metasploit | f00978e8456694b3548f25dde8b524ce6e4b0975494849cc35b88ada3f461111

Analysis

max time kernel
145s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 19:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa52d2b35d0a5669a54193a76d9fe9e1.exe
Size

1.7MB
MD5

aa52d2b35d0a5669a54193a76d9fe9e1
SHA1

0ba13b228b47c078f172bcac4355aa72a43a80e5
SHA256

f00978e8456694b3548f25dde8b524ce6e4b0975494849cc35b88ada3f461111
SHA512

ec8f8f98dd34605c5a9bfa1ba6413531fa7d21f9136da1687581adfd8c839ae12dd077867efde4e5d89ab8687eeca345ad72701567fc9f79a1daca9ff920cc80
SSDEEP

49152:IdYddVDK5hUOMQKk1Er1E8dYdQTEdYdknvKZvB4VJZreDVJZre2:NVDQgFOPnvip4VzAVzx

Score

10^/10

metasploit backdoor evasion persistence trojan

Malware Config

Extracted

Family

metasploit

Version

encoder/call4_dword_xor

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Modifies firewall policy service 2 TTPs 1 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files (x86)\Common Files\System\msn_kilo.exe = "C:\\Program Files (x86)\\Common Files\\System\\msn_kilo.exe:*:Enabled:WindowsSystem32"	msn_kilo.exe

Executes dropped EXE 12 IoCs

pid	Process
2116	WinInet.exe
2364	WinInet.exe
2836	msn_kilo.exe
2792	em.exe
2548	emo.exe
2732	em.exe
2564	msn_kilo.exe
2952	l33t.exe
584	emo.exe
1732	gf.exe
2820	explorer.exe
1716	explorer.exe

Loads dropped DLL 18 IoCs

pid	Process
2116	WinInet.exe
2364	WinInet.exe
2836	msn_kilo.exe
2836	msn_kilo.exe
2836	msn_kilo.exe
2792	em.exe
2836	msn_kilo.exe
2836	msn_kilo.exe
2548	emo.exe
2564	msn_kilo.exe
2564	msn_kilo.exe
2564	msn_kilo.exe
2820	explorer.exe
2820	explorer.exe
2820	explorer.exe
1716	explorer.exe
1716	explorer.exe
1716	explorer.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\WindowsSystem32 = "C:\\Program Files (x86)\\Common Files\\System\\msn_kilo.exe"	msn_kilo.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\SysWOW64\kernel23.dll	WinInet.exe
File created	C:\WINDOWS\SysWOW64\kernel23.dll	WinInet.exe

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 2116 set thread context of 2364	2116	WinInet.exe	29
PID 2792 set thread context of 2732	2792	em.exe	32
PID 2836 set thread context of 2564	2836	msn_kilo.exe	33
PID 2548 set thread context of 584	2548	emo.exe	35

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\System\msn_kilo.exe	WinInet.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msn_kilo.exe	WinInet.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msn_kilo.exe	msn_kilo.exe
File opened for modification	C:\Program Files (x86)\Common Files\System	msn_kilo.exe
File created	C:\Program Files (x86)\Common Files\System\msn_kilo.exe	msn_kilo.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msn_kilo.exe	msn_kilo.exe
File opened for modification	C:\Program Files (x86)\Common Files\System	WinInet.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\gf.exe	aa52d2b35d0a5669a54193a76d9fe9e1.exe
File opened for modification	C:\Windows\WinInet.exe	aa52d2b35d0a5669a54193a76d9fe9e1.exe
File opened for modification	C:\Windows\em.exe	aa52d2b35d0a5669a54193a76d9fe9e1.exe
File opened for modification	C:\Windows\WinInet.exe	WinInet.exe
File opened for modification	C:\Windows\emo.exe	aa52d2b35d0a5669a54193a76d9fe9e1.exe
File opened for modification	C:\Windows\em.exe	em.exe
File opened for modification	C:\Windows\l33t.exe	aa52d2b35d0a5669a54193a76d9fe9e1.exe
File opened for modification	C:\Windows\emo.exe	emo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe
2116	WinInet.exe
2836	msn_kilo.exe
2792	em.exe
2548	emo.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 2116	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	28
PID 1180 wrote to memory of 2116	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	28
PID 1180 wrote to memory of 2116	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	28
PID 1180 wrote to memory of 2116	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	28
PID 1180 wrote to memory of 2116	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	28
PID 1180 wrote to memory of 2116	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	28
PID 1180 wrote to memory of 2116	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	28
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2116 wrote to memory of 2364	2116	WinInet.exe	29
PID 2364 wrote to memory of 2836	2364	WinInet.exe	30
PID 2364 wrote to memory of 2836	2364	WinInet.exe	30
PID 2364 wrote to memory of 2836	2364	WinInet.exe	30
PID 2364 wrote to memory of 2836	2364	WinInet.exe	30
PID 2364 wrote to memory of 2836	2364	WinInet.exe	30
PID 2364 wrote to memory of 2836	2364	WinInet.exe	30
PID 2364 wrote to memory of 2836	2364	WinInet.exe	30
PID 1180 wrote to memory of 2792	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	31
PID 1180 wrote to memory of 2792	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	31
PID 1180 wrote to memory of 2792	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	31
PID 1180 wrote to memory of 2792	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	31
PID 1180 wrote to memory of 2792	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	31
PID 1180 wrote to memory of 2792	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	31
PID 1180 wrote to memory of 2792	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	31
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 2836 wrote to memory of 2564	2836	msn_kilo.exe	33
PID 2792 wrote to memory of 2732	2792	em.exe	32
PID 1180 wrote to memory of 2548	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	34
PID 1180 wrote to memory of 2548	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	34
PID 1180 wrote to memory of 2548	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	34
PID 1180 wrote to memory of 2548	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	34
PID 1180 wrote to memory of 2548	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	34
PID 1180 wrote to memory of 2548	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	34
PID 1180 wrote to memory of 2548	1180	aa52d2b35d0a5669a54193a76d9fe9e1.exe	34
PID 2792 wrote to memory of 2732	2792	em.exe	32

C:\Users\Admin\AppData\Local\Temp\aa52d2b35d0a5669a54193a76d9fe9e1.exe
"C:\Users\Admin\AppData\Local\Temp\aa52d2b35d0a5669a54193a76d9fe9e1.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Windows\WinInet.exe
  "C:\Windows\WinInet.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of SetThreadContext
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Windows\WinInet.exe
    C:\Windows\WinInet.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Program Files directory
    - Suspicious use of WriteProcessMemory
    PID:2364
  - - C:\Program Files (x86)\Common Files\System\msn_kilo.exe
      "C:\Program Files (x86)\Common Files\System\msn_kilo.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Drops file in Program Files directory
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Program Files (x86)\Common Files\System\msn_kilo.exe
        
        "C:\Program Files (x86)\Common Files\System\msn_kilo.exe"
        5⤵
        Modifies firewall policy service
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in Program Files directory
        
        PID:2564
- C:\Windows\em.exe
  "C:\Windows\em.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2792
- - C:\Windows\em.exe
    C:\Windows\em.exe
    3⤵
    - Executes dropped EXE
    PID:2732
- C:\Windows\emo.exe
  "C:\Windows\emo.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:2548
- - C:\Windows\emo.exe
    C:\Windows\emo.exe
    3⤵
    - Executes dropped EXE
    PID:584
- C:\Windows\l33t.exe
  "C:\Windows\l33t.exe"
  2⤵
  - Executes dropped EXE
  PID:2952
- - C:\Users\Admin\AppData\Local\Temp\explorer.exe
    "C:\Users\Admin\AppData\Local\Temp\explorer.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1716
- C:\Windows\gf.exe
  "C:\Windows\gf.exe"
  2⤵
  - Executes dropped EXE
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\explorer.exe
    "C:\Users\Admin\AppData\Local\Temp\explorer.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\System\msn_kilo.exe

Filesize
256KB

MD5
560a17c1d3e033a9a01cf79fef827b31

SHA1
663746cb9d666363b9dc40ec957b661e75a3e8fc

SHA256
47680c4485395910114f637617098a7ed373d380c0c8c2764629281d97bd1f43

SHA512
496b5f120c91ca15d056bb1202e2eff1ca1acf25e2098e9731a9d09e6621c9b669eb3d069a6d00769f1702bea6672a4e6aff2486ab01967009e8a64b3a039550

Download Submit
C:\Users\Admin\AppData\Local\Temp\explorer.exe

Filesize
74KB

MD5
8b07e4eb224a264790f2f51513d4810a

SHA1
2109ed97528af5c069a42ca42c0ccf1c3b4ffde7

SHA256
274273225883f642a2fca3c10b2df968c4c407569a08ec9c6d36519db5beedee

SHA512
bd76efebc5724d5b9ffdb919da73795de05818005c7e31b66c2d7a3e846704d3366d78762f9c8b67d10acd192a55c501314b819360dc56ac3f2202d10133ff84

Download Submit
C:\Windows\WinInet.exe

Filesize
711KB

MD5
26bfa7affd98f30665ee1f40a3dfb1c8

SHA1
7ad71a62989a45c3bd31daa4561fa1280b85ca12

SHA256
13e702af9f89c03357ec3b51a553d48a7b428703a629a82c123b1c0f620861a6

SHA512
8e54677d026f025fa514010ee65faa7ec0f7e1d4306c75d2b66a752720e1a6d0f03b981289d599479f8d0c82f535808eafba31e537b25e16dff54a5753395ae9

Download Submit
C:\Windows\em.exe

Filesize
185KB

MD5
aaff4eff1db9b53232319a1d59e50ad8

SHA1
fe139d84265927460c99a3c85b5aa1307e96522e

SHA256
2b29b3be908a0e588e2c3d79806dc92ef29c0b3f6a81393a6b202786bde0317d

SHA512
38a1a800af6e43a99eea829e91ce95dc73062f2655cf8dccb7e358f198d5fcf89c8993209375491e4c422e09ae0679b1322864483e70bc9f095111478944c2dc

Download Submit
C:\Windows\emo.exe

Filesize
185KB

MD5
fde211abf58fc1def492e8c6e789ec4c

SHA1
f9c8bda784dd97646d12538578ebbe9a16950cb9

SHA256
807059b07dc1b4c903e94cd11d43f0bcff1cf4fd9e71daa6e199b57c5b8094ac

SHA512
b7002efe3ae5b74df006baea9d7a1236f7f6ab759f8b444979ea7fedd16df4aa469adfb802727b450610665604ccd04b6b1f2b98c5cda6e3eba02d7c9ba8981b

Download Submit
C:\Windows\gf.exe

Filesize
258KB

MD5
f95e5e23ae65bcdea5cd31c24354ee22

SHA1
fd2b7c345dd22ca6cb3f75c560aba42b3a293bfc

SHA256
fdb785b01267a73d1797c50363c81b2f7e04a04a3eb096ecefec3a8ca705dcc8

SHA512
c871a2df4e38798289e1a517f142b7740232afc62e9a999a6bfbe8bbcf2ca1854ddda131bfc99797fc2e8b844d5a359c34563a7108becfe296437967afc947f9

Download Submit
C:\Windows\l33t.exe

Filesize
126KB

MD5
332fef24a1a45a7ea97e1b12c4e7f2c9

SHA1
c67f823fb0ff983bf5ee16a8429fb26559ff40ea

SHA256
3a67c659e3709d983e4a0b5851c8e66a6d987d12ae55be63930737ccf3862ec4

SHA512
b3337a43bb1e496f163c9b6380cc77b387b59940bd19bae99e4c04e3738e95bdb5933c8c43c5bd7b9c620c74719a541372b8afa48dcb1318cf39cda54f518f28

Download Submit
\Program Files (x86)\Common Files\System\msn_kilo.exe

Filesize
14KB

MD5
e14314396d5bfde225f2726e721c8ca0

SHA1
36ddcc99eafbd83065a68bd08de8f922518a6e91

SHA256
f39c7244a0ee32022b053c6a4382425a68be4ad6c2733fdd6a1930b659c4bd63

SHA512
baa0ec98785aff161650e316152982d441c2b5cf452954ae33ea7fa212209ef3e8117cfdc9b8f0fc42c83532e31ce37c0334e0fc5ede1ff920102a584f5969cb

Download Submit
\Program Files (x86)\Common Files\System\msn_kilo.exe

Filesize
8KB

MD5
c6e9b0fd3a53eeb0ab92077be024b9ce

SHA1
3edeffdef431e15c15d4288ab6cc5b5e68a79b83

SHA256
8ccab1e6abe2b3dfd953fcedcaab8f6a7c3687594497a17023ff3b81374e7442

SHA512
2d1168909a9bc0fec82a6f17fdd288b336b582c31fc8038525df1421b2ee38c34bfdb982ee24fdba975381aeecb6510a23f45959cc0646aaae844da343578c95

Download Submit
\Windows\SysWOW64\kernel23.dll

Filesize
320KB

MD5
d91de38799eb336241ac1ca208ab636e

SHA1
73aeadc0d107c49f76213918d8c52b4225c7042c

SHA256
2c70a2017064f89a34cbdc778479ee5a3af66ab961794cdb7ce89305c7b2cd82

SHA512
0f86809f0a2cf0169d9be8ab6d26075b08d01848bad878c90f93cb514755b56fb613c14f89f6738b020c57d551c777026a4f23a20ed13ccd8fcb6b9791253394

Download Submit
\Windows\SysWOW64\kernel23.dll

Filesize
1.1MB

MD5
9b98d47916ead4f69ef51b56b0c2323c

SHA1
290a80b4ded0efc0fd00816f373fcea81a521330

SHA256
96e0ae104c9662d0d20fdf59844c2d18334e5847b6c4fc7f8ce4b3b87f39887b

SHA512
68b67021f228d8d71df4deb0b6388558b2f935a6aa466a12199cd37ada47ee588ea407b278d190d3a498b0ef3f5f1a2573a469b7ea5561ab2e7055c45565fe94

Download Submit
memory/584-115-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/1732-167-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/1732-152-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/1732-153-0x0000000001F00000-0x0000000001F80000-memory.dmp

Filesize
512KB

Download
memory/2364-34-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2364-19-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2364-15-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2364-59-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2364-38-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2364-36-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2364-17-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2364-28-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2364-29-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2364-25-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2364-22-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2564-170-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2732-82-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2732-86-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2732-76-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2732-71-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2732-67-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2732-64-0x0000000000400000-0x000000000045A000-memory.dmp

Filesize
360KB

Download
memory/2952-146-0x0000000000510000-0x0000000000590000-memory.dmp

Filesize
512KB

Download
memory/2952-147-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/2952-145-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download
memory/2952-154-0x0000000000510000-0x0000000000590000-memory.dmp

Filesize
512KB

Download
memory/2952-168-0x000007FEF59C0000-0x000007FEF635D000-memory.dmp

Filesize
9.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads