc08f614ea2364536ab687faa2f4f7fdbedbfd83988af38d45a2b7f3bc6a5e8bba4e12ee82bd261372ec971ca21893459f9c792470fe575d93a4f577ed742

Download Submit
\Users\Admin\AppData\Local\Temp\IXP002.TMP\x4070711.exe

Filesize
396KB

MD5
40ff098803c4a11a28f27fb954c774ba

SHA1
a77a759cb697889a02b418da4e5baaafba0bec63

SHA256
1b2ead1cf52f23c364324d4754377f5ac2ba0f09372f290989de504d33074ede

SHA512
c91cc08f614ea2364536ab687faa2f4f7fdbedbfd83988af38d45a2b7f3bc6a5e8bba4e12ee82bd261372ec971ca21893459f9c792470fe575d93a4f577ed742

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
\Users\Admin\AppData\Local\Temp\IXP003.TMP\g6192356.exe

Filesize
379KB

MD5
53ce048636c37ef62829feabdc39cf20

SHA1
98d3b91379bad6685e3466c8eda6d9b6fb6150a0

SHA256
b6fc1741666c55a9cc1087bc9c01a412e715f713120ed5195913c466b5c4f35b

SHA512
0a486cb8ff18eedffc0e4d8968dc9ba467ba7318d55f997b7884c582d7c63758881767d6f974ece91036d41b06ead4a5036012272a9a7f0db9874abe0ae0ec08

Download Submit
memory/2792-45-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-53-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-55-0x00000000FFFDE000-0x00000000FFFDF000-memory.dmp

Filesize
4KB

Download
memory/2792-56-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-58-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-60-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-61-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-51-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-49-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-47-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-43-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/2792-66-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads