glupteba | 854361739b523e51e16c164e54bc99334034c9bfa076bba96397cd81d7b63c93

Analysis

max time kernel
2s
max time network
298s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
11/12/2023, 05:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

854361739b523e51e16c164e54bc99334034c9bfa076bba96397cd81d7b63c93.exe
Size

4.2MB
MD5

1b9c104ac68d0567528307e4c2532bea
SHA1

cde18facc1851797579dbe9e99feb530ad62e4e6
SHA256

854361739b523e51e16c164e54bc99334034c9bfa076bba96397cd81d7b63c93
SHA512

c75c4e41ec608239c19bc914eab4b24f4521d2c8fef4657af7a6c7eef1b7df5c5ac8dbae764354e35e73e75832ea2d818f4390d69d741fda69818dc6bdb2dcc2
SSDEEP

98304:HhIY/ZhLKAyhXkyfIxGIUjZH7NKtRGgkLyv9SplBkwScPAK1:HbCAyhXOxGIoZH7/W1klqwSe1

Score

10^/10

glupteba dropper evasion loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 5 IoCs

resource	yara_rule
behavioral2/memory/656-2-0x00000000031E0000-0x0000000003ACB000-memory.dmp	family_glupteba
behavioral2/memory/656-300-0x0000000000400000-0x0000000000F86000-memory.dmp	family_glupteba
behavioral2/memory/2644-1050-0x0000000003500000-0x0000000003DEB000-memory.dmp	family_glupteba
behavioral2/memory/2644-1798-0x0000000000400000-0x0000000000F86000-memory.dmp	family_glupteba
behavioral2/memory/2644-1808-0x0000000000400000-0x0000000000F86000-memory.dmp	family_glupteba

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
1096	netsh.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000700000001abab-1804.dat	upx
behavioral2/files/0x000700000001abab-1802.dat	upx
behavioral2/files/0x000700000001abab-1805.dat	upx
behavioral2/memory/4972-1807-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/4180-1809-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/4180-1813-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4232	sc.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2396	schtasks.exe
1944	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\854361739b523e51e16c164e54bc99334034c9bfa076bba96397cd81d7b63c93.exe
"C:\Users\Admin\AppData\Local\Temp\854361739b523e51e16c164e54bc99334034c9bfa076bba96397cd81d7b63c93.exe"
1⤵
PID:656
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  PID:4828
- C:\Users\Admin\AppData\Local\Temp\854361739b523e51e16c164e54bc99334034c9bfa076bba96397cd81d7b63c93.exe
  "C:\Users\Admin\AppData\Local\Temp\854361739b523e51e16c164e54bc99334034c9bfa076bba96397cd81d7b63c93.exe"
  2⤵
  PID:3116
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:208
- - C:\Windows\System32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:4280
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:2924
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:2548
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:2644
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:3476
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:4832
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:3112
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:2396
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:4460
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:1944
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:4972
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        5⤵
        
        PID:4880
      - C:\Windows\SysWOW64\sc.exe
        
        sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
        6⤵
        Launches sc.exe
        
        PID:4232

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
1⤵
- Modifies Windows Firewall
PID:1096

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_51ircs2n.hjb.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
9KB

MD5
7ac6e231f3dec21a2592289c4e7a7d93

SHA1
b6eba87c11092d6d2e4435c8af6f5887f744bdac

SHA256
20ea834eb9718596039271e91fdacab6a9a7573c0f1e0f547cefa7c331ab97a4

SHA512
ecc7b278a01dd997bedd344875cfe37c8b28ca4fa7f5e50224c056f054419939879ce09c50e74bdb29a44115cb498dd66452392add5430044b5da84ce758ad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
128KB

MD5
6a862244b16a36a38a28b6c2ef79fd5e

SHA1
043522ba63d17b74f288dd464e1668100da05b46

SHA256
19da4dc904912303b03bf9d9dbb066ace09a38e4b5e2ecca9fd04963a35cacf9

SHA512
ac86c52c6db86183dc8e52064c6bffdcd3c50f1c08341359c345e916c9e29626fdfc19997767287344e4a197fd3034f3ead5570eed0c843340dee69aba1b15c6

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
1c19c16e21c97ed42d5beabc93391fc5

SHA1
8ad83f8e0b3acf8dfbbf87931e41f0d664c4df68

SHA256
1bcd97396c83babfe6c5068ba590d7a3f8b70e72955a9d1e4070648e404cbf05

SHA512
7d18776d8f649b3d29c182ff03efc6cea8b527542ee55304980f24577aae8b64e37044407776e220984346c3998ace5f8853afa58c8b38407482a728e9495e0c

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
17KB

MD5
0b1f7062487932bab4992a4880809ed5

SHA1
9660eaf08fd9f3f232d00fa02eb24b66b6dd9099

SHA256
999d1d2cf312ec86280acd4126554e095f49b46a63f6208e31c42f3366940683

SHA512
2763ffef37900ec5516aad63e7fcd0146f3ddde087328cc4f1f71e576bb26e12c88b9be5d5f9985019bff0cfdc7dac4c91022c02fbe650d486b0b7ead907f06e

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
18KB

MD5
b674df752c05a273bca0d058d174b10e

SHA1
12e3390f24d26fd584890ec06ec333e5ee4c2a45

SHA256
95b7179a1255ca3e1899fb4321d67acbc1bb7ab044f1b62265bb6dea355e5378

SHA512
1d3bc4b60a6fbe163e5f159924dfa34f7dcea418ade45f14af4c66974a0eb3ffc68d03314dcea6ca92da55271c7eb1d615e9973a409955e49c9e225e21a04530

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
18KB

MD5
12bf24d9e82a637d34270dc4a30c7f87

SHA1
f2092d739b1ad1438bac087195733d34a1d2aea5

SHA256
97764af507360b1f778fc5019ffdd3af38aa8d5587eb5888a5edd129aecf8ee9

SHA512
65f0308693576c72dc3dc196b7784351055c34e434cf093ed3783472c125cdc8cf4bb0ac69f91e3d0502d988184714183715e7ddcc19d9cd37ff3ff5bf1dd3f5

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
18KB

MD5
2defa7f3fabe148ef470b70dda92678a

SHA1
615d8030b8e6b87c5c59c37faf3239aa09c105ca

SHA256
c64b0061eb5ca18c5bc755827c7725d8d7fe00e5a9deeee879611f8984350da4

SHA512
d802fbe9ef00d0a3fef9084a9d797220f4ba58e4f9afdbab0645659676b61c49d52db37daa10d365693bd838bc85b21e82595bf2209b40b17fb606d62fa4e5fd

Download Submit
C:\Windows\rss\csrss.exe

Filesize
64KB

MD5
2dc6161a9e46313c68eac2cdd72660ba

SHA1
148ea67a0e95189602c2a7f6fc4496146754f73d

SHA256
8b8ebdaff69d92059c465144b8da09d367d59939bd80597fe0817b3e97d98cc2

SHA512
8cdbc8049cc1bd3656748f75b1aef29d3054a5d43b3099782ad7f113297936be98943229541bdaa5acc538e728de81c2a0a948eed952aa3bbe63502fe477dfbd

Download Submit
C:\Windows\rss\csrss.exe

Filesize
9KB

MD5
3fce41d3783cb5c31978464ac5040929

SHA1
dcd0887eec902e7812370808b02df338e3e0d188

SHA256
fa3982d62101d4dfb9f04af7f83997279dbbf19a1e967ede5aed38dfbe24782c

SHA512
ec4df595bd47aec1742026a9a8c6afff4e0d5508d92c790036052151ec9fc319c89d9a697dbaf5b372cbe55362948f124484b8f98c7018fb7399290ca53eb6f5

Download Submit
C:\Windows\windefender.exe

Filesize
122KB

MD5
1fddb2aaf9251145b66a66d6f604979c

SHA1
f104fec7504baf81a5d7043c661e69707269d549

SHA256
9134cd24b6f064166ba08928a70b1b4d2c634c504d67d2d1353441a62465f29b

SHA512
c44a3a31c1e8a61deb78b3e700e195710a90136180d2fba21ce4e24c07df42f8fdbfcee1b2b805df9be36b7f86d06d7261307bbe8370a21e1e0f4ff3a2d0832c

Download Submit
C:\Windows\windefender.exe

Filesize
200KB

MD5
53b704cba32049ed6681c6eedeef4826

SHA1
e7dade8086b75705f78f49e2c706fb8907ec2285

SHA256
46fa0244f470935d17c5ffd567f369d72e4687ef97148e0f305d362853ad4d40

SHA512
048178fddbde689f92aeade343c79a5b48fb920e3373b8edacfb51018d55d6c1f60c97ac496461918a5edcae2e104f072a778263333f785014341814c3b36278

Download Submit
C:\Windows\windefender.exe

Filesize
223KB

MD5
8f3e2ddaa2c8fa652dfcefc1cd5609d2

SHA1
901cf92ac4b8e855a91efda6368cb57d160f16da

SHA256
88e57b97caede434cddbc4effb5468dfa2d849feb63616abcf4433ed2b0da595

SHA512
8d3daab9438fe096ac28d059dc4957bc536aad280b85312b8b72ab2f9af56609bbb82c847388d54ed188751248d999bb67926dea474e20a3eb0f3082569dbf7e

Download Submit
memory/208-330-0x000000007F510000-0x000000007F520000-memory.dmp

Filesize
64KB

Download
memory/208-552-0x00000000733D0000-0x0000000073ABE000-memory.dmp

Filesize
6.9MB

Download
memory/208-307-0x00000000733D0000-0x0000000073ABE000-memory.dmp

Filesize
6.9MB

Download
memory/208-331-0x0000000070100000-0x000000007014B000-memory.dmp

Filesize
300KB

Download
memory/208-338-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/208-337-0x0000000009C40000-0x0000000009CE5000-memory.dmp

Filesize
660KB

Download
memory/208-332-0x0000000070150000-0x00000000704A0000-memory.dmp

Filesize
3.3MB

Download
memory/208-311-0x00000000088A0000-0x00000000088EB000-memory.dmp

Filesize
300KB

Download
memory/208-310-0x0000000008210000-0x0000000008560000-memory.dmp

Filesize
3.3MB

Download
memory/208-309-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/208-308-0x0000000005300000-0x0000000005310000-memory.dmp

Filesize
64KB

Download
memory/656-302-0x00000000031E0000-0x0000000003ACB000-memory.dmp

Filesize
8.9MB

Download
memory/656-300-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/656-1-0x0000000002DD0000-0x00000000031D6000-memory.dmp

Filesize
4.0MB

Download
memory/656-3-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/656-2-0x00000000031E0000-0x0000000003ACB000-memory.dmp

Filesize
8.9MB

Download
memory/2548-800-0x00000000081D0000-0x0000000008520000-memory.dmp

Filesize
3.3MB

Download
memory/2548-1042-0x00000000733D0000-0x0000000073ABE000-memory.dmp

Filesize
6.9MB

Download
memory/2548-829-0x0000000007480000-0x0000000007490000-memory.dmp

Filesize
64KB

Download
memory/2548-823-0x0000000070100000-0x000000007014B000-memory.dmp

Filesize
300KB

Download
memory/2548-824-0x0000000070170000-0x00000000704C0000-memory.dmp

Filesize
3.3MB

Download
memory/2548-801-0x00000000733D0000-0x0000000073ABE000-memory.dmp

Filesize
6.9MB

Download
memory/2548-802-0x0000000007480000-0x0000000007490000-memory.dmp

Filesize
64KB

Download
memory/2548-804-0x0000000007480000-0x0000000007490000-memory.dmp

Filesize
64KB

Download
memory/2644-1842-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1840-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1834-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1832-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1830-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1828-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1826-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1824-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1822-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1820-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1818-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1816-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1814-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1838-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1812-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1836-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1798-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1844-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1846-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1848-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1850-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1852-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1810-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1808-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1854-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1049-0x0000000003100000-0x00000000034F9000-memory.dmp

Filesize
4.0MB

Download
memory/2644-1050-0x0000000003500000-0x0000000003DEB000-memory.dmp

Filesize
8.9MB

Download
memory/2644-1051-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1856-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2644-1799-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/2924-578-0x0000000070150000-0x00000000704A0000-memory.dmp

Filesize
3.3MB

Download
memory/2924-556-0x00000000733D0000-0x0000000073ABE000-memory.dmp

Filesize
6.9MB

Download
memory/2924-796-0x00000000733D0000-0x0000000073ABE000-memory.dmp

Filesize
6.9MB

Download
memory/2924-577-0x0000000070100000-0x000000007014B000-memory.dmp

Filesize
300KB

Download
memory/2924-557-0x0000000004BA0000-0x0000000004BB0000-memory.dmp

Filesize
64KB

Download
memory/3116-583-0x0000000002B90000-0x0000000002F95000-memory.dmp

Filesize
4.0MB

Download
memory/3116-304-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/3116-303-0x0000000002B90000-0x0000000002F95000-memory.dmp

Filesize
4.0MB

Download
memory/3116-1046-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/3116-799-0x0000000000400000-0x0000000000F86000-memory.dmp

Filesize
11.5MB

Download
memory/3476-1078-0x0000000070060000-0x00000000700AB000-memory.dmp

Filesize
300KB

Download
memory/3476-1057-0x0000000007D00000-0x0000000008050000-memory.dmp

Filesize
3.3MB

Download
memory/3476-1055-0x0000000006FE0000-0x0000000006FF0000-memory.dmp

Filesize
64KB

Download
memory/3476-1059-0x0000000008530000-0x000000000857B000-memory.dmp

Filesize
300KB

Download
memory/3476-1056-0x0000000006FE0000-0x0000000006FF0000-memory.dmp

Filesize
64KB

Download
memory/3476-1054-0x0000000073330000-0x0000000073A1E000-memory.dmp

Filesize
6.9MB

Download
memory/4180-1813-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4180-1809-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/4828-6-0x00000000732D0000-0x00000000739BE000-memory.dmp

Filesize
6.9MB

Download
memory/4828-35-0x0000000008B40000-0x0000000008B7C000-memory.dmp

Filesize
240KB

Download
memory/4828-13-0x00000000082B0000-0x0000000008316000-memory.dmp

Filesize
408KB

Download
memory/4828-10-0x0000000007AA0000-0x00000000080C8000-memory.dmp

Filesize
6.2MB

Download
memory/4828-12-0x00000000079D0000-0x0000000007A36000-memory.dmp

Filesize
408KB

Download
memory/4828-299-0x00000000732D0000-0x00000000739BE000-memory.dmp

Filesize
6.9MB

Download
memory/4828-11-0x0000000007930000-0x0000000007952000-memory.dmp

Filesize
136KB

Download
memory/4828-15-0x00000000086D0000-0x00000000086EC000-memory.dmp

Filesize
112KB

Download
memory/4828-8-0x00000000053E0000-0x00000000053F0000-memory.dmp

Filesize
64KB

Download
memory/4828-9-0x00000000053E0000-0x00000000053F0000-memory.dmp

Filesize
64KB

Download
memory/4828-16-0x0000000008740000-0x000000000878B000-memory.dmp

Filesize
300KB

Download
memory/4828-14-0x0000000008380000-0x00000000086D0000-memory.dmp

Filesize
3.3MB

Download
memory/4828-66-0x0000000009880000-0x00000000098F6000-memory.dmp

Filesize
472KB

Download
memory/4828-73-0x000000000A660000-0x000000000A693000-memory.dmp

Filesize
204KB

Download
memory/4828-76-0x000000000A640000-0x000000000A65E000-memory.dmp

Filesize
120KB

Download
memory/4828-81-0x000000000A6A0000-0x000000000A745000-memory.dmp

Filesize
660KB

Download
memory/4828-75-0x0000000070030000-0x0000000070380000-memory.dmp

Filesize
3.3MB

Download
memory/4828-82-0x00000000053E0000-0x00000000053F0000-memory.dmp

Filesize
64KB

Download
memory/4828-74-0x000000006FFE0000-0x000000007002B000-memory.dmp

Filesize
300KB

Download
memory/4828-83-0x000000000A8C0000-0x000000000A954000-memory.dmp

Filesize
592KB

Download
memory/4828-276-0x000000000A820000-0x000000000A83A000-memory.dmp

Filesize
104KB

Download
memory/4828-281-0x000000000A800000-0x000000000A808000-memory.dmp

Filesize
32KB

Download
memory/4828-7-0x00000000051F0000-0x0000000005226000-memory.dmp

Filesize
216KB

Download
memory/4972-1807-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads