glupteba | 55b01de7a08a166414e2e509184d2715dab72ae24aeaabe3a9ed802e0c04b379

Analysis

max time kernel
5s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JC_55b01de7a08a166414e2e509184d2715dab72ae24aeaabe3a9ed802e0c04b379.exe
Size

4.2MB
MD5

a1439a03495ae2aefac6d2d6f42482a2
SHA1

a4198f3902590847286b61a1d7c61571ad44161a
SHA256

55b01de7a08a166414e2e509184d2715dab72ae24aeaabe3a9ed802e0c04b379
SHA512

ac77d83a82be83df4baa756dafa686b3bc5a5db23e3ffa374db85a0cba5255a0eebd2323f111a4ba56a83760b93d139ccb9df6f048c93c2bc086e6006db1e36b
SSDEEP

98304:lUXt9//byb+aA4mV8FjZFBpd6xZ1Y6LSs6derlK9PWlHc5:gRbyb+8HFFnd6rCESs6ch8oHG

Score

10^/10

glupteba dropper evasion loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 18 IoCs

resource	yara_rule
behavioral2/memory/4976-1-0x00000000049E0000-0x00000000052CB000-memory.dmp	family_glupteba
behavioral2/memory/4976-2-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4976-25-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4976-26-0x00000000049E0000-0x00000000052CB000-memory.dmp	family_glupteba
behavioral2/memory/2540-58-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4976-72-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/2540-97-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/2540-106-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/2540-153-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4136-231-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4136-252-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4136-262-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4136-265-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4136-268-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4136-271-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4136-274-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4136-277-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba
behavioral2/memory/4136-280-0x0000000000400000-0x0000000002815000-memory.dmp	family_glupteba

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
2580	netsh.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00070000000232a3-255.dat	upx
behavioral2/files/0x00070000000232a3-256.dat	upx
behavioral2/files/0x00070000000232a3-258.dat	upx
behavioral2/memory/2356-260-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/4808-263-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/4808-269-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/files/0x0003000000000717-289.dat	upx
behavioral2/files/0x0003000000000717-290.dat	upx
behavioral2/memory/4808-292-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4164	sc.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4392	schtasks.exe
2632	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\JC_55b01de7a08a166414e2e509184d2715dab72ae24aeaabe3a9ed802e0c04b379.exe
"C:\Users\Admin\AppData\Local\Temp\JC_55b01de7a08a166414e2e509184d2715dab72ae24aeaabe3a9ed802e0c04b379.exe"
1⤵
PID:4976
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  PID:3792
- C:\Users\Admin\AppData\Local\Temp\JC_55b01de7a08a166414e2e509184d2715dab72ae24aeaabe3a9ed802e0c04b379.exe
  "C:\Users\Admin\AppData\Local\Temp\JC_55b01de7a08a166414e2e509184d2715dab72ae24aeaabe3a9ed802e0c04b379.exe"
  2⤵
  PID:2540
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:4572
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:1520
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:2580
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:2856
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:3760
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:4136
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:3720
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:4392
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:3308
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:464
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:2280
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:2632
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:2356
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:3100
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:4164
  - - C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe
      4⤵
      PID:2892
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /delete /tn "csrss" /f
        5⤵
        
        PID:2336
    - - C:\Windows\SYSTEM32\schtasks.exe
        
        schtasks /delete /tn "ScheduledUpdate" /f
        5⤵
        
        PID:4912

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:4808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_y4gzlngx.2m3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe

Filesize
2.6MB

MD5
026eaee3c279cdcff5bdd77560a473f9

SHA1
bea764a6e20ade8100ccfdcc16e847a885893681

SHA256
73a562a2f8712bcc5a97b1ca15cca02dbc8d70e0307bd0d78a69e3f98c738be5

SHA512
e3e318760c9677349c5a22ede6f48c8ea8973c7ee6ec1bac3d8e2b56400d76026fbceebd3db57aa697a89e70ff7d0ef5d8afa08fc0e3ad0acb3208650f98baf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\f801950a962ddba14caaa44bf084b55c.exe

Filesize
2.9MB

MD5
6b090b07e1ffcaf07da7de32a349519a

SHA1
c20cbc6e37ffbdb3e3a014a423e3303b8ce8e70f

SHA256
b972e7d5dc570e8cad1fc9e8d8009cabdeb4933deb7b56525ce1006cdd904ea3

SHA512
b0e922fef0abf31c053ed1736b227c1a7634deabe401530f33473d3fbe47f818dc2f88beb59e80ba134b3542db45aa523d2c1f7970d867dcfb0f2038f107d758

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
281KB

MD5
d98e33b66343e7c96158444127a117f6

SHA1
bb716c5509a2bf345c6c1152f6e3e1452d39d50d

SHA256
5de4e2b07a26102fe527606ce5da1d5a4b938967c9d380a3c5fe86e2e34aaaf1

SHA512
705275e4a1ba8205eb799a8cf1737bc8ba686925e52c9198a6060a7abeee65552a85b814ac494a4b975d496a63be285f19a6265550585f2fc85824c42d7efab5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
69187a245da4b59126b3d7ce15ec41e5

SHA1
4b1fc8234ba1cd66765c1841753dafb7f4bbf388

SHA256
889e25fd542b6dc0b8b6c4e24477dcf81d94c2e7acd513327035cf25c597cc27

SHA512
2460e7023444c84bfce4100a19ffade68918afe65b0c0f230843be1360db4a69c63cf3a41fc619c7df89dc6887b01916dc0ac3836623072c5823d0c120837030

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
4be430634de311ffa20a19f4566156d8

SHA1
98f240ff2c9bd20baa2b8628c0cf02236902a4d0

SHA256
428984502408ff0cad36fd07b3b90e7ac29d6b0bdea3c84b443f230a3f881ce7

SHA512
918188d26119a6b01560fd3ee1f2aa70341d58b658ffbf5445c25f6f0bb78135f7f88abf39b3607ed905dcbd2013a35537741f98c81937e3e019490f9945e608

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
2076615cee2636c7c1ef037d3e60543e

SHA1
f11a65f4b5b1c3ee4b43c777608c4991887e347d

SHA256
17e90cb6212715500d92a977b0d4606a624e481a9b544a2c5b2f7106d19800b6

SHA512
146e4ecff5d5b2694ddba265221fde5fba7aad8dce63fdd41cd795a5a7105ce00ec1bc5385f8c37ac1defb2835205374da376a0847e58cfd9ac6d3c942ce0d04

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
083ca2363a1086c936878dbd7f7ac20a

SHA1
9ab4742ce5f6a30132c666e8b2ea4eb573baa547

SHA256
cd55a27fb7b1b92a6242d9dbb90fb9134ebc6207cbeac717bd82a05b1bb6975c

SHA512
5523e1214e2f7c043f3148169fecbd5a9b6419b6a6f51a77c11df87b69b85e157f3d3e9d8ac27339a010177eb2fe07019f18e42254dfe1e86a450d2b42d4397e

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
666b0b38ba1870bd87def3d1a92918d4

SHA1
9b299e698b67de97a44f60c7c06f29ee2a3a2cef

SHA256
5d782cef61756f790e1d9cbc3e84112bb85fd9264c5a380ce07041a016f33b50

SHA512
f810cc0d2c181d1c5809ef4e0bae459cc8e0fd7354c08f61d7d93dcdc3fc1867c1f8ecfeebb9aa47704226d9f906fd9851741b077f2200bc495a692db470341b

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.2MB

MD5
a1439a03495ae2aefac6d2d6f42482a2

SHA1
a4198f3902590847286b61a1d7c61571ad44161a

SHA256
55b01de7a08a166414e2e509184d2715dab72ae24aeaabe3a9ed802e0c04b379

SHA512
ac77d83a82be83df4baa756dafa686b3bc5a5db23e3ffa374db85a0cba5255a0eebd2323f111a4ba56a83760b93d139ccb9df6f048c93c2bc086e6006db1e36b

Download Submit
C:\Windows\rss\csrss.exe

Filesize
4.2MB

MD5
a1439a03495ae2aefac6d2d6f42482a2

SHA1
a4198f3902590847286b61a1d7c61571ad44161a

SHA256
55b01de7a08a166414e2e509184d2715dab72ae24aeaabe3a9ed802e0c04b379

SHA512
ac77d83a82be83df4baa756dafa686b3bc5a5db23e3ffa374db85a0cba5255a0eebd2323f111a4ba56a83760b93d139ccb9df6f048c93c2bc086e6006db1e36b

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
C:\Windows\windefender.exe

Filesize
2.0MB

MD5
8e67f58837092385dcf01e8a2b4f5783

SHA1
012c49cfd8c5d06795a6f67ea2baf2a082cf8625

SHA256
166ddb03ff3c89bd4525ac390067e180fdd08f10fbcf4aadb0189541673c03fa

SHA512
40d8ae12663fc1851e171d9d86cea8bb12487b734c218d7b6f9742eb07d4ca265065cbd6d0bb908f8bda7e3d955c458dfe3fd13265bbf573b9351e0a2bf691ec

Download Submit
memory/2356-260-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/2540-153-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/2540-57-0x00000000044B0000-0x00000000048A8000-memory.dmp

Filesize
4.0MB

Download
memory/2540-58-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/2540-97-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/2540-106-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/2856-107-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/2856-105-0x0000000074310000-0x0000000074AC0000-memory.dmp

Filesize
7.7MB

Download
memory/2856-121-0x0000000074310000-0x0000000074AC0000-memory.dmp

Filesize
7.7MB

Download
memory/2856-109-0x0000000070910000-0x0000000070C64000-memory.dmp

Filesize
3.3MB

Download
memory/2856-108-0x00000000701B0000-0x00000000701FC000-memory.dmp

Filesize
304KB

Download
memory/2856-99-0x0000000005DD0000-0x0000000006124000-memory.dmp

Filesize
3.3MB

Download
memory/2856-103-0x0000000004FD0000-0x0000000004FE0000-memory.dmp

Filesize
64KB

Download
memory/3760-122-0x0000000074310000-0x0000000074AC0000-memory.dmp

Filesize
7.7MB

Download
memory/3760-134-0x0000000005980000-0x0000000005CD4000-memory.dmp

Filesize
3.3MB

Download
memory/3760-123-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/3760-136-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/3760-124-0x00000000028F0000-0x0000000002900000-memory.dmp

Filesize
64KB

Download
memory/3760-137-0x00000000701B0000-0x00000000701FC000-memory.dmp

Filesize
304KB

Download
memory/3760-138-0x0000000070330000-0x0000000070684000-memory.dmp

Filesize
3.3MB

Download
memory/3792-35-0x00000000705D0000-0x0000000070924000-memory.dmp

Filesize
3.3MB

Download
memory/3792-27-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/3792-53-0x0000000008120000-0x0000000008128000-memory.dmp

Filesize
32KB

Download
memory/3792-52-0x00000000081E0000-0x00000000081FA000-memory.dmp

Filesize
104KB

Download
memory/3792-3-0x00000000053E0000-0x0000000005416000-memory.dmp

Filesize
216KB

Download
memory/3792-4-0x0000000074310000-0x0000000074AC0000-memory.dmp

Filesize
7.7MB

Download
memory/3792-5-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/3792-6-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/3792-7-0x0000000005B20000-0x0000000006148000-memory.dmp

Filesize
6.2MB

Download
memory/3792-8-0x0000000005AD0000-0x0000000005AF2000-memory.dmp

Filesize
136KB

Download
memory/3792-9-0x00000000061C0000-0x0000000006226000-memory.dmp

Filesize
408KB

Download
memory/3792-10-0x0000000006230000-0x0000000006296000-memory.dmp

Filesize
408KB

Download
memory/3792-20-0x0000000006360000-0x00000000066B4000-memory.dmp

Filesize
3.3MB

Download
memory/3792-21-0x00000000069C0000-0x00000000069DE000-memory.dmp

Filesize
120KB

Download
memory/3792-22-0x0000000006A70000-0x0000000006ABC000-memory.dmp

Filesize
304KB

Download
memory/3792-24-0x0000000006DF0000-0x0000000006E34000-memory.dmp

Filesize
272KB

Download
memory/3792-51-0x00000000080F0000-0x0000000008104000-memory.dmp

Filesize
80KB

Download
memory/3792-50-0x00000000080E0000-0x00000000080EE000-memory.dmp

Filesize
56KB

Download
memory/3792-49-0x00000000080A0000-0x00000000080B1000-memory.dmp

Filesize
68KB

Download
memory/3792-48-0x0000000008140000-0x00000000081D6000-memory.dmp

Filesize
600KB

Download
memory/3792-47-0x0000000008080000-0x000000000808A000-memory.dmp

Filesize
40KB

Download
memory/3792-31-0x0000000074310000-0x0000000074AC0000-memory.dmp

Filesize
7.7MB

Download
memory/3792-32-0x000000007FAF0000-0x000000007FB00000-memory.dmp

Filesize
64KB

Download
memory/3792-46-0x0000000007F90000-0x0000000008033000-memory.dmp

Filesize
652KB

Download
memory/3792-33-0x0000000007F50000-0x0000000007F82000-memory.dmp

Filesize
200KB

Download
memory/3792-45-0x0000000007F30000-0x0000000007F4E000-memory.dmp

Filesize
120KB

Download
memory/3792-56-0x0000000074310000-0x0000000074AC0000-memory.dmp

Filesize
7.7MB

Download
memory/3792-34-0x00000000701B0000-0x00000000701FC000-memory.dmp

Filesize
304KB

Download
memory/3792-29-0x00000000083E0000-0x0000000008A5A000-memory.dmp

Filesize
6.5MB

Download
memory/3792-30-0x0000000007D90000-0x0000000007DAA000-memory.dmp

Filesize
104KB

Download
memory/3792-28-0x0000000007C90000-0x0000000007D06000-memory.dmp

Filesize
472KB

Download
memory/4136-252-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-293-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-283-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-280-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-277-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-274-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-271-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-268-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-265-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-262-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4136-231-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4572-75-0x0000000070950000-0x0000000070CA4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-86-0x0000000007BE0000-0x0000000007BF1000-memory.dmp

Filesize
68KB

Download
memory/4572-73-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download
memory/4572-67-0x0000000006050000-0x00000000063A4000-memory.dmp

Filesize
3.3MB

Download
memory/4572-61-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download
memory/4572-60-0x00000000052A0000-0x00000000052B0000-memory.dmp

Filesize
64KB

Download
memory/4572-59-0x0000000074310000-0x0000000074AC0000-memory.dmp

Filesize
7.7MB

Download
memory/4572-74-0x00000000701B0000-0x00000000701FC000-memory.dmp

Filesize
304KB

Download
memory/4572-90-0x0000000074310000-0x0000000074AC0000-memory.dmp

Filesize
7.7MB

Download
memory/4572-87-0x0000000007C30000-0x0000000007C44000-memory.dmp

Filesize
80KB

Download
memory/4572-85-0x0000000007710000-0x00000000077B3000-memory.dmp

Filesize
652KB

Download
memory/4808-269-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4808-263-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4808-292-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4976-72-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4976-0-0x00000000045E0000-0x00000000049D8000-memory.dmp

Filesize
4.0MB

Download
memory/4976-23-0x00000000045E0000-0x00000000049D8000-memory.dmp

Filesize
4.0MB

Download
memory/4976-25-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4976-2-0x0000000000400000-0x0000000002815000-memory.dmp

Filesize
36.1MB

Download
memory/4976-1-0x00000000049E0000-0x00000000052CB000-memory.dmp

Filesize
8.9MB

Download
memory/4976-26-0x00000000049E0000-0x00000000052CB000-memory.dmp

Filesize
8.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads