gozi | aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e

Analysis

max time kernel
2s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe
Size

2.9MB
MD5

e69948a6953a77464e92ac44fe945242
SHA1

d0b1569b0ca632defc74a6320658c0c1481f3ee1
SHA256

aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e
SHA512

f14f8a41c2e5dad21908eae3494cc1db049e223b19186379256695825b9918813e4cd34d73f43eba36fdfbfff6608d50bf2b98dbd45f17c4b3136bc6087c2952
SSDEEP

49152:xcBhEwJ84vLRaBtIl9mVJUv0E5ZpAR7px2jOT+lp4wC/+nDVHrP7gvUQI0QBJ:xbCvLUBsgI0gZpU7pcOT+rL+4JbWUQ8

Score

10^/10

gozi nullmixer smokeloader vidar 706 aspackv2 backdoor banker dropper isfb stealer trojan

Malware Config

Extracted

Family

vidar

Version

40.1

Botnet

706

https://eduarroma.tumblr.com/

Attributes

profile_id
706

Extracted

Family

nullmixer

http://watira.xyz/

Extracted

Family

smokeloader

Version

2020

http://varmisende.com/upload/

http://fernandomayol.com/upload/

http://nextlytm.com/upload/

http://people4jan.com/upload/

http://asfaltwerk.com/upload/

rc4.i32

Extracted

Family

gozi

Signatures

Gozi
Gozi is a well-known and widely distributed banking trojan.
banker trojan gozi
NullMixer
NullMixer is a malware dropper leading to an infection chain of a wide variety of malware families.
dropper nullmixer
SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Vidar Stealer 4 IoCs

stealer

resource	yara_rule
behavioral1/memory/1624-135-0x0000000002100000-0x000000000219D000-memory.dmp	family_vidar
behavioral1/memory/1624-138-0x0000000000400000-0x0000000001DDD000-memory.dmp	family_vidar
behavioral1/memory/1624-260-0x0000000000400000-0x0000000001DDD000-memory.dmp	family_vidar
behavioral1/memory/1624-269-0x0000000002100000-0x000000000219D000-memory.dmp	family_vidar

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x002f0000000155f6-42.dat	aspack_v212_v242

Executes dropped EXE 1 IoCs

pid	Process
2960	setup_install.exe

Loads dropped DLL 11 IoCs

pid	Process
2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe
2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe
2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe
2960	setup_install.exe
2960	setup_install.exe
2960	setup_install.exe
2960	setup_install.exe
2960	setup_install.exe
2960	setup_install.exe
2960	setup_install.exe
2960	setup_install.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
5	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2068	2960	WerFault.exe
2084	1624	WerFault.exe	35
1116	2084	WerFault.exe	51
864	2544	WerFault.exe	32
2352	2080	WerFault.exe	15
704	864	WerFault.exe	58

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2384	schtasks.exe

Runs regedit.exe 1 IoCs

pid	Process
2492	regedit.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2960	2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe	49
PID 2080 wrote to memory of 2960	2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe	49
PID 2080 wrote to memory of 2960	2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe	49
PID 2080 wrote to memory of 2960	2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe	49
PID 2080 wrote to memory of 2960	2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe	49
PID 2080 wrote to memory of 2960	2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe	49
PID 2080 wrote to memory of 2960	2080	aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe	49

C:\Users\Admin\AppData\Local\Temp\aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe
"C:\Users\Admin\AppData\Local\Temp\aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\7zS0280F116\setup_install.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS0280F116\setup_install.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2960
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 344
  2⤵
  - Program crash
  PID:2352

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
1⤵
PID:1736
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp"
  2⤵
  PID:1428

C:\Users\Admin\AppData\Local\Temp\7zS0280F116\Sun21caad43cbccfb.exe
Sun21caad43cbccfb.exe
1⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\is-EQCE6.tmp\Sun218856081dd1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-EQCE6.tmp\Sun218856081dd1.tmp" /SL5="$501F4,506086,422400,C:\Users\Admin\AppData\Local\Temp\7zS0280F116\Sun218856081dd1.exe"
1⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\7zS0280F116\Sun21dd3b887a3.exe
Sun21dd3b887a3.exe
1⤵
PID:2544
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 508
  2⤵
  - Program crash
  PID:864
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 624
    3⤵
    - Program crash
    PID:704

C:\Users\Admin\AppData\Local\Temp\7zS0280F116\Sun213b31a7e71d4cf6d.exe
Sun213b31a7e71d4cf6d.exe
1⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\7zS0280F116\Sun21688b2b2b63.exe
Sun21688b2b2b63.exe
1⤵
PID:1624
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 968
  2⤵
  - Program crash
  PID:2084
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 620
    3⤵
    - Program crash
    PID:1116

C:\Users\Admin\AppData\Local\Temp\7zS0280F116\Sun218856081dd1.exe
Sun218856081dd1.exe
1⤵
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 428
1⤵
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\7zS0280F116\Sun21ab69e87d0.exe
Sun21ab69e87d0.exe
1⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\7zS0280F116\Sun21cfc7686a.exe
Sun21cfc7686a.exe
1⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\7zS0280F116\Sun211972de1e.exe
Sun211972de1e.exe
1⤵
PID:2880

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Sun213b31a7e71d4cf6d.exe
1⤵
PID:2780

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Sun21ab69e87d0.exe
1⤵
PID:1944

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Sun21dd3b887a3.exe
1⤵
PID:1028

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Sun218856081dd1.exe
1⤵
PID:2572

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Sun21688b2b2b63.exe
1⤵
PID:2008

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Sun21caad43cbccfb.exe
1⤵
PID:2248

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Sun21cfc7686a.exe
1⤵
PID:3040

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c Sun211972de1e.exe
1⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\AAC0.exe
C:\Users\Admin\AppData\Local\Temp\AAC0.exe
1⤵
PID:2904
- C:\Windows\SysWOW64\explorer.exe
  C:\Windows\SysWOW64\explorer.exe
  2⤵
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\i9e7aug5awg_1.exe
    /suac
    3⤵
    PID:656
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\SysWOW64\regedit.exe"
      4⤵
      Runs regedit.exe
      PID:2492
  - - C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /CREATE /SC ONLOGON /TN "Windows Update Check - 0x1BB70478" /TR "C:\PROGRA~3\JAVAUP~1\I9E7AU~1.EXE" /RL HIGHEST
      4⤵
      Creates scheduled task(s)
      PID:2384

C:\Users\Admin\AppData\Local\Temp\BA5B.exe
C:\Users\Admin\AppData\Local\Temp\BA5B.exe
1⤵
PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\7zS0280F116\libcurlpp.dll

Filesize
54KB

MD5
e6e578373c2e416289a8da55f1dc5e8e

SHA1
b601a229b66ec3d19c2369b36216c6f6eb1c063e

SHA256
43e86d650a68f1f91fa2f4375aff2720e934aa78fa3d33e06363122bf5a9535f

SHA512
9df6a8c418113a77051f6cb02745ad48c521c13cdadb85e0e37f79e29041464c8c7d7ba8c558fdd877035eb8475b6f93e7fc62b38504ddfe696a61480cabac89

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0280F116\libwinpthread-1.dll

Filesize
69KB

MD5
1e0d62c34ff2e649ebc5c372065732ee

SHA1
fcfaa36ba456159b26140a43e80fbd7e9d9af2de

SHA256
509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723

SHA512
3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0280F116\setup_install.exe

Filesize
2.1MB

MD5
3303b0c75753ea25cf206b81ad24816b

SHA1
12a6265214cf693af00d14c3b720731abd20fd1e

SHA256
4c1704c1b7f10a459017319b867377a68d67e194c692d46baa5d1fb233b50c59

SHA512
97677fb7704d360e5e042c36bc8fb9bcfdbb93b3e966a20a4370ebd5c7527589f7ff4937fb75aaf9744e01a3db12000f0ba6e2027b673cb6538a986e6ed2a18f

Download Submit
\Users\Admin\AppData\Local\Temp\7zS0280F116\setup_install.exe

Filesize
1.2MB

MD5
3dd12ac7d7646dc795a9f83a1319278f

SHA1
17524430bad533834c77efa2d100cc121eae2813

SHA256
e62f966311737d05e1275d54ee409eabdd9504a171e0c213846679b63ff8c91b

SHA512
91d28005630ee724922457f3a73ac04b3f70fd149aff0ccf456cd885024e1be7aff204cd6932c44173028b300320d505d937ab7bc9b1b6d276c250f6fd003ef1

Download Submit
memory/772-318-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/772-300-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-336-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-334-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-333-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-332-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-335-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-338-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/772-356-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-354-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/772-299-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-340-0x0000000000530000-0x0000000000536000-memory.dmp

Filesize
24KB

Download
memory/772-317-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-303-0x0000000000530000-0x0000000000536000-memory.dmp

Filesize
24KB

Download
memory/772-304-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-305-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-306-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-315-0x00000000005F0000-0x00000000005FC000-memory.dmp

Filesize
48KB

Download
memory/772-314-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-313-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/772-301-0x00000000777C0000-0x0000000077941000-memory.dmp

Filesize
1.5MB

Download
memory/772-302-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/772-308-0x0000000000320000-0x00000000003E4000-memory.dmp

Filesize
784KB

Download
memory/1204-322-0x000000013F170000-0x000000013F835000-memory.dmp

Filesize
6.8MB

Download
memory/1204-227-0x0000000003990000-0x00000000039A5000-memory.dmp

Filesize
84KB

Download
memory/1204-323-0x000000013F170000-0x000000013F835000-memory.dmp

Filesize
6.8MB

Download
memory/1204-342-0x0000000077631000-0x0000000077632000-memory.dmp

Filesize
4KB

Download
memory/1428-324-0x000000013F170000-0x000000013F835000-memory.dmp

Filesize
6.8MB

Download
memory/1428-141-0x0000000073620000-0x0000000073BCB000-memory.dmp

Filesize
5.7MB

Download
memory/1428-142-0x00000000022B0000-0x00000000022F0000-memory.dmp

Filesize
256KB

Download
memory/1428-199-0x0000000073620000-0x0000000073BCB000-memory.dmp

Filesize
5.7MB

Download
memory/1548-155-0x0000000000400000-0x0000000000516000-memory.dmp

Filesize
1.1MB

Download
memory/1624-138-0x0000000000400000-0x0000000001DDD000-memory.dmp

Filesize
25.9MB

Download
memory/1624-260-0x0000000000400000-0x0000000001DDD000-memory.dmp

Filesize
25.9MB

Download
memory/1624-135-0x0000000002100000-0x000000000219D000-memory.dmp

Filesize
628KB

Download
memory/1624-275-0x0000000000280000-0x0000000000380000-memory.dmp

Filesize
1024KB

Download
memory/1624-269-0x0000000002100000-0x000000000219D000-memory.dmp

Filesize
628KB

Download
memory/1624-136-0x0000000000280000-0x0000000000380000-memory.dmp

Filesize
1024KB

Download
memory/1692-261-0x000007FEF5C80000-0x000007FEF666C000-memory.dmp

Filesize
9.9MB

Download
memory/1692-140-0x000000001B060000-0x000000001B0E0000-memory.dmp

Filesize
512KB

Download
memory/1692-276-0x000000001B060000-0x000000001B0E0000-memory.dmp

Filesize
512KB

Download
memory/1692-128-0x000007FEF5C80000-0x000007FEF666C000-memory.dmp

Filesize
9.9MB

Download
memory/1692-116-0x0000000000BB0000-0x0000000000BB8000-memory.dmp

Filesize
32KB

Download
memory/1692-352-0x00000000775E0000-0x0000000077789000-memory.dmp

Filesize
1.7MB

Download
memory/1936-361-0x00000000775E0000-0x0000000077789000-memory.dmp

Filesize
1.7MB

Download
memory/2080-337-0x0000000003020000-0x00000000030E4000-memory.dmp

Filesize
784KB

Download
memory/2248-343-0x0000000000200000-0x00000000002C4000-memory.dmp

Filesize
784KB

Download
memory/2748-358-0x0000000077631000-0x0000000077632000-memory.dmp

Filesize
4KB

Download
memory/2880-360-0x00000000004D0000-0x00000000004DC000-memory.dmp

Filesize
48KB

Download
memory/2880-359-0x00000000029F0000-0x0000000002AB4000-memory.dmp

Filesize
784KB

Download
memory/2904-286-0x0000000000360000-0x000000000036D000-memory.dmp

Filesize
52KB

Download
memory/2904-283-0x0000000000010000-0x000000000006D000-memory.dmp

Filesize
372KB

Download
memory/2904-311-0x0000000001C80000-0x0000000001CE6000-memory.dmp

Filesize
408KB

Download
memory/2904-285-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2904-290-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2904-298-0x0000000002500000-0x000000000250C000-memory.dmp

Filesize
48KB

Download
memory/2904-297-0x0000000001C80000-0x0000000001CE6000-memory.dmp

Filesize
408KB

Download
memory/2904-288-0x0000000001C80000-0x0000000001CE6000-memory.dmp

Filesize
408KB

Download
memory/2904-287-0x00000000777D0000-0x00000000777D1000-memory.dmp

Filesize
4KB

Download
memory/2904-284-0x0000000001C80000-0x0000000001CE6000-memory.dmp

Filesize
408KB

Download
memory/2904-312-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2912-129-0x000007FEF5C80000-0x000007FEF666C000-memory.dmp

Filesize
9.9MB

Download
memory/2912-139-0x000000001ADE0000-0x000000001AE60000-memory.dmp

Filesize
512KB

Download
memory/2912-262-0x000007FEF5C80000-0x000007FEF666C000-memory.dmp

Filesize
9.9MB

Download
memory/2912-117-0x00000000000F0000-0x000000000011E000-memory.dmp

Filesize
184KB

Download
memory/2912-270-0x000007FEF5C80000-0x000007FEF666C000-memory.dmp

Filesize
9.9MB

Download
memory/2912-132-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2916-235-0x0000000000240000-0x0000000000249000-memory.dmp

Filesize
36KB

Download
memory/2916-228-0x0000000000400000-0x0000000001D81000-memory.dmp

Filesize
25.5MB

Download
memory/2916-134-0x0000000000240000-0x0000000000249000-memory.dmp

Filesize
36KB

Download
memory/2916-133-0x0000000001E40000-0x0000000001F40000-memory.dmp

Filesize
1024KB

Download
memory/2916-137-0x0000000000400000-0x0000000001D81000-memory.dmp

Filesize
25.5MB

Download
memory/2960-236-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/2960-61-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/2960-49-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/2960-66-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/2960-56-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/2960-65-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/2960-46-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/2960-64-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/2960-57-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/2960-63-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/2960-55-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/2960-198-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/2960-62-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/2960-68-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/2960-58-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/2960-258-0x000000006EB40000-0x000000006EB63000-memory.dmp

Filesize
140KB

Download
memory/2960-237-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/2960-339-0x0000000000690000-0x0000000000754000-memory.dmp

Filesize
784KB

Download
memory/2960-67-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/2960-60-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/2960-254-0x0000000000400000-0x000000000051B000-memory.dmp

Filesize
1.1MB

Download
memory/2960-256-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/2960-257-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/3036-341-0x0000000002210000-0x00000000022D4000-memory.dmp

Filesize
784KB

Download
memory/3048-234-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/3048-99-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads