f005d0a23dcd8455a71971c3824ff0596e3c40f7cf7012c6829118f7d3f346d1

Analysis

max time kernel
16s
max time network
21s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2024 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

682db5558ce11329c208eb7e0632e63e.exe
Size

824KB
MD5

682db5558ce11329c208eb7e0632e63e
SHA1

233b5cfec545e43d49ed558f4af95ca89c019850
SHA256

f005d0a23dcd8455a71971c3824ff0596e3c40f7cf7012c6829118f7d3f346d1
SHA512

e24146bc51a060e521941bf15e892c0bce60fe0754b8f87630af3a60d0a9e13e2583d286653f890b8616c967bcadc566601dfeb517d8387cfa333c027e39b5e6
SSDEEP

12288:qai/oGGwH/BTqATt9IGeIm0JFg7qFhZjGgxGwPUD0INtcs9w7Jza+esTCmOQ/0:di/oMHZ1fm0s0agxGwfINyz7pL2mvM

Score

7^/10

aspackv2 bootkit persistence

Malware Config

Signatures

ASPack v2.12-2.42 3 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x000a000000022480-103.dat	aspack_v212_v242
behavioral2/files/0x000600000002312e-133.dat	aspack_v212_v242
behavioral2/files/0x000600000002312c-149.dat	aspack_v212_v242

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	682db5558ce11329c208eb7e0632e63e.exe

Executes dropped EXE 2 IoCs

pid	Process
4984	f240655687.exe
1564	nnuizp.exe

Loads dropped DLL 3 IoCs

pid	Process
3252	regsvr32.exe
4984	f240655687.exe
1564	nnuizp.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winsync = "C:\\Windows\\system32\\nnuizp.exe reg_run"	f240655687.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\winsync = "C:\\Windows\\system32\\nnuizp.exe reg_run"	nnuizp.exe

Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	682db5558ce11329c208eb7e0632e63e.exe
File opened for modification	\??\PhysicalDrive0	f240655687.exe
File opened for modification	\??\PhysicalDrive0	nnuizp.exe

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	regsvr32.exe
File created	C:\Windows\SysWOW64\kkoonro.dll	f240655687.exe
File created	C:\Windows\SysWOW64\ccomqno.exe	f240655687.exe
File opened for modification	C:\Windows\SysWOW64\aspr_keys.ini	nnuizp.exe
File created	C:\Windows\SysWOW64\qqvky.dat	nnuizp.exe
File opened for modification	C:\Windows\SysWOW64\gglwk.dll	nnuizp.exe
File created	C:\Windows\SysWOW64\wuauclt.dll	682db5558ce11329c208eb7e0632e63e.exe
File created	C:\Windows\SysWOW64\nnuizp.exe	f240655687.exe
File created	C:\Windows\SysWOW64\qqvky.dat	f240655687.exe
File opened for modification	C:\Windows\SysWOW64\nnuizp.exe	f240655687.exe
File opened for modification	C:\Windows\SysWOW64\ccomqno.exe	nnuizp.exe
File created	C:\Windows\SysWOW64\vgactl.cpl	682db5558ce11329c208eb7e0632e63e.exe
File created	C:\Windows\SysWOW64\gglwk.dll	f240655687.exe
File created	C:\Windows\SysWOW64\nnuizp.exe	nnuizp.exe
File opened for modification	C:\Windows\SysWOW64\kkoonro.dll	nnuizp.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\bbpqwo.dat	682db5558ce11329c208eb7e0632e63e.exe
File created	C:\Windows\eetic.dll	f240655687.exe
File opened for modification	C:\Windows\eetic.dll	f240655687.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	f240655687.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	nnuizp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	nnuizp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	682db5558ce11329c208eb7e0632e63e.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	f240655687.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	f240655687.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	f240655687.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	nnuizp.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	nnuizp.exe
Key created	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	682db5558ce11329c208eb7e0632e63e.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	682db5558ce11329c208eb7e0632e63e.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	682db5558ce11329c208eb7e0632e63e.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\CLSID = "{6EC11407-5B2E-4E25-8BDF-77445B52AB37}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\MenuText = "Java"	regsvr32.exe

