bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

Analysis

max time kernel
2s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2023, 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BruteL4-DDOS.exe
Size

11.5MB
MD5

cb885b1cae29af6524d341c65e486828
SHA1

ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256

bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA512

9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
SSDEEP

196608:it1/NlcaCs41CIpX5kuyN7PaxTCv3Dl6TzMjqWEocUlMh7G0B43aK8Uut3kWXWK9:C/YDj1CCh2zax+vz0mazUWG0q3pZU0vq

Score

10^/10

evasion pyinstaller themida trojan upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 1936 created 3488	1936	BruteL4-DDOS.exe	43

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral2/memory/1936-10-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp	themida
behavioral2/memory/1936-11-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp	themida
behavioral2/memory/1936-97-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp	themida
behavioral2/memory/3356-204-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp	themida

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0006000000023225-123.dat	upx
behavioral2/files/0x0006000000023222-140.dat	upx
behavioral2/files/0x0006000000023226-144.dat	upx
behavioral2/memory/728-146-0x00007FFBA2170000-0x00007FFBA2194000-memory.dmp	upx
behavioral2/memory/728-151-0x00007FFBA20F0000-0x00007FFBA2109000-memory.dmp	upx
behavioral2/memory/728-150-0x00007FFBA2160000-0x00007FFBA216D000-memory.dmp	upx
behavioral2/memory/728-147-0x00007FFBA2300000-0x00007FFBA230F000-memory.dmp	upx
behavioral2/files/0x000600000002321f-143.dat	upx
behavioral2/files/0x000600000002321f-142.dat	upx
behavioral2/files/0x0006000000023218-139.dat	upx
behavioral2/files/0x0006000000023218-138.dat	upx
behavioral2/memory/728-135-0x00007FFB8EF20000-0x00007FFB8F385000-memory.dmp	upx
behavioral2/files/0x0006000000023225-124.dat	upx
behavioral2/memory/728-155-0x00007FFBA2170000-0x00007FFBA2194000-memory.dmp	upx
behavioral2/memory/728-154-0x00007FFB8EF20000-0x00007FFB8F385000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1936	BruteL4-DDOS.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1936 set thread context of 3356	1936	BruteL4-DDOS.exe	90

Detects Pyinstaller 4 IoCs

pyinstaller

resource	yara_rule
behavioral2/files/0x0008000000023211-24.dat	pyinstaller
behavioral2/files/0x0008000000023211-87.dat	pyinstaller
behavioral2/files/0x0008000000023211-100.dat	pyinstaller
behavioral2/files/0x0008000000023211-122.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3356	1936	BruteL4-DDOS.exe	90
PID 1936 wrote to memory of 3356	1936	BruteL4-DDOS.exe	90
PID 1936 wrote to memory of 3356	1936	BruteL4-DDOS.exe	90
PID 1936 wrote to memory of 3356	1936	BruteL4-DDOS.exe	90
PID 1936 wrote to memory of 3356	1936	BruteL4-DDOS.exe	90
PID 1936 wrote to memory of 3356	1936	BruteL4-DDOS.exe	90
PID 1936 wrote to memory of 3356	1936	BruteL4-DDOS.exe	90
PID 1936 wrote to memory of 3356	1936	BruteL4-DDOS.exe	90
PID 1936 wrote to memory of 3356	1936	BruteL4-DDOS.exe	90

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3488
- C:\Users\Admin\AppData\Local\Temp\BruteL4-DDOS.exe
  C:\Users\Admin\AppData\Local\Temp\BruteL4-DDOS.exe 50.7.36.250
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:1936
- - C:\Users\Admin\AppData\Local\Temp\BruteL4DDOS.exe
    "C:\Users\Admin\AppData\Local\Temp\BruteL4DDOS.exe"
    3⤵
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\BruteL4DDOS.exe
      "C:\Users\Admin\AppData\Local\Temp\BruteL4DDOS.exe"
      4⤵
      PID:728
- C:\Users\Admin\AppData\Local\Temp\BruteL4-DDOS.exe
  C:\Users\Admin\AppData\Local\Temp\BruteL4-DDOS.exe 50.7.36.250
  2⤵
  PID:3356
- - C:\ProgramData\microsoft\MpDlpCmd.exe
    "C:\ProgramData\microsoft\MpDlpCmd.exe"
    3⤵
    PID:808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
1⤵
PID:2532
- C:\Windows\system32\mode.com
  mode 140, 40
  2⤵
  PID:2872

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
1⤵
PID:4556

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
1⤵
PID:64

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\MpDlpCmd.exe

Filesize
101KB

MD5
48d176927fc0022dfdb389de832a1afb

SHA1
7134458b63d27676c81a3bb4826349042a288dc8

SHA256
b72d7d09e0ed95c3cbb6e852a0378398a160fce8a715e384c72c22992c7a2c76

SHA512
e1f3a334f5e9d3e98fbf056b58ca4337d7a8a88bfc30bfc12a6329f08b240101df312cc96f74c8da25ecfed3257a919b43a6a1d9d1ecaee617355341da029e57

Download Submit
C:\ProgramData\Microsoft\MpDlpCmd.exe

Filesize
92KB

MD5
95a44bfdfb250144e9467969d4d05cc2

SHA1
78488728660375f7d118ee8dad12fe1bb920135c

SHA256
5b246709be3787e7b477166673c2b27e6c70207f423f0b9a84628db5d0ccc2c8

SHA512
fec58b4c1bcac008103bc080c7306e42a7bac628506795e0d2db831aeceabee6c4e21fbd94ffc438ff66643b8a973394a77b64eb3157357108426d18c8b90174

Download Submit
C:\ProgramData\microsoft\MpDlpCmd.exe

Filesize
99KB

MD5
0d0197cbac7d626157a4bad82273e7ef

SHA1
ec2e72dec7ab22012ae5235e21300c74702b6068

SHA256
cbd2df414872c8184a2bcc6b0e55f20cc21b312b3c7f610bcda076e7548f4c24

SHA512
aa6f3fb3b775c17ebbee2be51d19d4a1d30d9565d71d2900bdecec2e789495b622131fa6437a65450450711672fc950e762a36694007acb55e34f047edd39f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BruteL4-DDOS.exe.log

Filesize
859B

MD5
6e11a15fe4491ead2a94f64d3467be38

SHA1
9a8329fb71ddc89dae9aa174c0b44a1f646efd63

SHA256
087cf6355ae9fc71eea2493b30c6b10a6775f3dd68b2cb5e07fcc13461b74248

SHA512
6154e320e2556aef177fc5bfb4e5fe8fabe324af736b89db4db41e6dd51658f7f6a7d0f73c24dc6ccdc4edf14023f4a1ecd0908abac5b82cebd038a93b2fc106

Download Submit
C:\Users\Admin\AppData\Local\Temp\BruteL4DDOS.exe

Filesize
294KB

MD5
589222cd4793285367701d86b1dc9684

SHA1
528c638595774dd53b55d2f8fe628305010f8bac

SHA256
825df677e0c3c814cc84a2503fd690edff6605449d3c11d21c96b4ef91bdf6a9

SHA512
0ad0bf52b8ea3e6498fe440ad7d7f98d9c98119b3b7beb11090f7b10b1c641c3c040c3c2ef1008afa09cc0282d711a7a739a16a8b58c33935998236f503767fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\BruteL4DDOS.exe

Filesize
511KB

MD5
30b04b2e696bcacbbc66409220d07f43

SHA1
13eff60dcb46a2adbb036233b4680627f07e85d4

SHA256
737018eaf894090abedfb9726d5b7019d02f1e613ed317c24193d54fa6958e96

SHA512
a28f9d445e9567cc64d03f6f5c5f987246bb21e53b0dad6a5d150c464eb9125537bdfefed4cbd5c67026181a1730575deeeba39022709ca48b7d11325001f683

Download Submit
C:\Users\Admin\AppData\Local\Temp\BruteL4DDOS.exe

Filesize
179KB

MD5
feab9ce6f4fa854bfef2f7971a34c43a

SHA1
87afe443402a58d45ff1b639c569eeede2d9e996

SHA256
59f8837b8299e903e68442e2aef0d2492b1f0c1571a6a803f50e6b5486f99369

SHA512
ecdec2c79063b9c072c270bd1ba445d0fa346087ec8030a3c25151ab08e6f862cee5244f85680210f7fb779a731049017c1832c7a5f0874dc9f9c38fc2523395

Download Submit
C:\Users\Admin\AppData\Local\Temp\BruteL4DDOS.exe

Filesize
21KB

MD5
01be1734514d9f36cdd50b07a10a9e0b

SHA1
743b4569dcd2bfb03d70d3afe873d150a3bc2fcc

SHA256
e6ceb1c689fa8252b6ab6a7f24de2461a5e77e9dd8c3beb533ff718d915015c1

SHA512
daf4a9fb30b8156ee56af1dd3124cf1de8c42cc95add1d5b795f66d853df5914449c9188a53132cd6596ee57571b38e03a8ab79c757bd55b9edbd91f1bbbdd3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\VCRUNTIME140.dll

Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\VCRUNTIME140.dll

Filesize
35KB

MD5
058d5d7eb203c8a99042c5f3a5171a57

SHA1
826f8917a3678b47cc2a2097a5340773c84e8fdd

SHA256
1988905d6e11945cca9d62ea59479c7e54ae67e4ec360237f6270dffdf665724

SHA512
fd2383e2b442a073f505259f5409caa3cf8eaf358315bcbbe39afd590fe5f98e3f8647825daf5abda4a8ee895ee10dffd1323749db318780f5881ee31991e421

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_ctypes.pyd

Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_ctypes.pyd

Filesize
35KB

MD5
410c818711f1d3ffa4362d7e1ba4ea31

SHA1
75fbc8c9cd173b5e8b8118e2440b40b621625e78

SHA256
f9506c0f6bb6fe4993eeac809f574e294c1f091344c42970798507d110fa9ced

SHA512
06026ba5edd8cea73531958ec4021a94b8524d8e9785197de9bb3991c83a9d43f09f17adf71b9561e0104dc68aa616efb819279f3b794fe9b213036931165194

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_socket.pyd

Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\_socket.pyd

Filesize
14KB

MD5
243422511d3be703898afacba8dabc5e

SHA1
1747ac333cb97b321335f7339f000def6ee20643

SHA256
969beea3bd31d05bb6bca9c4a8b9227d2392c16cd61ef1a909fc8aa1ce6109d5

SHA512
d43cdff741b8049334ab44bd820c577f44e7fe2f38035fb5e42686a1f881c1dd5fe950e1f85d9a75764381769699b964ec1a3c74023c94e71337fed19971f9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\base_library.zip

Filesize
121KB

MD5
c2aba6a1c11006273f942e9c026cad40

SHA1
c8e584978b0232447f7aeb085cea6255314741f0

SHA256
9c5348a80f64eda8972eaeeeb0d58aee8d666b32df8d00b94044a486a2ee70b5

SHA512
73f9f11f25c476a7bb9b1f3a8c11ab2bb014eb2c2f0bd39c07112263fd280567abc736592f965146072e1036f83b59998e52cf5dd7392a5de25a952d87f510fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\libffi-7.dll

Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\python310.dll

Filesize
84KB

MD5
e679c2ca8455212b493bc37afb31d00f

SHA1
f0994a2dfe989ebf27e68b839c49a51dd0695632

SHA256
0c12b365ab6499cbba2a47c27c539c2727afb0edc72596a3a9588dd952d3681d

SHA512
c7a3a1a4ebfc19e9708bf76369894555e8fc2c76503f308697f1130ece82a790ca08feff89e558ec114f11506792b5fed886ea1f2aee694aece38475b42ec3b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\python310.dll

Filesize
140KB

MD5
263b1d0f5b10b64959e7031c90e0573b

SHA1
1a68289eaf2fd65e539b95456fc71f09b61035da

SHA256
c738c0ea9bf1527e22fc48f012f4201e7652ecc7da7260706b835b82c23c5194

SHA512
c25cd14d8774ba2fe66db096a334a835cd0ccd30e65736c290c54bf6c492a39efcd66dfcf0b1be12e6c09ea3d4aca72d845b8af960432f7abd65add0760e071d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI5362\select.pyd

Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ltzgco21.b4p.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/728-146-0x00007FFBA2170000-0x00007FFBA2194000-memory.dmp

Filesize
144KB

Download
memory/728-151-0x00007FFBA20F0000-0x00007FFBA2109000-memory.dmp

Filesize
100KB

Download
memory/728-150-0x00007FFBA2160000-0x00007FFBA216D000-memory.dmp

Filesize
52KB

Download
memory/728-147-0x00007FFBA2300000-0x00007FFBA230F000-memory.dmp

Filesize
60KB

Download
memory/728-135-0x00007FFB8EF20000-0x00007FFB8F385000-memory.dmp

Filesize
4.4MB

Download
memory/728-155-0x00007FFBA2170000-0x00007FFBA2194000-memory.dmp

Filesize
144KB

Download
memory/728-154-0x00007FFB8EF20000-0x00007FFB8F385000-memory.dmp

Filesize
4.4MB

Download
memory/808-191-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-219-0x00007FF4A9350000-0x00007FF4A9721000-memory.dmp

Filesize
3.8MB

Download
memory/808-188-0x00007FF4A9350000-0x00007FF4A9721000-memory.dmp

Filesize
3.8MB

Download
memory/808-190-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-192-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-187-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-189-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-211-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-217-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-237-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-218-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-231-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/808-225-0x0000000000770000-0x000000000165F000-memory.dmp

Filesize
14.9MB

Download
memory/1936-0-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp

Filesize
16.0MB

Download
memory/1936-12-0x000000001CE60000-0x000000001D6A4000-memory.dmp

Filesize
8.3MB

Download
memory/1936-72-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp

Filesize
16.0MB

Download
memory/1936-90-0x00007FFBAE6D0000-0x00007FFBAE999000-memory.dmp

Filesize
2.8MB

Download
memory/1936-97-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp

Filesize
16.0MB

Download
memory/1936-15-0x000000001DEA0000-0x000000001E6A6000-memory.dmp

Filesize
8.0MB

Download
memory/1936-92-0x00007FFB92250000-0x00007FFB92D11000-memory.dmp

Filesize
10.8MB

Download
memory/1936-14-0x000000001C9D0000-0x000000001C9E0000-memory.dmp

Filesize
64KB

Download
memory/1936-13-0x0000000003460000-0x0000000003466000-memory.dmp

Filesize
24KB

Download
memory/1936-71-0x00007FFB80010000-0x00007FFB80011000-memory.dmp

Filesize
4KB

Download
memory/1936-11-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp

Filesize
16.0MB

Download
memory/1936-9-0x00007FFB92250000-0x00007FFB92D11000-memory.dmp

Filesize
10.8MB

Download
memory/1936-10-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp

Filesize
16.0MB

Download
memory/1936-8-0x00007FFB80030000-0x00007FFB80031000-memory.dmp

Filesize
4KB

Download
memory/1936-7-0x00007FFBB0A30000-0x00007FFBB0C25000-memory.dmp

Filesize
2.0MB

Download
memory/1936-3-0x00007FFBAE6D0000-0x00007FFBAE999000-memory.dmp

Filesize
2.8MB

Download
memory/1936-5-0x00007FFBAE6D0000-0x00007FFBAE999000-memory.dmp

Filesize
2.8MB

Download
memory/1936-2-0x00007FFB80000000-0x00007FFB80002000-memory.dmp

Filesize
8KB

Download
memory/1936-1-0x00007FFBAE6D0000-0x00007FFBAE999000-memory.dmp

Filesize
2.8MB

Download
memory/1936-93-0x00007FFBB0A30000-0x00007FFBB0C25000-memory.dmp

Filesize
2.0MB

Download
memory/3356-73-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-153-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-91-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-96-0x00007FFBB09F0000-0x00007FFBB0A00000-memory.dmp

Filesize
64KB

Download
memory/3356-160-0x00007FFB92250000-0x00007FFB92D11000-memory.dmp

Filesize
10.8MB

Download
memory/3356-159-0x00007FF450F90000-0x00007FF451361000-memory.dmp

Filesize
3.8MB

Download
memory/3356-166-0x000000001E0C0000-0x000000001E0D0000-memory.dmp

Filesize
64KB

Download
memory/3356-167-0x000000001E0C0000-0x000000001E0D0000-memory.dmp

Filesize
64KB

Download
memory/3356-99-0x00007FFB92250000-0x00007FFB92D11000-memory.dmp

Filesize
10.8MB

Download
memory/3356-121-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-152-0x000000001E0C0000-0x000000001E0D0000-memory.dmp

Filesize
64KB

Download
memory/3356-149-0x000000001E0C0000-0x000000001E0D0000-memory.dmp

Filesize
64KB

Download
memory/3356-148-0x0000000003440000-0x0000000003462000-memory.dmp

Filesize
136KB

Download
memory/3356-98-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-94-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-88-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-84-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-193-0x0000000024C60000-0x0000000025406000-memory.dmp

Filesize
7.6MB

Download
memory/3356-195-0x000000001E0C0000-0x000000001E0D0000-memory.dmp

Filesize
64KB

Download
memory/3356-202-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-204-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp

Filesize
16.0MB

Download
memory/3356-205-0x00007FFB92250000-0x00007FFB92D11000-memory.dmp

Filesize
10.8MB

Download
memory/3356-76-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-75-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-74-0x00007FF450F90000-0x00007FF451361000-memory.dmp

Filesize
3.8MB

Download
memory/3356-70-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-21-0x00007FF7C7B90000-0x00007FF7C8B9C000-memory.dmp

Filesize
16.0MB

Download
memory/3356-20-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3356-16-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads