eba63bf7d5f52fbd6a089d9214788931c0e66b44863af5561300918ae5861c2d

Analysis

max time kernel
6s
max time network
56s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24ff9b9bca562b45e9fa179f58a43eb9.exe
Size

302KB
MD5

24ff9b9bca562b45e9fa179f58a43eb9
SHA1

99f2b5a26ee367d533d46a328a37f61363cbdce0
SHA256

eba63bf7d5f52fbd6a089d9214788931c0e66b44863af5561300918ae5861c2d
SHA512

6c417fa9be47b6ca2ec077c251a48513152fd4931a3b0cf372b4f01054745389fcb0f418820d1113b0499bd5ccc3a7777df6ce76ecf79647cc03b4f2c5e71236
SSDEEP

6144:RYQ+h6SbSHuwuUFz12ubp57KJazL7lkW492uCcBKdHUmQ:F+DmMG12w57KJa37ljiKd0m

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
4964	24ff9b9bca562b45e9fa179f58a43eb9.exe

Executes dropped EXE 1 IoCs

pid	Process
4964	24ff9b9bca562b45e9fa179f58a43eb9.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1204-0-0x0000000000400000-0x00000000004E0000-memory.dmp	upx
behavioral2/memory/4964-15-0x0000000000400000-0x00000000004E0000-memory.dmp	upx
behavioral2/files/0x00050000000006e9-13.dat	upx

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	24ff9b9bca562b45e9fa179f58a43eb9.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	24ff9b9bca562b45e9fa179f58a43eb9.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	24ff9b9bca562b45e9fa179f58a43eb9.exe

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1204	24ff9b9bca562b45e9fa179f58a43eb9.exe

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1204	24ff9b9bca562b45e9fa179f58a43eb9.exe
4964	24ff9b9bca562b45e9fa179f58a43eb9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 4964	1204	24ff9b9bca562b45e9fa179f58a43eb9.exe	30
PID 1204 wrote to memory of 4964	1204	24ff9b9bca562b45e9fa179f58a43eb9.exe	30
PID 1204 wrote to memory of 4964	1204	24ff9b9bca562b45e9fa179f58a43eb9.exe	30

C:\Users\Admin\AppData\Local\Temp\24ff9b9bca562b45e9fa179f58a43eb9.exe
"C:\Users\Admin\AppData\Local\Temp\24ff9b9bca562b45e9fa179f58a43eb9.exe"
1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Users\Admin\AppData\Local\Temp\24ff9b9bca562b45e9fa179f58a43eb9.exe
  C:\Users\Admin\AppData\Local\Temp\24ff9b9bca562b45e9fa179f58a43eb9.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  - Modifies system certificate store
  - Suspicious use of UnmapMainImage
  PID:4964

Network

DNS

cutit.org

24ff9b9bca562b45e9fa179f58a43eb9.exe

Remote address:

8.8.8.8:53

Request

cutit.org

IN A

Response

cutit.org

IN A

64.91.240.248
DNS

cutit.org

24ff9b9bca562b45e9fa179f58a43eb9.exe

Remote address:

8.8.8.8:53

Request

cutit.org

IN A
DNS

19.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.177.190.20.in-addr.arpa

IN PTR

Response
DNS

19.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.177.190.20.in-addr.arpa

IN PTR
GET

https://cutit.org/oxgBR

24ff9b9bca562b45e9fa179f58a43eb9.exe

Remote address:

64.91.240.248:443

Request

GET /oxgBR HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Host: cutit.org
Cache-Control: no-cache

Response

HTTP/1.1 302 Moved Temporarily

Date: Fri, 05 Jan 2024 07:07:02 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9
X-Powered-By: PHP/5.4.16
Connection: close
Cache-Control: no-cache
Pragma: no-cache
Location: http://ww7.cutit.org/oxgBR?usid=25&utid=4585835740
Content-Length: 0
Content-Type: text/html; charset=UTF-8
DNS

248.240.91.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.240.91.64.in-addr.arpa

IN PTR

Response

248.240.91.64.in-addr.arpa

IN PTR

crocodile parklogiccom
DNS

248.240.91.64.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.240.91.64.in-addr.arpa

IN PTR
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR

Response

180.178.17.96.in-addr.arpa

IN PTR

a96-17-178-180deploystaticakamaitechnologiescom
DNS

180.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

180.178.17.96.in-addr.arpa

IN PTR
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR

Response
DNS

26.35.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.35.223.20.in-addr.arpa

IN PTR
DNS

40.13.222.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.13.222.173.in-addr.arpa

IN PTR

Response

40.13.222.173.in-addr.arpa

IN PTR

a173-222-13-40deploystaticakamaitechnologiescom
DNS

40.13.222.173.in-addr.arpa

Remote address:

8.8.8.8:53

Request

40.13.222.173.in-addr.arpa

IN PTR
DNS

ww7.cutit.org

Remote address:

8.8.8.8:53

Request

ww7.cutit.org

IN A

Response

ww7.cutit.org

IN CNAME

78626.bodis.com

78626.bodis.com

IN A

199.59.243.225
GET

http://ww7.cutit.org/oxgBR?usid=25&utid=4585835740

Remote address:

199.59.243.225:80

Request

GET /oxgBR?usid=25&utid=4585835740 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Cache-Control: no-cache
Host: ww7.cutit.org
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

date: Fri, 05 Jan 2024 07:07:02 GMT
content-type: text/html; charset=utf-8
content-length: 1097
x-request-id: ab31bfce-f817-4662-ab68-af4353c72a15
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_tF754yBjYRS0RbWLKfw4bjF0F70DyDWjVefVfccghjlPT/cfdXTE7auJx5Pi6iqypejzqZSG2YGc8PU2yrs5ww==
set-cookie: parking_session=ab31bfce-f817-4662-ab68-af4353c72a15; expires=Fri, 05 Jan 2024 07:22:03 GMT; path=/
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR

Response
DNS

146.78.124.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

146.78.124.51.in-addr.arpa

IN PTR
DNS

201.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.179.17.96.in-addr.arpa

IN PTR

Response

201.179.17.96.in-addr.arpa

IN PTR

a96-17-179-201deploystaticakamaitechnologiescom
DNS

201.179.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

201.179.17.96.in-addr.arpa

IN PTR
DNS

225.243.59.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

225.243.59.199.in-addr.arpa

IN PTR

Response
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR
DNS

59.128.231.4.in-addr.arpa

Remote address:

8.8.8.8:53

Request

59.128.231.4.in-addr.arpa

IN PTR
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response

64.91.240.248:443

https://cutit.org/oxgBR

tls, http

24ff9b9bca562b45e9fa179f58a43eb9.exe

1.2kB
4.1kB
16
11

HTTP Request

GET https://cutit.org/oxgBR

HTTP Response

302
199.59.243.225:80

http://ww7.cutit.org/oxgBR?usid=25&utid=4585835740

http

740 B
2.5kB
7
5

HTTP Request

GET http://ww7.cutit.org/oxgBR?usid=25&utid=4585835740

HTTP Response

200
138.91.171.81:80

104 B
2
204.79.197.200:443

tls

52 B
78 B
1
1
204.79.197.200:443

9.3kB
297.6kB
186
214
204.79.197.200:443

tls

771 B
8.1kB
11
11

8.8.8.8:53

cutit.org

dns

24ff9b9bca562b45e9fa179f58a43eb9.exe

110 B
71 B
2
1

DNS Request

cutit.org

DNS Request

cutit.org

DNS Response

64.91.240.248
8.8.8.8:53

19.177.190.20.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

19.177.190.20.in-addr.arpa

DNS Request

19.177.190.20.in-addr.arpa
8.8.8.8:53

248.240.91.64.in-addr.arpa

dns

144 B
109 B
2
1

DNS Request

248.240.91.64.in-addr.arpa

DNS Request

248.240.91.64.in-addr.arpa
8.8.8.8:53

180.178.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

180.178.17.96.in-addr.arpa

DNS Request

180.178.17.96.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

26.35.223.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

26.35.223.20.in-addr.arpa

DNS Request

26.35.223.20.in-addr.arpa
8.8.8.8:53

40.13.222.173.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

40.13.222.173.in-addr.arpa

DNS Request

40.13.222.173.in-addr.arpa
8.8.8.8:53

ww7.cutit.org

dns

59 B
104 B
1
1

DNS Request

ww7.cutit.org

DNS Response

199.59.243.225
8.8.8.8:53

146.78.124.51.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

146.78.124.51.in-addr.arpa

DNS Request

146.78.124.51.in-addr.arpa
8.8.8.8:53

201.179.17.96.in-addr.arpa

dns

144 B
137 B
2
1

DNS Request

201.179.17.96.in-addr.arpa

DNS Request

201.179.17.96.in-addr.arpa
8.8.8.8:53

225.243.59.199.in-addr.arpa

dns

73 B
131 B
1
1

DNS Request

225.243.59.199.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

59.128.231.4.in-addr.arpa

dns

142 B
2

DNS Request

59.128.231.4.in-addr.arpa

DNS Request

59.128.231.4.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\24ff9b9bca562b45e9fa179f58a43eb9.exe

Filesize
5KB

MD5
1c35891611373cae14d98f2ad8d20ceb

SHA1
49d5f2fae453b7399ede3b36816cc1153681e149

SHA256
fcd4aa89894e8e1dd114e686d54175a8289b8b28ef7489f30c89ac748a664460

SHA512
d4b98160e4f6c72479ad08e20db573542ed312e8f71f6bed5ac0fb357e7759cbbd4022a20d268199124b76ecd8cdf59e4f0fd5e5eafbaddc5c97c4223c2de0f4

Download Submit
memory/1204-0-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/1204-1-0x00000000014E0000-0x0000000001511000-memory.dmp

Filesize
196KB

Download
memory/1204-2-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/1204-14-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4964-15-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download
memory/4964-17-0x0000000021600000-0x0000000021631000-memory.dmp

Filesize
196KB

Download
memory/4964-16-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/4964-31-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.