Modifies registry class 30 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\ProgId	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9b3dd5fc-2e69-4878-b78f-f296539f4b8b}\ProgId\ = "rrirjeie.class"	f240655687.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\InProcServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9b3dd5fc-2e69-4878-b78f-f296539f4b8b}\ = "rrirjeie.class"	f240655687.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\InProcServer32\ = "C:\\Windows\\SysWow64\\wuauclt.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9b3dd5fc-2e69-4878-b78f-f296539f4b8b}\InProcServer32\ = "C:\\Windows\\SysWow64\\gglwk.dll"	f240655687.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ggqxknqf\ = "{a8c512b0-3455-4370-9ae3-27fe8f22e911}"	nnuizp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\ = "{6EC11407-5B2E-4E25-8BDF-77445B52AB37}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9b3dd5fc-2e69-4878-b78f-f296539f4b8b}	f240655687.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a8c512b0-3455-4370-9ae3-27fe8f22e911}\ = "rrirjeie.class"	nnuizp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a8c512b0-3455-4370-9ae3-27fe8f22e911}\InProcServer32\ThreadingModel = "Apartment"	nnuizp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9b3dd5fc-2e69-4878-b78f-f296539f4b8b}\InProcServer32	f240655687.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a8c512b0-3455-4370-9ae3-27fe8f22e911}\InProcServer32	nnuizp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a8c512b0-3455-4370-9ae3-27fe8f22e911}\ProgId	nnuizp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a8c512b0-3455-4370-9ae3-27fe8f22e911}\ProgId\ = "rrirjeie.class"	nnuizp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\ProgId\ = "Columns class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9b3dd5fc-2e69-4878-b78f-f296539f4b8b}\InProcServer32\ThreadingModel = "Apartment"	f240655687.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ggqxknqf	nnuizp.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9b3dd5fc-2e69-4878-b78f-f296539f4b8b}\ProgId	f240655687.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a8c512b0-3455-4370-9ae3-27fe8f22e911}	nnuizp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{a8c512b0-3455-4370-9ae3-27fe8f22e911}\InProcServer32\ = "C:\\Windows\\SysWow64\\gglwk.dll"	nnuizp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\ = "Columns class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ggqxknqf	f240655687.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ggqxknqf\ = "{9b3dd5fc-2e69-4878-b78f-f296539f4b8b}"	f240655687.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 3252	968	682db5558ce11329c208eb7e0632e63e.exe	88
PID 968 wrote to memory of 3252	968	682db5558ce11329c208eb7e0632e63e.exe	88
PID 968 wrote to memory of 3252	968	682db5558ce11329c208eb7e0632e63e.exe	88
PID 968 wrote to memory of 4984	968	682db5558ce11329c208eb7e0632e63e.exe	89
PID 968 wrote to memory of 4984	968	682db5558ce11329c208eb7e0632e63e.exe	89
PID 968 wrote to memory of 4984	968	682db5558ce11329c208eb7e0632e63e.exe	89
PID 4984 wrote to memory of 1564	4984	f240655687.exe	90
PID 4984 wrote to memory of 1564	4984	f240655687.exe	90
PID 4984 wrote to memory of 1564	4984	f240655687.exe	90

C:\Users\Admin\AppData\Local\Temp\682db5558ce11329c208eb7e0632e63e.exe
"C:\Users\Admin\AppData\Local\Temp\682db5558ce11329c208eb7e0632e63e.exe"
1⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /s C:\Windows\system32\wuauclt.dll
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Modifies Internet Explorer settings
  - Modifies registry class
  PID:3252
- C:\Users\Admin\AppData\Local\Temp\f240655687.exe
  "C:\Users\Admin\AppData\Local\Temp\f240655687.exe" first_run
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Writes to the Master Boot Record (MBR)
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4984
- - C:\Windows\SysWOW64\nnuizp.exe
    first_run
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Writes to the Master Boot Record (MBR)
    - Drops file in System32 directory
    - Checks processor information in registry
    - Modifies registry class
    PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\f240655687.exe

Filesize
458KB

MD5
a45be0d070560ede89a8fe489ff23c75

SHA1
a306186ff34f3381b8b79ec05dd382a5ae71297a

SHA256
9e640592b917e6aa0108cb050fc2c30ae420f44c9abb333c58a301e60ba6309e

SHA512
1b1eae5fcfb18c951032b9ba74e5ffe8b2f2c4de203c6c7110453731793f3a4b6f94dc4eb9ed6a29b842de49493000c373e1b9ac631901087f6054e47df261e3

Download Submit
C:\Windows\SysWOW64\ccomqno.exe

Filesize
163KB

MD5
eabbb6f57dac51f65b7fa7ad44dc0c85

SHA1
70b89bb6eda284e71271f35497f0309cde69fea7

SHA256
7907745f5df59442b6a80ceb8dfbcbf139c41580e5cfad5969c92090b0e711fa

SHA512
fb57dad1ca7957ff11bd915e66035380daf0ab2c78c41592bc0c5b6f326b138940737279e04248497fc58972a805fd5d7583a917f59dfc40b84e3cd2f093ecd3

Download Submit
C:\Windows\SysWOW64\gglwk.dll

Filesize
130KB

MD5
78d4c669c1f3268b6cfc493e08df9d20

SHA1
bc54b50630a72c86d503f435459112cac1aa9989

SHA256
484e60c78e02266e8857f95511c3f2b2a7714020051b615fc5c8e6c6b1a4c5b7

SHA512
5a6b2904648337b6d32cc42f6aa45733c39f0a3590a2fb8547fc02f367fc882c046ade108e159c07d3f484e37118d4894972b1edf99546ce898f762355712a34

Download Submit
C:\Windows\SysWOW64\kkoonro.dll

Filesize
176KB

MD5
e1900e1e64c730073c74c7bd72ef8f3e

SHA1
f2a2faf02d532bf9f2c209d349c580f4525ad19a

SHA256
b792a3a2b46072f6c0ef11cc0e0b4366af25a4a43e5a94476b6e387e765a1e25

SHA512
9256d304e6cfb52a070276d026eb86eec713fa6054092e9d977a5b734f240cc8d767f7f1117347fe4c50f516736339e34839d7614fd603eef4d4a797e1cd0722

Download Submit
C:\Windows\SysWOW64\nnuizp.exe

Filesize
313KB

MD5
4fd0c59d7dfa4e238e704042e115864c

SHA1
e3f8297e16ea22799b443095ea6d0bfe4e6c622d

SHA256
bc4c9ef3ee9a6bea320832e546fc71a11d8cfa1b149622b223c5fb8c2f823cd7

SHA512
32303d861c733730f4b5acdf0aa7a8aa7bf44357b5cc1680441f4a1ab022d5d51ec6bf7e7945cd7b0f829f3baa1445b6c9b3fe7af6ceb855269dbbd7863aeccd

Download Submit
C:\Windows\SysWOW64\wuauclt.dll

Filesize
156KB

MD5
6451095f639ab38909988e41432f1a43

SHA1
0d5839203d8b31bb23ab5746019ea45b5545da2c

SHA256
34ce0665cbd0125173995e8051ee5a62dbadeeb6041a1da1b74811db0a41311e

SHA512
cc008c301865028adee899f80223491dd2439bcb812cc66869d1c28d1cb75427c93b3248e2718ab4abef9b5d5895e33cb4f4f3fa24cd302760055dcee4fef7e2

Download Submit
C:\Windows\eetic.dll

Filesize
34B

MD5
9b5f0786ded1e8ede6bb244849e030a9

SHA1
f2c88a2b52813067f98c7b8bf4c081a2d48f2a1d

SHA256
0fa925a391d09f322f4febc9d2ce2183935b0d1b2df4b5d88cb0d27fe54db73d

SHA512
3f29778a5362f9779f6927d55d2aeb2401d4dbfd430c562fa8d28d40302c2998cf81e174e92aa82d88594a6b843f9800915b8aa2f20bece273670b97d8d35ecd

Download Submit
memory/968-31-0x00000000026D0000-0x00000000026D1000-memory.dmp

Filesize
4KB

Download
memory/968-16-0x00000000025B0000-0x00000000025B1000-memory.dmp

Filesize
4KB

Download
memory/968-5-0x0000000002490000-0x0000000002491000-memory.dmp

Filesize
4KB

Download
memory/968-6-0x0000000002520000-0x0000000002522000-memory.dmp

Filesize
8KB

Download
memory/968-7-0x0000000002570000-0x0000000002571000-memory.dmp

Filesize
4KB

Download
memory/968-8-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/968-10-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/968-9-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/968-11-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/968-12-0x0000000002540000-0x0000000002541000-memory.dmp

Filesize
4KB

Download
memory/968-13-0x00000000025A0000-0x00000000025A1000-memory.dmp

Filesize
4KB

Download
memory/968-14-0x0000000002590000-0x0000000002591000-memory.dmp

Filesize
4KB

Download
memory/968-15-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/968-36-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download
memory/968-17-0x00000000025F0000-0x00000000025F1000-memory.dmp

Filesize
4KB

Download
memory/968-18-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download
memory/968-19-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/968-20-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/968-21-0x0000000002630000-0x0000000002631000-memory.dmp

Filesize
4KB

Download
memory/968-22-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/968-23-0x0000000002650000-0x0000000002651000-memory.dmp

Filesize
4KB

Download
memory/968-24-0x0000000002640000-0x0000000002641000-memory.dmp

Filesize
4KB

Download
memory/968-25-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/968-26-0x0000000002660000-0x0000000002661000-memory.dmp

Filesize
4KB

Download
memory/968-37-0x0000000002A70000-0x0000000002A71000-memory.dmp

Filesize
4KB

Download
memory/968-28-0x0000000002680000-0x0000000002681000-memory.dmp

Filesize
4KB

Download
memory/968-29-0x00000000026B0000-0x00000000026B1000-memory.dmp

Filesize
4KB

Download
memory/968-30-0x00000000026A0000-0x00000000026A1000-memory.dmp

Filesize
4KB

Download
memory/968-32-0x00000000026C0000-0x00000000026C1000-memory.dmp

Filesize
4KB

Download
memory/968-2-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/968-33-0x00000000026F0000-0x00000000026F1000-memory.dmp

Filesize
4KB

Download
memory/968-35-0x0000000002A50000-0x0000000002A51000-memory.dmp

Filesize
4KB

Download
memory/968-44-0x0000000002AA0000-0x0000000002AA1000-memory.dmp

Filesize
4KB

Download
memory/968-4-0x0000000000630000-0x0000000000631000-memory.dmp

Filesize
4KB

Download
memory/968-27-0x0000000002690000-0x0000000002691000-memory.dmp

Filesize
4KB

Download
memory/968-38-0x0000000002A60000-0x0000000002A61000-memory.dmp

Filesize
4KB

Download
memory/968-39-0x0000000002A80000-0x0000000002A81000-memory.dmp

Filesize
4KB

Download
memory/968-40-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/968-41-0x0000000002510000-0x0000000002516000-memory.dmp

Filesize
24KB

Download
memory/968-42-0x0000000002A90000-0x0000000002A91000-memory.dmp

Filesize
4KB

Download
memory/968-34-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/968-43-0x0000000002AB0000-0x0000000002AB1000-memory.dmp

Filesize
4KB

Download
memory/968-45-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/968-46-0x0000000002AC0000-0x0000000002AC1000-memory.dmp

Filesize
4KB

Download
memory/968-47-0x0000000002AF0000-0x0000000002AF1000-memory.dmp

Filesize
4KB

Download
memory/968-48-0x0000000002AE0000-0x0000000002AE1000-memory.dmp

Filesize
4KB

Download
memory/968-49-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/968-50-0x0000000002B00000-0x0000000002B01000-memory.dmp

Filesize
4KB

Download
memory/968-51-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/968-52-0x0000000002B20000-0x0000000002B21000-memory.dmp

Filesize
4KB

Download
memory/968-54-0x0000000002B70000-0x0000000002B71000-memory.dmp

Filesize
4KB

Download
memory/968-53-0x0000000002B40000-0x0000000002B41000-memory.dmp

Filesize
4KB

Download
memory/968-55-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/968-56-0x0000000002B90000-0x0000000002B91000-memory.dmp

Filesize
4KB

Download
memory/968-57-0x0000000002B80000-0x0000000002B81000-memory.dmp

Filesize
4KB

Download
memory/968-58-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/968-59-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/968-60-0x0000000002BD0000-0x0000000002BD1000-memory.dmp

Filesize
4KB

Download
memory/968-61-0x0000000002BC0000-0x0000000002BC1000-memory.dmp

Filesize
4KB

Download
memory/968-62-0x0000000002BF0000-0x0000000002BF1000-memory.dmp

Filesize
4KB

Download
memory/968-63-0x0000000002BE0000-0x0000000002BE1000-memory.dmp

Filesize
4KB

Download
memory/968-77-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/968-146-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/968-3-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/968-1-0x00000000022E0000-0x0000000002322000-memory.dmp

Filesize
264KB

Download
memory/968-0-0x0000000000400000-0x0000000000513000-memory.dmp

Filesize
1.1MB

Download
memory/1564-158-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/4984-144-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads