redline | be2d3b6889b9ca8882be65aff3224179df54c0599b2fad90bdb55e211024472e

Analysis

max time kernel
12s
max time network
171s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a96b4fac36efb0df7930f7fe19b9b6a.exe
Size

309KB
MD5

2a96b4fac36efb0df7930f7fe19b9b6a
SHA1

9bbc377eeb1f58002cfea817f78efa91b16e85ec
SHA256

be2d3b6889b9ca8882be65aff3224179df54c0599b2fad90bdb55e211024472e
SHA512

82ad01d52c443e62463a3140aded6b473c6dfdc03dd56609f67024b32bd37a8945131e0a7077855f59249da56994633e389a71c57d259c1d12c7ff04a5b3b8f4
SSDEEP

3072:nJJh6BbCqA4w//xQwRti4LT8yf6905sd1MvfN2FjGVr51VXNmfV8XBJ3dAQ:fkXAD2qDLKDyfN2ZgrTV9mfVSXdA

Score

10^/10

redline sectoprat @dashyknight infostealer rat trojan

Malware Config

Extracted

Family

redline

Botnet

@DashyKnight

80.89.229.97:7479

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000d0000000122a5-16.dat	family_redline
behavioral1/memory/2372-20-0x0000000000CA0000-0x0000000000CC2000-memory.dmp	family_redline

SectopRAT
SectopRAT is a remote access trojan first seen in November 2019.
trojan rat sectoprat

SectopRAT payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000d0000000122a5-16.dat	family_sectoprat
behavioral1/memory/2372-20-0x0000000000CA0000-0x0000000000CC2000-memory.dmp	family_sectoprat

Executes dropped EXE 2 IoCs

pid	Process
2828	WindowsDefender.exe
2372	XVisualStudio.exe

Loads dropped DLL 2 IoCs

pid	Process
2344	sihost32.exe
2344	sihost32.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2408	schtasks.exe
2800	schtasks.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2344 wrote to memory of 2828	2344	sihost32.exe	30
PID 2344 wrote to memory of 2828	2344	sihost32.exe	30
PID 2344 wrote to memory of 2828	2344	sihost32.exe	30
PID 2344 wrote to memory of 2828	2344	sihost32.exe	30
PID 2344 wrote to memory of 2372	2344	sihost32.exe	29
PID 2344 wrote to memory of 2372	2344	sihost32.exe	29
PID 2344 wrote to memory of 2372	2344	sihost32.exe	29
PID 2344 wrote to memory of 2372	2344	sihost32.exe	29

C:\Users\Admin\AppData\Local\Temp\2a96b4fac36efb0df7930f7fe19b9b6a.exe
"C:\Users\Admin\AppData\Local\Temp\2a96b4fac36efb0df7930f7fe19b9b6a.exe"
1⤵
PID:2344
- C:\Windows\SysWOW64\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\ERROR REPORT.txt
  2⤵
  PID:2820
- C:\Users\Admin\AppData\Local\Temp\XVisualStudio.exe
  "C:\Users\Admin\AppData\Local\Temp\XVisualStudio.exe"
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe
  "C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe"
  2⤵
  - Executes dropped EXE
  PID:2828
- - C:\Windows\system32\cmd.exe
    "cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
    3⤵
    PID:2756
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
      4⤵
      PID:2968
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
      4⤵
      PID:608
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
      4⤵
      PID:1068
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe"
    3⤵
    PID:2104

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
1⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\svchost32.exe
C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe"
1⤵
PID:1576
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"' & exit
  2⤵
  PID:2748
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\svchost32.exe"
  2⤵
  PID:1144
- C:\Windows\system32\services32.exe
  "C:\Windows\system32\services32.exe"
  2⤵
  PID:3032
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Windows\system32\services32.exe"
    3⤵
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\svchost32.exe
      C:\Users\Admin\AppData\Local\Temp\svchost32.exe "C:\Windows\system32\services32.exe"
      4⤵
      PID:2700
    - - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"' & exit
        5⤵
        
        PID:2844
      - C:\Windows\system32\schtasks.exe
        
        schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"'
        6⤵
        Creates scheduled task(s)
        
        PID:2800
    - - C:\Windows\system32\Microsoft\Telemetry\sihost32.exe
        
        "C:\Windows\system32\Microsoft\Telemetry\sihost32.exe"
        5⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2344
    - - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\svchost32.exe"
        5⤵
        
        PID:2576
      - C:\Windows\system32\choice.exe
        
        choice /C Y /N /D Y /T 3
        6⤵
        
        PID:2396

C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "services32" /tr '"C:\Windows\system32\services32.exe"'
1⤵
- Creates scheduled task(s)
PID:2408

C:\Windows\system32\choice.exe
choice /C Y /N /D Y /T 3
1⤵
PID:2420

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin'
1⤵
PID:544

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'
1⤵
PID:1076

C:\Windows\system32\cmd.exe
"cmd" /c powershell -Command Add-MpPreference -ExclusionPath '%UserProfile%' & powershell -Command Add-MpPreference -ExclusionPath '%AppData%' & powershell -Command Add-MpPreference -ExclusionPath '%Temp%' & powershell -Command Add-MpPreference -ExclusionPath '%SystemRoot%' & exit
1⤵
PID:1852
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
  2⤵
  PID:1148
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command Add-MpPreference -ExclusionPath 'C:\Windows'
  2⤵
  PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ERROR REPORT.txt

Filesize
617B

MD5
292806f9ebd655b601d4fe9e9c482d9f

SHA1
be73ffc844d1071a6a98131861c39e29ca5b8d8c

SHA256
c7c19f3cb0e3c8f820c36fa809d20ed776d2312314b81e1ccb6098fdc541c55e

SHA512
a3468990b4867f3722de1040cdd720cc72cfa590b3643db1aa6a8d5293e4a09f73c5f9f7f5914cd2bf5d0a1cdc6283e9396bfd90574a41003d8397fa67bcc6dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\WindowsDefender.exe

Filesize
365KB

MD5
4992fd42d05ce5ad226147c9d3546c46

SHA1
5bfe1b76ca55d841677592be9acbff400250efe2

SHA256
1ae0b1c8c75487c2d7048e00cf17824c891bdd731c5dd815cbdbe8752ee97319

SHA512
a21365037c04256241c6a23b6034f89e97493fafe49ef40ccb14ccb2db2a388793be25628b4d7e2cf8c134b39978319445cbc2323f3aa858312f60318895bcfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\XVisualStudio.exe

Filesize
115KB

MD5
044ea4b85761fdb858ac6dc759aa9b48

SHA1
041f98726799deef358e8f6f2b22c7604f981b09

SHA256
639824ecfdb0f6c8fdc7589d80c01a435400b6118735165c503714615f8dd6cd

SHA512
3b04dd5ebc6e12d4117cfffe6afd3a6952c198e58ac6ee1c94da2c677eeb0e515ae715af7a7e5b569b9987c0da7e8ea01775bfa8ff43a8611cabe330454a1bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost32.exe

Filesize
3KB

MD5
6cdbf9f4cf5f009af212787a3de94ce8

SHA1
2ff84f8bdd8a054dbdef0841244b7b81bf25f8e8

SHA256
f875caa0cd2ca404b3714e87e2232f66f4b89fe93ff4c8216ab3cfeb658d605c

SHA512
e976b9accee716fa33aef0914695b4c1dd69b662276687c918ad927bc2125455830a770725c0ced950b4bcb4591a26d2e32e1298c549e4dac611bb2d338903af

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost32.exe

Filesize
53KB

MD5
f831f2aa7e021911243f157174a955be

SHA1
ea59ca80240271e429d672507e0929cc59014e1d

SHA256
29fb40165016b0d4885f9560e6f01129401533152f1a4b7e771e09d66fbed149

SHA512
e5ab5e253670fe8c99677d7753f6c28546bafb24515e4b3de0ebb32c52ea2adc5de35aaae72bee67d99d407ec292eb4783dd40eed2a6ec8bef658eb973e511e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost32.exe

Filesize
92KB

MD5
3c1c0d9feaa55fe1e7ad3c3c7cf392a9

SHA1
5ccbb0102cf29cfcfcd3535866c81c986cb91f7f

SHA256
6e6b772c512c4d67f4df5baf6fd916246754b6fef1170c82cd3eeb07d285ebc5

SHA512
f05aa7f5e2f4a0268e532df8d7db92f46213b8c8cff08f7749cc5d57645ba6563fb965b2148023f946bf498bc1ab32dac4e9089e9dec42078d3c4c658f93b1aa

Download Submit
C:\Windows\System32\services32.exe

Filesize
124KB

MD5
e9c86a7b627665d16de4cb12ecc4e6d5

SHA1
962bace12b93c34585197633922053912eac26ff

SHA256
a01a777a427a891792c2fdabe0972295b1d3f3dac7371d19d5c5e9b97abe23a8

SHA512
d23808d0a3ca648302db008d6c332c87c062f51fcc30f5e222c5dab460d04ca832a2e0400d790581e0dc9c5eeb841ccf56ab4637cb95fed96dc22bb6949388a4

Download Submit
C:\Windows\System32\services32.exe

Filesize
89KB

MD5
49304aea37ec56475e25040d2170da64

SHA1
706ec8f93f4c3111672fc643b241c2ca7fedfb65

SHA256
2c7c854235b4c5662c578763793864a16b11dbfcbd9678a2d0b216085b3cf8fe

SHA512
444de08857bcada0cf7f26dad488514a9334666971b6e8c4b2853e57c59e937c33284c239f0655172be7b7f4516ce800faed41741998750faf9b4d387b6cde42

Download Submit
\Users\Admin\AppData\Local\Temp\WindowsDefender.exe

Filesize
418KB

MD5
06880138334dc59019276844e8fd39c2

SHA1
3948d3907dbbba5b4ffd109b2b212a2c42e30eec

SHA256
540dc86d9a7e0afb2b945ad6ae1804dd10d9711f6b03ac84e8abc6d9340328f7

SHA512
09b4e9aa35bcede4c77ab982482a196a82ef5871c9015c384738299f1267584019b73510c7fdd0bfc863c4898ba0db86decda509838fa9cc01b8f0dec23b2be5

Download Submit
\Users\Admin\AppData\Local\Temp\svchost32.exe

Filesize
28KB

MD5
64456933c4f2ff2a31e3d605af326649

SHA1
5bbae9ef578b466540f82dc54050885f53a28e82

SHA256
959644069e694be5291479a0b26816944d20a03e7f0cb5420aa6245de3696ec4

SHA512
d838a96fb920b1e6d7d62bdaa4417cc8b7292167793032563e38a2d9e321e5b9727f901a23586d7ff95a13d32ef60e8f88983d8deeb8601b9b86accdbbe73607

Download Submit
\Users\Admin\AppData\Local\Temp\svchost32.exe

Filesize
117KB

MD5
bbab39dfb953ecfc69ff561f5974b1b0

SHA1
79dca46fb777493ccd52e2625bd32dec74f40ed4

SHA256
39c8d6bcb27009984f54319ec0501112216803391ce881aabe880c99fde243f5

SHA512
4d621f5e832b949ec4a70eff7480063079955d9e5654a9f4b212ea4ac15d7496599c57b0183b0905a34cf6af9ae20c26d0b08bc66b2feabb7c5d9d29b2b05af9

Download Submit
\Windows\System32\services32.exe

Filesize
197KB

MD5
774d407cfa136c9410966b38f22ec91b

SHA1
f0928195e78b85b83eedfbd50c242c43117b5c7e

SHA256
6d0e20cbc90a4d6a671ba18acf7013de603a0194d6f8bfa832477fe853ddc431

SHA512
0dc181f80034698853373bc254524bb003a98213ff446a0e9d8bf03875a284f1a47d8803b3e8975c52c57e21a8814c527209639b11102497e19714000e623d59

Download Submit
memory/544-107-0x000007FEF2F50000-0x000007FEF38ED000-memory.dmp

Filesize
9.6MB

Download
memory/544-113-0x000007FEF2F50000-0x000007FEF38ED000-memory.dmp

Filesize
9.6MB

Download
memory/544-109-0x000007FEF2F50000-0x000007FEF38ED000-memory.dmp

Filesize
9.6MB

Download
memory/544-108-0x0000000002870000-0x00000000028F0000-memory.dmp

Filesize
512KB

Download
memory/544-112-0x0000000002870000-0x00000000028F0000-memory.dmp

Filesize
512KB

Download
memory/544-111-0x0000000002870000-0x00000000028F0000-memory.dmp

Filesize
512KB

Download
memory/544-110-0x0000000002870000-0x00000000028F0000-memory.dmp

Filesize
512KB

Download
memory/608-65-0x0000000002880000-0x0000000002900000-memory.dmp

Filesize
512KB

Download
memory/608-57-0x000000001B180000-0x000000001B462000-memory.dmp

Filesize
2.9MB

Download
memory/608-66-0x000007FEF2F50000-0x000007FEF38ED000-memory.dmp

Filesize
9.6MB

Download
memory/608-58-0x000007FEF2F50000-0x000007FEF38ED000-memory.dmp

Filesize
9.6MB

Download
memory/608-64-0x000007FEF2F50000-0x000007FEF38ED000-memory.dmp

Filesize
9.6MB

Download
memory/608-59-0x0000000002360000-0x0000000002368000-memory.dmp

Filesize
32KB

Download
memory/608-61-0x0000000002880000-0x0000000002900000-memory.dmp

Filesize
512KB

Download
memory/608-62-0x0000000002880000-0x0000000002900000-memory.dmp

Filesize
512KB

Download
memory/608-60-0x0000000002880000-0x0000000002900000-memory.dmp

Filesize
512KB

Download
memory/1068-80-0x000007FEF25B0000-0x000007FEF2F4D000-memory.dmp

Filesize
9.6MB

Download
memory/1068-72-0x000007FEF25B0000-0x000007FEF2F4D000-memory.dmp

Filesize
9.6MB

Download
memory/1068-79-0x0000000002950000-0x00000000029D0000-memory.dmp

Filesize
512KB

Download
memory/1068-75-0x0000000002950000-0x00000000029D0000-memory.dmp

Filesize
512KB

Download
memory/1068-77-0x000007FEF25B0000-0x000007FEF2F4D000-memory.dmp

Filesize
9.6MB

Download
memory/1068-76-0x0000000002950000-0x00000000029D0000-memory.dmp

Filesize
512KB

Download
memory/1068-74-0x0000000002950000-0x00000000029D0000-memory.dmp

Filesize
512KB

Download
memory/1576-89-0x0000000000640000-0x0000000000652000-memory.dmp

Filesize
72KB

Download
memory/1576-87-0x000000013FAE0000-0x000000013FB02000-memory.dmp

Filesize
136KB

Download
memory/1576-90-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/1576-91-0x00000000008F0000-0x0000000000970000-memory.dmp

Filesize
512KB

Download
memory/1576-100-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/2344-17-0x0000000074D00000-0x00000000752AB000-memory.dmp

Filesize
5.7MB

Download
memory/2344-0-0x0000000074D00000-0x00000000752AB000-memory.dmp

Filesize
5.7MB

Download
memory/2344-2-0x0000000001DF0000-0x0000000001E30000-memory.dmp

Filesize
256KB

Download
memory/2344-1-0x0000000074D00000-0x00000000752AB000-memory.dmp

Filesize
5.7MB

Download
memory/2372-81-0x0000000000BC0000-0x0000000000C00000-memory.dmp

Filesize
256KB

Download
memory/2372-20-0x0000000000CA0000-0x0000000000CC2000-memory.dmp

Filesize
136KB

Download
memory/2372-23-0x0000000072E30000-0x000000007351E000-memory.dmp

Filesize
6.9MB

Download
memory/2372-73-0x0000000072E30000-0x000000007351E000-memory.dmp

Filesize
6.9MB

Download
memory/2372-35-0x0000000000BC0000-0x0000000000C00000-memory.dmp

Filesize
256KB

Download
memory/2588-31-0x000007FEF2F50000-0x000007FEF38ED000-memory.dmp

Filesize
9.6MB

Download
memory/2588-33-0x000007FEF2F50000-0x000007FEF38ED000-memory.dmp

Filesize
9.6MB

Download
memory/2588-34-0x00000000025F0000-0x0000000002670000-memory.dmp

Filesize
512KB

Download
memory/2588-29-0x000000001B1E0000-0x000000001B4C2000-memory.dmp

Filesize
2.9MB

Download
memory/2588-37-0x000007FEF2F50000-0x000007FEF38ED000-memory.dmp

Filesize
9.6MB

Download
memory/2588-30-0x00000000023F0000-0x00000000023F8000-memory.dmp

Filesize
32KB

Download
memory/2588-32-0x00000000025F0000-0x0000000002670000-memory.dmp

Filesize
512KB

Download
memory/2588-36-0x00000000025F0000-0x0000000002670000-memory.dmp

Filesize
512KB

Download
memory/2828-22-0x0000000000540000-0x0000000000562000-memory.dmp

Filesize
136KB

Download
memory/2828-78-0x00000000007E0000-0x0000000000860000-memory.dmp

Filesize
512KB

Download
memory/2828-63-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/2828-19-0x000000013F720000-0x000000013F78C000-memory.dmp

Filesize
432KB

Download
memory/2828-88-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/2828-21-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/2828-24-0x00000000007E0000-0x0000000000860000-memory.dmp

Filesize
512KB

Download
memory/2968-44-0x00000000020D0000-0x00000000020D8000-memory.dmp

Filesize
32KB

Download
memory/2968-50-0x0000000002600000-0x0000000002680000-memory.dmp

Filesize
512KB

Download
memory/2968-43-0x000000001B1F0000-0x000000001B4D2000-memory.dmp

Filesize
2.9MB

Download
memory/2968-48-0x0000000002600000-0x0000000002680000-memory.dmp

Filesize
512KB

Download
memory/2968-49-0x0000000002600000-0x0000000002680000-memory.dmp

Filesize
512KB

Download
memory/2968-46-0x0000000002600000-0x0000000002680000-memory.dmp

Filesize
512KB

Download
memory/2968-47-0x000007FEF25B0000-0x000007FEF2F4D000-memory.dmp

Filesize
9.6MB

Download
memory/2968-45-0x000007FEF25B0000-0x000007FEF2F4D000-memory.dmp

Filesize
9.6MB

Download
memory/2968-51-0x000007FEF25B0000-0x000007FEF2F4D000-memory.dmp

Filesize
9.6MB

Download
memory/3032-101-0x000000001B640000-0x000000001B6C0000-memory.dmp

Filesize
512KB

Download
memory/3032-99-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

Filesize
9.9MB

Download
memory/3032-98-0x000000013F050000-0x000000013F0BC000-memory.dmp

Filesize
432KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads