7643061bfc021eb991387e57ac75e540e35ce4732f3d63bb9c41e3397fea38f5

Analysis

max time kernel
142s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 01:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
Size

224KB
MD5

adf6378fa3ce8b5036263b43614dfdb0
SHA1

546917c88c2736444f9e3c4a06da73966eef98d2
SHA256

7643061bfc021eb991387e57ac75e540e35ce4732f3d63bb9c41e3397fea38f5
SHA512

005a62580a6bf4be910c465ae969a8b64163b0ed4ef7b2eaff6de38fe252e466678aaeedd81980967ba9683ccf3f827ded654aececa90e46662c99fc98b76f51
SSDEEP

6144:+tu+4jVmKOmC+0BZUtlptGIyn4JImloAyBr3C+0BZUtlpt:+tu+4ZmKb0BZU7+IynR0BZU7

Score

10^/10

persistence

Malware Config

Signatures

Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 12 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dpkmal32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Ofkgcobj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Cgqlcg32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dpiplm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dpiplm32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dkndie32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Dkndie32.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Dpkmal32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\Web Event Logger = "{79FEACFF-FFCE-815E-A900-316290B5B738}"	Ofkgcobj.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad	Cgqlcg32.exe

Executes dropped EXE 6 IoCs

pid	Process
3824	Ofkgcobj.exe
3648	Cgqlcg32.exe
2240	Dpiplm32.exe
3120	Dkndie32.exe
4500	Dpkmal32.exe
4436	Dkqaoe32.exe

Drops file in System32 directory 18 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Dpkmal32.exe	Dkndie32.exe
File created	C:\Windows\SysWOW64\Omjbpn32.dll	Dkndie32.exe
File created	C:\Windows\SysWOW64\Cgqlcg32.exe	Ofkgcobj.exe
File created	C:\Windows\SysWOW64\Jhijep32.dll	Ofkgcobj.exe
File created	C:\Windows\SysWOW64\Dkndie32.exe	Dpiplm32.exe
File created	C:\Windows\SysWOW64\Dpkmal32.exe	Dkndie32.exe
File opened for modification	C:\Windows\SysWOW64\Dkqaoe32.exe	Dpkmal32.exe
File created	C:\Windows\SysWOW64\Glfdiedd.dll	Dpkmal32.exe
File opened for modification	C:\Windows\SysWOW64\Cgqlcg32.exe	Ofkgcobj.exe
File created	C:\Windows\SysWOW64\Hcjnlmph.dll	Cgqlcg32.exe
File created	C:\Windows\SysWOW64\Mnpofk32.dll	Dpiplm32.exe
File created	C:\Windows\SysWOW64\Dpiplm32.exe	Cgqlcg32.exe
File opened for modification	C:\Windows\SysWOW64\Dkndie32.exe	Dpiplm32.exe
File created	C:\Windows\SysWOW64\Dgegjnih.dll	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
File opened for modification	C:\Windows\SysWOW64\Dpiplm32.exe	Cgqlcg32.exe
File created	C:\Windows\SysWOW64\Dkqaoe32.exe	Dpkmal32.exe
File created	C:\Windows\SysWOW64\Ofkgcobj.exe	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
File opened for modification	C:\Windows\SysWOW64\Ofkgcobj.exe	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1988	4436	WerFault.exe	95

Modifies registry class 21 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Hcjnlmph.dll"	Cgqlcg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Cgqlcg32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Mnpofk32.dll"	Dpiplm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dpiplm32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dkndie32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Omjbpn32.dll"	Dkndie32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dpkmal32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Jhijep32.dll"	Ofkgcobj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Ofkgcobj.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dpkmal32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Ofkgcobj.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	Dkndie32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Dgegjnih.dll"	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ThreadingModel = "Apartment"	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Cgqlcg32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32	Dpiplm32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\ = "C:\\Windows\\SysWow64\\Glfdiedd.dll"	Dpkmal32.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1820 wrote to memory of 3824	1820	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe	89
PID 1820 wrote to memory of 3824	1820	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe	89
PID 1820 wrote to memory of 3824	1820	NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe	89
PID 3824 wrote to memory of 3648	3824	Ofkgcobj.exe	91
PID 3824 wrote to memory of 3648	3824	Ofkgcobj.exe	91
PID 3824 wrote to memory of 3648	3824	Ofkgcobj.exe	91
PID 3648 wrote to memory of 2240	3648	Cgqlcg32.exe	92
PID 3648 wrote to memory of 2240	3648	Cgqlcg32.exe	92
PID 3648 wrote to memory of 2240	3648	Cgqlcg32.exe	92
PID 2240 wrote to memory of 3120	2240	Dpiplm32.exe	93
PID 2240 wrote to memory of 3120	2240	Dpiplm32.exe	93
PID 2240 wrote to memory of 3120	2240	Dpiplm32.exe	93
PID 3120 wrote to memory of 4500	3120	Dkndie32.exe	94
PID 3120 wrote to memory of 4500	3120	Dkndie32.exe	94
PID 3120 wrote to memory of 4500	3120	Dkndie32.exe	94
PID 4500 wrote to memory of 4436	4500	Dpkmal32.exe	95
PID 4500 wrote to memory of 4436	4500	Dpkmal32.exe	95
PID 4500 wrote to memory of 4436	4500	Dpkmal32.exe	95

C:\Users\Admin\AppData\Local\Temp\NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.adf6378fa3ce8b5036263b43614dfdb0_JC.exe"
1⤵
- Adds autorun key to be loaded by Explorer.exe on startup
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1820
- C:\Windows\SysWOW64\Ofkgcobj.exe
  C:\Windows\system32\Ofkgcobj.exe
  2⤵
  - Adds autorun key to be loaded by Explorer.exe on startup
  - Executes dropped EXE
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:3824
- - C:\Windows\SysWOW64\Cgqlcg32.exe
    C:\Windows\system32\Cgqlcg32.exe
    3⤵
    - Adds autorun key to be loaded by Explorer.exe on startup
    - Executes dropped EXE
    - Drops file in System32 directory
    - Modifies registry class
    - Suspicious use of WriteProcessMemory
    PID:3648
  - - C:\Windows\SysWOW64\Dpiplm32.exe
      C:\Windows\system32\Dpiplm32.exe
      4⤵
      Adds autorun key to be loaded by Explorer.exe on startup
      Executes dropped EXE
      Drops file in System32 directory
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2240
    - - C:\Windows\SysWOW64\Dkndie32.exe
        
        C:\Windows\system32\Dkndie32.exe
        5⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:3120
      - C:\Windows\SysWOW64\Dpkmal32.exe
        
        C:\Windows\system32\Dpkmal32.exe
        6⤵
        Adds autorun key to be loaded by Explorer.exe on startup
        Executes dropped EXE
        Drops file in System32 directory
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4500
        
        C:\Windows\SysWOW64\Dkqaoe32.exe
        
        C:\Windows\system32\Dkqaoe32.exe
        7⤵
        Executes dropped EXE
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 400
        8⤵
        Program crash
        
        PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4436 -ip 4436
1⤵
PID:1668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Cgqlcg32.exe

Filesize
224KB

MD5
90f1cc3b4e9ae72267adf1576a67341a

SHA1
cc1350f1323a8307a188244c3edb912c72497649

SHA256
b55136f99201ddaefb117ee9ace63d9e9c8bb2d22e06d6bcf8d1803ee8fbf4c2

SHA512
b948f4cd56d578301e186fa0eeb17525fa6a64287a8390b3e2fdd106ee94f328100725ce872e2f2b14a924d6ca6f707158ab692beaceeb13d1fc68ea8f97a315

Download Submit
C:\Windows\SysWOW64\Cgqlcg32.exe

Filesize
224KB

MD5
90f1cc3b4e9ae72267adf1576a67341a

SHA1
cc1350f1323a8307a188244c3edb912c72497649

SHA256
b55136f99201ddaefb117ee9ace63d9e9c8bb2d22e06d6bcf8d1803ee8fbf4c2

SHA512
b948f4cd56d578301e186fa0eeb17525fa6a64287a8390b3e2fdd106ee94f328100725ce872e2f2b14a924d6ca6f707158ab692beaceeb13d1fc68ea8f97a315

Download Submit
C:\Windows\SysWOW64\Dkndie32.exe

Filesize
224KB

MD5
020fc1c6636cd3c9f60c908332714d30

SHA1
691dc0597fcedfffea3c4b7c2a85d4a6be7e20d8

SHA256
b43c6bfbc290ab55ec18ea1946cb37ffcfc51fb2bdfc4e760353b724ce043f94

SHA512
f35d97739ab3d0cdab90c479d6879f036e0ac7b93174e292d2c38664b01aef8b36769c609d11a69644520f891e79d839aa5fc6e560552fd80b1d956cf36ee35d

Download Submit
C:\Windows\SysWOW64\Dkndie32.exe

Filesize
224KB

MD5
020fc1c6636cd3c9f60c908332714d30

SHA1
691dc0597fcedfffea3c4b7c2a85d4a6be7e20d8

SHA256
b43c6bfbc290ab55ec18ea1946cb37ffcfc51fb2bdfc4e760353b724ce043f94

SHA512
f35d97739ab3d0cdab90c479d6879f036e0ac7b93174e292d2c38664b01aef8b36769c609d11a69644520f891e79d839aa5fc6e560552fd80b1d956cf36ee35d

Download Submit
C:\Windows\SysWOW64\Dkqaoe32.exe

Filesize
224KB

MD5
2e5d5292f25cf43af19cf08b74c8ee2d

SHA1
b230359640d84d6139297ca623bbd75487551f40

SHA256
76a0d4c22e85050482544710a9308d2a7b05c0bc734fc79202939a1a03bc6341

SHA512
1d9d00a68b093e1f654ad1909c18bef5ca3482ffc150d005f0b8a44f5b7bee21647cffe7cd365f483e8ef5eff752e9c4fe3758a9f0858a264bcae51005f7c0dd

Download Submit
C:\Windows\SysWOW64\Dkqaoe32.exe

Filesize
224KB

MD5
2e5d5292f25cf43af19cf08b74c8ee2d

SHA1
b230359640d84d6139297ca623bbd75487551f40

SHA256
76a0d4c22e85050482544710a9308d2a7b05c0bc734fc79202939a1a03bc6341

SHA512
1d9d00a68b093e1f654ad1909c18bef5ca3482ffc150d005f0b8a44f5b7bee21647cffe7cd365f483e8ef5eff752e9c4fe3758a9f0858a264bcae51005f7c0dd

Download Submit
C:\Windows\SysWOW64\Dpiplm32.exe

Filesize
224KB

MD5
eeeaef8a855a6abc48ce8b583b2cb188

SHA1
586dd6db8b82cf63cc08ebdb558d75b393258aa4

SHA256
5a381a842ac732500d6c2b1aa9f53ba4500bf02007b4c68d2235167cc49bcfe7

SHA512
e966843a1fe458cc5c50ad4567c26f19f132f56243c8e20267a1778ae6f0d9b5abff5c75973366474ff9c0b091a5d71c5f4377a246a142b42f70c2b309e2e7f8

Download Submit
C:\Windows\SysWOW64\Dpiplm32.exe

Filesize
224KB

MD5
eeeaef8a855a6abc48ce8b583b2cb188

SHA1
586dd6db8b82cf63cc08ebdb558d75b393258aa4

SHA256
5a381a842ac732500d6c2b1aa9f53ba4500bf02007b4c68d2235167cc49bcfe7

SHA512
e966843a1fe458cc5c50ad4567c26f19f132f56243c8e20267a1778ae6f0d9b5abff5c75973366474ff9c0b091a5d71c5f4377a246a142b42f70c2b309e2e7f8

Download Submit
C:\Windows\SysWOW64\Dpkmal32.exe

Filesize
224KB

MD5
152b961e4584f9c510a7ed465f70e1b5

SHA1
bd2123cbcce7b1104fb5c836caa3c52ef7aba590

SHA256
358f0d667dc14a729011be7c6000681fc4af9d5d816478680c5f21e9a1deffb9

SHA512
aa9f4d070cacb36431780c35cd86a218f4b25e8219eafbb1c57cddd2abef4f243c387490038809b41ec9b16442dbf05004a0861a6d2d5b3c4f964154562ac6bb

Download Submit
C:\Windows\SysWOW64\Dpkmal32.exe

Filesize
224KB

MD5
152b961e4584f9c510a7ed465f70e1b5

SHA1
bd2123cbcce7b1104fb5c836caa3c52ef7aba590

SHA256
358f0d667dc14a729011be7c6000681fc4af9d5d816478680c5f21e9a1deffb9

SHA512
aa9f4d070cacb36431780c35cd86a218f4b25e8219eafbb1c57cddd2abef4f243c387490038809b41ec9b16442dbf05004a0861a6d2d5b3c4f964154562ac6bb

Download Submit
C:\Windows\SysWOW64\Ofkgcobj.exe

Filesize
224KB

MD5
6bc15550811ab6bd67d8ff8a34fc1186

SHA1
77b0fa55b5e50f85ad62e5d0784097dff18b4ac1

SHA256
52b485daad4b5b3d41f5bfaa96749845ade0ae34cadcdce58ed83400eb0fe327

SHA512
5fcada927e43387f4b841280ed9388531f85d951d63d3e4f8e32fe29de065013e84494505e7a81cbcde0656775d2b45285f5dca8705df92ee88782fc50e53c7e

Download Submit
C:\Windows\SysWOW64\Ofkgcobj.exe

Filesize
224KB

MD5
6bc15550811ab6bd67d8ff8a34fc1186

SHA1
77b0fa55b5e50f85ad62e5d0784097dff18b4ac1

SHA256
52b485daad4b5b3d41f5bfaa96749845ade0ae34cadcdce58ed83400eb0fe327

SHA512
5fcada927e43387f4b841280ed9388531f85d951d63d3e4f8e32fe29de065013e84494505e7a81cbcde0656775d2b45285f5dca8705df92ee88782fc50e53c7e

Download Submit
memory/1820-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1820-8-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/1820-1-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2240-25-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2240-54-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3120-38-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3648-22-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3824-10-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3824-56-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4436-50-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4500-42-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/4500-52-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads