61a3adefdea662a81a89851d6a47913121dbd165b3352c32210ceae48f33accf

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
16/10/2023, 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.c8661024de4e069aa74e24cacb68ca20.exe
Size

42KB
MD5

c8661024de4e069aa74e24cacb68ca20
SHA1

8461dbc56f1bace05e46bb5c6f213a6c5e2f66f2
SHA256

61a3adefdea662a81a89851d6a47913121dbd165b3352c32210ceae48f33accf
SHA512

8d7da7262139aeaad7a10e359ba084873cfc3266e13e2dde4d79d9bc067dbca7ac692a0de29a6737d85ec7b529d69566539faf16b05b69f6c3e95a0173574b02
SSDEEP

768:C/+8ldkxYXO5lsvhBznbcuyD7UTy3wy3BEywe0u:6+8ldkxOO5Sv/znouy8TuzuK

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\HideFileExt = "1"	NEAS.c8661024de4e069aa74e24cacb68ca20.exe

Sets file execution options in registry 2 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\Debugger = "C:\\WINDOWS\\Fonts.exe"	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "C:\\WINDOWS\\Fonts.exe"	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\Debugger = "C:\\WINDOWS\\Fonts.exe"	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dxdiag.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dxdiag.exe\Debugger = "C:\\WINDOWS\\Fonts.exe"	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe

Drops file in Program Files directory 42 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Windows Defender	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Mail.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Media Player.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Photo Viewer.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Google	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Reference Assemblies	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Microsoft Games	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Microsoft Office.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\VideoLAN	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Portable Devices.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Internet Explorer.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Internet Explorer	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Mozilla Firefox.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Mozilla Firefox	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\MSBuild	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Defender.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Mail	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Media Player	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Thumbs.db	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Microsoft Office	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Sidebar	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\DVD Maker	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Google.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Java.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Reference Assemblies.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Sidebar.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Common Files	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\DVD Maker.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Microsoft Games.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\MSBuild.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows NT.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Portable Devices	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\7-Zip	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Java	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\7-Zip.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Journal.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Photo Viewer	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Common Files.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows Journal	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\Windows NT	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File created	C:\Program Files\Thumbs.db	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
File opened for modification	C:\Program Files\VideoLAN.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\Fonts.exe	NEAS.c8661024de4e069aa74e24cacb68ca20.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 37 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0 = 4a003100000000005157ac1b102054656d700000360008000400efbe1f5783ad5157ac1b2a000000ff010000000002000000000000000000000000000000540065006d007000000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 4c003100000000001f5747b4100041646d696e00380008000400efbe1f5783ad1f5747b42a00000030000000000004000000000000000000000000000000410064006d0069006e00000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 52003100000000001f5783ad122041707044617461003c0008000400efbe1f5783ad1f5783ad2a000000eb0100000000020000000000000000000000000000004100700070004400610074006100000016000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0 = 4c003100000000001f5772b010204c6f63616c00380008000400efbe1f5783ad1f5772b02a000000fe0100000000020000000000000000000000000000004c006f00630061006c00000014000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 74003100000000001f5783ad1100557365727300600008000400efbeee3a851a1f5783ad2a000000e601000000000100000000000000000036000000000055007300650072007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100380031003300000014000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0\NodeSlot = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3185155662-718608226-894467740-1000_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\0\0\0 = 92003100000000005157ac1b12004e4541537e312e4338360000780008000400efbe5157ac1b5157ac1b2a0000005e2201000000090000000000000000000000000000004e004500410053002e006300380036003600310030003200340064006500340065003000360039006100610037003400650032003400630061006300620036003800630061003200300000001a000000	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2648	explorer.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2060	NEAS.c8661024de4e069aa74e24cacb68ca20.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2876	2060	NEAS.c8661024de4e069aa74e24cacb68ca20.exe	28
PID 2060 wrote to memory of 2876	2060	NEAS.c8661024de4e069aa74e24cacb68ca20.exe	28
PID 2060 wrote to memory of 2876	2060	NEAS.c8661024de4e069aa74e24cacb68ca20.exe	28
PID 2060 wrote to memory of 2876	2060	NEAS.c8661024de4e069aa74e24cacb68ca20.exe	28

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	NEAS.c8661024de4e069aa74e24cacb68ca20.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions = "1"	NEAS.c8661024de4e069aa74e24cacb68ca20.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.c8661024de4e069aa74e24cacb68ca20.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.c8661024de4e069aa74e24cacb68ca20.exe"
1⤵
- Modifies visibility of file extensions in Explorer
- Sets file execution options in registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2060
- C:\Windows\SysWOW64\Explorer.exe
  Explorer C:\Users\Admin\AppData\Local\Temp\NEAS.c8661024de4e069aa74e24cacb68ca20
  2⤵
  PID:2876

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Thumbs.db

Filesize
13B

MD5
3579c8da7f1e0ad94656e76c886e5125

SHA1
83eb531bfd10f917770441c7f548dcd841e70fdd

SHA256
b08022d315cf1eb12d2665bded0e6af40653c0a0be975232fb49bcbd021cfc36

SHA512
3493fa6334931c1e41e0e9d0621949c8bfd33c72811b3407e47c17fb55864a0710ae094bb0d547f19ec23d7626f04fe620ed478ada1d88e6647794063036388d

Download Submit
C:\Users.exe

Filesize
42KB

MD5
2ca8f9b37e3f1f866e02bc97c4f127de

SHA1
7cd87d287c99c80380314dba8ded88bdec5fb7f6

SHA256
ad680a8d6d0255577ef8e08f8d7ec161cb690a78bde1690fab2be746559fc50c

SHA512
051823749faf0045f611ef8694bff2b8070558f3d47fd95a7bdc76c1116fe5a4d1f8b47c8190f15270499c10a27d9005f44add9edc196fac71ffd1e3f2266579

Download Submit
memory/2060-0-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2060-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2060-7-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2060-21-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2060-59-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2648-8-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/2648-9-0x0000000003740000-0x0000000003750000-memory.dmp

Filesize
64KB

Download
memory/2648-60-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads