gozi | 84b16227e05b966470c3624cc9129296d73b96c11c90ff5d02a6aea8ab196b9e

General

Target

0196aa6b6e09389e94acafba9049fe5f.dll
Size

355KB
MD5

0196aa6b6e09389e94acafba9049fe5f
SHA1

6248bd71cc01f4dd0728bf8536c29aff31adb4ce
SHA256

84b16227e05b966470c3624cc9129296d73b96c11c90ff5d02a6aea8ab196b9e
SHA512

004683c3bcc190134f6715bef7fc1d788e3b7d02c68f6f51980433078be7c126f382fb2832d2668c23f234f9b6ab0d0e1e2e1d0dca33d9f40803f412f566c81a
SSDEEP

6144:BstpyZ+ANKcOVwmBfjdLz5kazt+x1gLY3TGAa7VGpwCu:BstpbA3OOmljdLGeZOGH7Cu

Score

10^/10

gozi 1500 banker isfb trojan

Malware Config

Extracted

Family

gozi

Extracted

Family

gozi

Botnet

1500

C2

gtr.antoinfer.com

app.bighomegl.at

Attributes

build
250204
exe_type
loader
server_id
580

rsa_pubkey.plain

aes.plain

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exeIEXPLORE.EXEIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b003a0338f3ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b0394a2b8f3ada01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "750978332"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 203de82d8f3ada01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31079055"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c0f093da428f4099809f3dbcc1bfee000000000200000000001066000000010000200000003e94f0ecff112bdeee2a925b6baceb72c31f942880769ce78e19d1d41cd59bea000000000e800000000200002000000031fd139fce4ca45c6cdcdd7e2603fc8b4429616460fa667cf48996514c3679a6200000003a73000c81e2c0aa4035343940cdb4b3c760a03ac3cc43504c9fc7bf70585fed4000000086a4cc5cc97c1ebfbeb3dcf4ade07dd43bfac95d831759067782563031278eb33e37682f3998a1e697af5d66b189df34568745ccb585cea13e16cf6424709d34	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c0f093da428f4099809f3dbcc1bfee00000000020000000000106600000001000020000000ba40df0ad07e899b037f4b3c35d259287047ba71298926ce5395a37bd263104f000000000e8000000002000020000000826edbf74574785ee330b3c96926cc03790ce0abb2a8d81125af94e1b41c3cc320000000183f2af6b601493a7a9fa4fe32ef0a8e4a53665f28a314a9ddab00f55b9618dc40000000e8bfa6234e3d3e2f6d328e1ba4352d02cd65d97bdb270158866e8b20c24504802bbabd0a6f2cffd3580deffd7b3f1ba6da225b771625d290b3f41b26f6780bd3	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c0f093da428f4099809f3dbcc1bfee000000000200000000001066000000010000200000000630b0073a31b4e3b58b823ac0ae65e4b4d5e3757d384a374a61554d2303d88a000000000e8000000002000020000000fbfc2e4898cd5685341735fb35a6f57034d6f4359ce59168c2e0479c551b55dc20000000386aa0139f32bf56dff195af13c89dbe5389b60d72063076f887d4ab613e246640000000a69afbd3427985c1ec3fc7f812763652c30ef1a25fea75840d8729377e6955492566df1cd76557a203b40d3a775f4cd0a9e3d8ca8ca4cefe0935859c9575a3c3	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31079055"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{7DAFAE1D-A682-11EE-9BE3-4ECC77D3B663} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "750978332"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{70120050-A682-11EE-9BE3-4ECC77D3B663} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000056c0f093da428f4099809f3dbcc1bfee000000000200000000001066000000010000200000005bd6528d9263f3dc0717b3431693d842bc10031de47d66de07bc1560444af2ce000000000e8000000002000020000000255800bb2252bcdad58648215ecea9c61601eda8f2fe45aea6e8b4bc629de713200000002b6daee546f50d71ac3f9bbf1cefa2e550009e64c6aef2f5c5c440ffdefe67cc40000000b04bd7de0c7b3ce300ca15681a09ae2aac80f002865045c28643eec59a6641c90d723547ab29056b37a93106307bc82c0968519bbadf5c7d641c92e4ac9235c5	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{8ADFAFAF-A682-11EE-9BE3-4ECC77D3B663} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{553601E8-A682-11EE-9BE3-4ECC77D3B663} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

iexplore.exeiexplore.exeiexplore.exeiexplore.exe

pid process

3616 iexplore.exe
2408 iexplore.exe
5036 iexplore.exe
4328 iexplore.exe

Suspicious use of SetWindowsHookEx 16 IoCs

Processes:

iexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXEiexplore.exeIEXPLORE.EXE

pid	process
3616	iexplore.exe
3616	iexplore.exe
4588	IEXPLORE.EXE
4588	IEXPLORE.EXE
2408	iexplore.exe
2408	iexplore.exe
5092	IEXPLORE.EXE
5092	IEXPLORE.EXE
5036	iexplore.exe
5036	iexplore.exe
3452	IEXPLORE.EXE
3452	IEXPLORE.EXE
4328	iexplore.exe
4328	iexplore.exe
3724	IEXPLORE.EXE
3724	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

rundll32.exeiexplore.exeiexplore.exeiexplore.exeiexplore.exe

description	pid	process	target process
PID 3528 wrote to memory of 4884	3528	rundll32.exe	rundll32.exe
PID 3528 wrote to memory of 4884	3528	rundll32.exe	rundll32.exe
PID 3528 wrote to memory of 4884	3528	rundll32.exe	rundll32.exe
PID 3616 wrote to memory of 4588	3616	iexplore.exe	IEXPLORE.EXE
PID 3616 wrote to memory of 4588	3616	iexplore.exe	IEXPLORE.EXE
PID 3616 wrote to memory of 4588	3616	iexplore.exe	IEXPLORE.EXE
PID 2408 wrote to memory of 5092	2408	iexplore.exe	IEXPLORE.EXE
PID 2408 wrote to memory of 5092	2408	iexplore.exe	IEXPLORE.EXE
PID 2408 wrote to memory of 5092	2408	iexplore.exe	IEXPLORE.EXE
PID 5036 wrote to memory of 3452	5036	iexplore.exe	IEXPLORE.EXE
PID 5036 wrote to memory of 3452	5036	iexplore.exe	IEXPLORE.EXE
PID 5036 wrote to memory of 3452	5036	iexplore.exe	IEXPLORE.EXE
PID 4328 wrote to memory of 3724	4328	iexplore.exe	IEXPLORE.EXE
PID 4328 wrote to memory of 3724	4328	iexplore.exe	IEXPLORE.EXE
PID 4328 wrote to memory of 3724	4328	iexplore.exe	IEXPLORE.EXE

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0196aa6b6e09389e94acafba9049fe5f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3528

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0196aa6b6e09389e94acafba9049fe5f.dll,#1
2⤵
PID:4884

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
PID:3036

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3616

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3616 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4588

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2408

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2408 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:5092

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5036

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5036 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3452

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4328

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4328 CREDAT:17410 /prefetch:2
2⤵
- Suspicious use of SetWindowsHookEx
PID:3724

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~DF5CA20A4307B2CCF8.TMP
Filesize
16KB

MD5
3e187f7bd2b71d3e7f7f24af69507691

SHA1
641770fd9b7741cee479ca000f744bcd3b19942b

SHA256
e3d204bf77be8f5ee0063219a87034c4102465925590a108ad855df68d5204f6

SHA512
147765775206ba649d457c38c54dac2420d0d856e7c0249a1bf7e041dcf296eb40e689b613ab1928960f9f722359e0d3cad6932bd4caae2f3a576c13618b0469

Download Submit
memory/4884-0-0x00000000753C0000-0x00000000754B4000-memory.dmp

Filesize
976KB

Download
memory/4884-1-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/4884-2-0x00000000753C0000-0x00000000754B4000-memory.dmp

Filesize
976KB

Download
memory/4884-3-0x00000000753C0000-0x00000000754B4000-memory.dmp

Filesize
976KB

Download
memory/4884-4-0x0000000001F00000-0x0000000001F0D000-memory.dmp

Filesize
52KB

Download
memory/4884-7-0x00000000753C0000-0x00000000754B4000-memory.dmp

Filesize
976KB

Download
memory/4884-8-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads