glupteba | b691e6ae0f39b098f46f2eb4bcb56813961ca4a40e925a35f44c84739dabe807

Analysis

max time kernel
11s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 02:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

JC_b691e6ae0f39b098f46f2eb4bcb56813961ca4a40e925a35f44c84739dabe807.exe
Size

4.2MB
MD5

169d8c38128501ddd877c604f24417a3
SHA1

d4038d0476cf6b361adcaaabd746f9a4e27dded4
SHA256

b691e6ae0f39b098f46f2eb4bcb56813961ca4a40e925a35f44c84739dabe807
SHA512

c2081d9e5c50f4f703f557ad568eef7c491e39b13319ce84cca11ab769e2670ee41a9c4c34523406fe0fe50f3c29a74e884c63ad23baa786ca608a342fd9eb88
SSDEEP

98304:/mCQKHB/gIjk/hTwq8fgR3HqTX3kmqCCLlMHbYtXcn:eCVgIjk/hD842X3fTCL5G

Score

10^/10

glupteba dropper evasion loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 21 IoCs

resource	yara_rule
behavioral2/memory/4880-1-0x0000000004BB0000-0x000000000549B000-memory.dmp	family_glupteba
behavioral2/memory/4880-2-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4880-3-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4880-25-0x0000000004BB0000-0x000000000549B000-memory.dmp	family_glupteba
behavioral2/memory/4880-31-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4880-50-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4880-59-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/3032-61-0x0000000004B90000-0x000000000547B000-memory.dmp	family_glupteba
behavioral2/memory/3032-62-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/3032-64-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/3032-110-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/3032-124-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/3032-159-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4824-178-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4824-242-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4824-262-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4824-270-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4824-272-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4824-274-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4824-276-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba
behavioral2/memory/4824-278-0x0000000000400000-0x0000000002817000-memory.dmp	family_glupteba

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
3924	netsh.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023250-265.dat	upx
behavioral2/files/0x0007000000023250-266.dat	upx
behavioral2/files/0x0007000000023250-268.dat	upx
behavioral2/memory/1308-269-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1520-271-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1520-275-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3516	sc.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
116	schtasks.exe
3100	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\JC_b691e6ae0f39b098f46f2eb4bcb56813961ca4a40e925a35f44c84739dabe807.exe
"C:\Users\Admin\AppData\Local\Temp\JC_b691e6ae0f39b098f46f2eb4bcb56813961ca4a40e925a35f44c84739dabe807.exe"
1⤵
PID:4880
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  PID:4332
- C:\Users\Admin\AppData\Local\Temp\JC_b691e6ae0f39b098f46f2eb4bcb56813961ca4a40e925a35f44c84739dabe807.exe
  "C:\Users\Admin\AppData\Local\Temp\JC_b691e6ae0f39b098f46f2eb4bcb56813961ca4a40e925a35f44c84739dabe807.exe"
  2⤵
  PID:3032
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:1860
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:3680
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:3924
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:2736
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:4140
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:4824
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:5100
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:956
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:4880
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:116
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:2836
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:3100
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:1308
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:3356
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:3516

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_044qo0yc.d3h.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
3d086a433708053f9bf9523e1d87a4e8

SHA1
b3ab5d4f282a4c8fe8c3005b8a557ed5a0e37f28

SHA256
6f8fd1b8d9788ad54eaeee329232187e24b7b43393a01aeba2d6e9675231fb69

SHA512
931ae42b4c68a4507ff2342332b08eb407050d47cf4176137ea022d0f6e513c689e998445a04c6d18d4877391705c586bfce0234632b898d41aaed0957996dfd

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
5846995569fd345be0e3e96c1a827384

SHA1
a76de3a45a32d36995e8243b7adf0ad73b0ef527

SHA256
0a8a771873fc2e33dd68bf327ed8d34d83fd93edf1460bf8b1df95afae07cf09

SHA512
8d4b83bd05d69238a36a74a9ce4b8d8f1f2f461652960dd1859feb7e455200b37b8713dadc6ce604e1bfdba449a9fdabf2c44a3a52bdebc17d487449ffbbd1c5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
e1d724f97fe66b50fb8c8b1d6ba48d05

SHA1
39ca58fa07cdbb1cdb63e6bf78ee38dcc516438c

SHA256
fc5720fab1bacf5e32d9f55d8a50d55fac631c2ef49206cc10fa483fe5f7d9f1

SHA512
2de068799a48cad77cc0c3e84536ef7bf7d8c9b499609316d19c047beeb5092207badc61e82a422c55ee21ec892019f237f7e7f4c76b5eed5a75b8e5403004db

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
bb7143e1e3561336aba46559989e30a2

SHA1
d474beb4e1199e0e2ed92c20a83d0aeb0a1b15a6

SHA256
4d4ff771c547786d414373f2af88bdbb054a624d9d8703a92d979f2565b1cdf6

SHA512
ae5f2edf790cb35ae0bfa685214f00afdb206c0b6fff38730b80c2b7e80ea8232c5e6b78b1bf831df0d6c72b5d5cef42b3dd3e5d7e8b9730e0ae9b0e9daf7d15

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
c8c43d2cddef28b4bc07cefd9ab89c2c

SHA1
5777b544d591bad92ed2616b59c34a13fb3c4bc6

SHA256
95d2baef2ac1cb01801d2e88ea6f95017d2f80d3cb3d0ef51ab3f462d45886d5

SHA512
3b326f9e99099c0482bb4d72a01a1cc13e660ee9dc5659f978f4419ade9acd9135f2ba0ab76dd7307d6ddf9ff503b9d4c3a85f1f65a130d2821cd303f20b34cb

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
562f55a4eda117e1d3734231606311f2

SHA1
f5afb055d4a631ba7f07218c0d92558dea56984c

SHA256
2fc076e0fee1faf0465d15b880027b1f8a90f7c67559edb90b54f955e6f44183

SHA512
fa26bf9a5933fcd7e3f23335e223a3b56792b00c54e300e2996522e68ee81f0c70a5356fc3b230d956ead3d43fc5d95dbe98f5061193c58cfd5a917c33ae9821

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.2MB

MD5
169d8c38128501ddd877c604f24417a3

SHA1
d4038d0476cf6b361adcaaabd746f9a4e27dded4

SHA256
b691e6ae0f39b098f46f2eb4bcb56813961ca4a40e925a35f44c84739dabe807

SHA512
c2081d9e5c50f4f703f557ad568eef7c491e39b13319ce84cca11ab769e2670ee41a9c4c34523406fe0fe50f3c29a74e884c63ad23baa786ca608a342fd9eb88

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.2MB

MD5
169d8c38128501ddd877c604f24417a3

SHA1
d4038d0476cf6b361adcaaabd746f9a4e27dded4

SHA256
b691e6ae0f39b098f46f2eb4bcb56813961ca4a40e925a35f44c84739dabe807

SHA512
c2081d9e5c50f4f703f557ad568eef7c491e39b13319ce84cca11ab769e2670ee41a9c4c34523406fe0fe50f3c29a74e884c63ad23baa786ca608a342fd9eb88

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/1308-269-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1520-271-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1520-275-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1860-76-0x0000000006020000-0x0000000006374000-memory.dmp

Filesize
3.3MB

Download
memory/1860-95-0x0000000074AD0000-0x0000000075280000-memory.dmp

Filesize
7.7MB

Download
memory/1860-65-0x0000000002E20000-0x0000000002E30000-memory.dmp

Filesize
64KB

Download
memory/1860-63-0x0000000074AD0000-0x0000000075280000-memory.dmp

Filesize
7.7MB

Download
memory/1860-77-0x0000000006550000-0x000000000659C000-memory.dmp

Filesize
304KB

Download
memory/1860-78-0x0000000002E20000-0x0000000002E30000-memory.dmp

Filesize
64KB

Download
memory/1860-79-0x00000000709D0000-0x0000000070A1C000-memory.dmp

Filesize
304KB

Download
memory/1860-80-0x0000000070B50000-0x0000000070EA4000-memory.dmp

Filesize
3.3MB

Download
memory/1860-71-0x0000000002E20000-0x0000000002E30000-memory.dmp

Filesize
64KB

Download
memory/1860-90-0x0000000007620000-0x00000000076C3000-memory.dmp

Filesize
652KB

Download
memory/1860-91-0x0000000007930000-0x0000000007941000-memory.dmp

Filesize
68KB

Download
memory/1860-92-0x0000000007980000-0x0000000007994000-memory.dmp

Filesize
80KB

Download
memory/2736-114-0x0000000071190000-0x00000000714E4000-memory.dmp

Filesize
3.3MB

Download
memory/2736-126-0x0000000074AD0000-0x0000000075280000-memory.dmp

Filesize
7.7MB

Download
memory/2736-97-0x0000000074AD0000-0x0000000075280000-memory.dmp

Filesize
7.7MB

Download
memory/2736-98-0x0000000002480000-0x0000000002490000-memory.dmp

Filesize
64KB

Download
memory/2736-104-0x0000000005420000-0x0000000005774000-memory.dmp

Filesize
3.3MB

Download
memory/2736-111-0x0000000002480000-0x0000000002490000-memory.dmp

Filesize
64KB

Download
memory/2736-112-0x0000000002480000-0x0000000002490000-memory.dmp

Filesize
64KB

Download
memory/2736-113-0x00000000709D0000-0x0000000070A1C000-memory.dmp

Filesize
304KB

Download
memory/3032-124-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/3032-110-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/3032-60-0x0000000004790000-0x0000000004B88000-memory.dmp

Filesize
4.0MB

Download
memory/3032-61-0x0000000004B90000-0x000000000547B000-memory.dmp

Filesize
8.9MB

Download
memory/3032-62-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/3032-64-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/3032-159-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4140-127-0x0000000074AD0000-0x0000000075280000-memory.dmp

Filesize
7.7MB

Download
memory/4140-129-0x0000000004D30000-0x0000000004D40000-memory.dmp

Filesize
64KB

Download
memory/4140-128-0x0000000004D30000-0x0000000004D40000-memory.dmp

Filesize
64KB

Download
memory/4332-53-0x0000000007750000-0x000000000776A000-memory.dmp

Filesize
104KB

Download
memory/4332-6-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/4332-4-0x0000000002940000-0x0000000002976000-memory.dmp

Filesize
216KB

Download
memory/4332-58-0x0000000074A30000-0x00000000751E0000-memory.dmp

Filesize
7.7MB

Download
memory/4332-55-0x0000000007730000-0x0000000007738000-memory.dmp

Filesize
32KB

Download
memory/4332-26-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/4332-54-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/4332-5-0x0000000074A30000-0x00000000751E0000-memory.dmp

Filesize
7.7MB

Download
memory/4332-52-0x0000000007660000-0x0000000007674000-memory.dmp

Filesize
80KB

Download
memory/4332-51-0x0000000007650000-0x000000000765E000-memory.dmp

Filesize
56KB

Download
memory/4332-7-0x0000000005000000-0x0000000005628000-memory.dmp

Filesize
6.2MB

Download
memory/4332-49-0x0000000007610000-0x0000000007621000-memory.dmp

Filesize
68KB

Download
memory/4332-48-0x0000000007690000-0x0000000007726000-memory.dmp

Filesize
600KB

Download
memory/4332-47-0x00000000075D0000-0x00000000075DA000-memory.dmp

Filesize
40KB

Download
memory/4332-24-0x0000000006490000-0x00000000064D4000-memory.dmp

Filesize
272KB

Download
memory/4332-46-0x0000000074A30000-0x00000000751E0000-memory.dmp

Filesize
7.7MB

Download
memory/4332-45-0x00000000074F0000-0x0000000007593000-memory.dmp

Filesize
652KB

Download
memory/4332-33-0x000000007FB00000-0x000000007FB10000-memory.dmp

Filesize
64KB

Download
memory/4332-44-0x0000000007490000-0x00000000074AE000-memory.dmp

Filesize
120KB

Download
memory/4332-34-0x0000000070CA0000-0x0000000070FF4000-memory.dmp

Filesize
3.3MB

Download
memory/4332-32-0x00000000708D0000-0x000000007091C000-memory.dmp

Filesize
304KB

Download
memory/4332-8-0x0000000004F40000-0x0000000004F62000-memory.dmp

Filesize
136KB

Download
memory/4332-30-0x00000000074B0000-0x00000000074E2000-memory.dmp

Filesize
200KB

Download
memory/4332-29-0x0000000007300000-0x000000000731A000-memory.dmp

Filesize
104KB

Download
memory/4332-28-0x0000000007960000-0x0000000007FDA000-memory.dmp

Filesize
6.5MB

Download
memory/4332-9-0x0000000005730000-0x0000000005796000-memory.dmp

Filesize
408KB

Download
memory/4332-22-0x0000000006260000-0x00000000062AC000-memory.dmp

Filesize
304KB

Download
memory/4332-21-0x0000000005F20000-0x0000000005F3E000-memory.dmp

Filesize
120KB

Download
memory/4332-27-0x0000000007260000-0x00000000072D6000-memory.dmp

Filesize
472KB

Download
memory/4332-20-0x0000000005900000-0x0000000005C54000-memory.dmp

Filesize
3.3MB

Download
memory/4332-10-0x0000000005890000-0x00000000058F6000-memory.dmp

Filesize
408KB

Download
memory/4824-270-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4824-282-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4824-242-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4824-280-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4824-178-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4824-262-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4824-278-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4824-276-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4824-274-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4824-272-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4880-25-0x0000000004BB0000-0x000000000549B000-memory.dmp

Filesize
8.9MB

Download
memory/4880-2-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4880-3-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4880-59-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4880-1-0x0000000004BB0000-0x000000000549B000-memory.dmp

Filesize
8.9MB

Download
memory/4880-50-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4880-0-0x00000000047B0000-0x0000000004BA8000-memory.dmp

Filesize
4.0MB

Download
memory/4880-31-0x0000000000400000-0x0000000002817000-memory.dmp

Filesize
36.1MB

Download
memory/4880-23-0x00000000047B0000-0x0000000004BA8000-memory.dmp

Filesize
4.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads