b5678e0d3309d70787a8f0a75b4654115d1b12114bd03d22f6b099e075170f17

General

Target

7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
Size

165KB
MD5

7a9b6a40ef47cf7c43bfcebf0348ecd4
SHA1

8539a071bfb1390bbe473a5ac13adaa360f436cd
SHA256

b5678e0d3309d70787a8f0a75b4654115d1b12114bd03d22f6b099e075170f17
SHA512

824d05a54e390ddfeafd4e50d69320c822202b954d5366667004b880401cc92ad0c701757195a3ed98a83c719a9cf921510d5b770db99d9498b9cd166f0bd8ef
SSDEEP

3072:ekH4BrXheR3tre/5rBHCyGv1eKlimkslTitAOnNn9sPQd72WYcuTNQpFBpeoutMU:GB7a3treTHiv1Rmsla3sPu2xcSNQpFBY

Score

8^/10

evasion persistence upx

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 1 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exe

pid process

2640 netsh.exe
Deletes itself 1 IoCs

Processes:

cmd.exe

pid process

1076 cmd.exe
Executes dropped EXE 1 IoCs

Processes:

maylez.exe

pid process

1800 maylez.exe
Loads dropped DLL 2 IoCs

Processes:

7a9b6a40ef47cf7c43bfcebf0348ecd4.exe

pid process

1568 7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
1568 7a9b6a40ef47cf7c43bfcebf0348ecd4.exe

pid	process
2640	netsh.exe

pid	process
1076	cmd.exe

pid	process
1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1568-0-0x0000000000400000-0x0000000000440000-memory.dmp	upx
\Users\Admin\AppData\Roaming\Alpaazh\maylez.exe	upx
behavioral1/memory/1800-16-0x0000000000400000-0x0000000000440000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

maylez.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Windows\CurrentVersion\Run\{E4EECDFC-8A59-268E-EB22-9A59AE744F44} = "C:\\Users\\Admin\\AppData\\Roaming\\Alpaazh\\maylez.exe"	maylez.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

7a9b6a40ef47cf7c43bfcebf0348ecd4.exe

description pid process target process

PID 1568 set thread context of 1076 1568 7a9b6a40ef47cf7c43bfcebf0348ecd4.exe cmd.exe

description	pid	process	target process
PID 1568 set thread context of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

7a9b6a40ef47cf7c43bfcebf0348ecd4.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Privacy\CleanCookies = "0"	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000\Software\Microsoft\Internet Explorer\Privacy	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe

NTFS ADS 1 IoCs

Processes:

WinMail.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Local Folders\Inbox\52C10184-00000001.eml:OECustomProperty	WinMail.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

Processes:

maylez.exe

pid	process
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe
1800	maylez.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

7a9b6a40ef47cf7c43bfcebf0348ecd4.exeWinMail.exe

description	pid	process
Token: SeSecurityPrivilege	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
Token: SeSecurityPrivilege	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
Token: SeSecurityPrivilege	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
Token: SeManageVolumePrivilege	1804	WinMail.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

WinMail.exe

pid process

1804 WinMail.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

WinMail.exe

pid process

1804 WinMail.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

WinMail.exe

pid process

1804 WinMail.exe

pid	process
1804	WinMail.exe

pid	process
1804	WinMail.exe

pid	process
1804	WinMail.exe

Suspicious use of WriteProcessMemory 56 IoCs

Processes:

7a9b6a40ef47cf7c43bfcebf0348ecd4.execmd.exemaylez.exe

description	pid	process	target process
PID 1568 wrote to memory of 2244	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 2244	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 2244	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 2244	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 1800	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	maylez.exe
PID 1568 wrote to memory of 1800	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	maylez.exe
PID 1568 wrote to memory of 1800	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	maylez.exe
PID 1568 wrote to memory of 1800	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	maylez.exe
PID 2244 wrote to memory of 2640	2244	cmd.exe	netsh.exe
PID 2244 wrote to memory of 2640	2244	cmd.exe	netsh.exe
PID 2244 wrote to memory of 2640	2244	cmd.exe	netsh.exe
PID 2244 wrote to memory of 2640	2244	cmd.exe	netsh.exe
PID 1800 wrote to memory of 1100	1800	maylez.exe	taskhost.exe
PID 1800 wrote to memory of 1100	1800	maylez.exe	taskhost.exe
PID 1800 wrote to memory of 1100	1800	maylez.exe	taskhost.exe
PID 1800 wrote to memory of 1100	1800	maylez.exe	taskhost.exe
PID 1800 wrote to memory of 1100	1800	maylez.exe	taskhost.exe
PID 1800 wrote to memory of 1164	1800	maylez.exe	Dwm.exe
PID 1800 wrote to memory of 1164	1800	maylez.exe	Dwm.exe
PID 1800 wrote to memory of 1164	1800	maylez.exe	Dwm.exe
PID 1800 wrote to memory of 1164	1800	maylez.exe	Dwm.exe
PID 1800 wrote to memory of 1164	1800	maylez.exe	Dwm.exe
PID 1800 wrote to memory of 1192	1800	maylez.exe	Explorer.EXE
PID 1800 wrote to memory of 1192	1800	maylez.exe	Explorer.EXE
PID 1800 wrote to memory of 1192	1800	maylez.exe	Explorer.EXE
PID 1800 wrote to memory of 1192	1800	maylez.exe	Explorer.EXE
PID 1800 wrote to memory of 1192	1800	maylez.exe	Explorer.EXE
PID 1800 wrote to memory of 1568	1800	maylez.exe	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
PID 1800 wrote to memory of 1568	1800	maylez.exe	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
PID 1800 wrote to memory of 1568	1800	maylez.exe	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
PID 1800 wrote to memory of 1568	1800	maylez.exe	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
PID 1800 wrote to memory of 1568	1800	maylez.exe	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
PID 1568 wrote to memory of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1568 wrote to memory of 1076	1568	7a9b6a40ef47cf7c43bfcebf0348ecd4.exe	cmd.exe
PID 1800 wrote to memory of 1540	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 1540	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 1540	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 1540	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 1540	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 1608	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 1608	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 1608	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 1608	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 1608	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 2592	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 2592	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 2592	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 2592	1800	maylez.exe	DllHost.exe
PID 1800 wrote to memory of 2592	1800	maylez.exe	DllHost.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\7a9b6a40ef47cf7c43bfcebf0348ecd4.exe
"C:\Users\Admin\AppData\Local\Temp\7a9b6a40ef47cf7c43bfcebf0348ecd4.exe"
2⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1568

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp76ade05f.bat"
3⤵
- Suspicious use of WriteProcessMemory
PID:2244

C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="explore" dir=in action=allow program="C:\Users\Admin\AppData\Roaming\Alpaazh\maylez.exe"
4⤵
- Modifies Windows Firewall
PID:2640

C:\Users\Admin\AppData\Roaming\Alpaazh\maylez.exe
"C:\Users\Admin\AppData\Roaming\Alpaazh\maylez.exe"
3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1800

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmpec589828.bat"
3⤵
- Deletes itself
PID:1076

C:\Windows\system32\Dwm.exe
"C:\Windows\system32\Dwm.exe"
1⤵
PID:1164

C:\Windows\system32\taskhost.exe
"taskhost.exe"
1⤵
PID:1100

C:\Program Files\Windows Mail\WinMail.exe
"C:\Program Files\Windows Mail\WinMail.exe" -Embedding
1⤵
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:1540

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:1608

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
1⤵
PID:2592

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

1

T1543

Windows Service

1

T1543.003

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Privilege Escalation

Create or Modify System Process

1

T1543

Windows Service

1

T1543.003

Boot or Logon Autostart Execution

1

T1547

Registry Run Keys / Startup Folder

1

T1547.001

Defense Evasion

Impair Defenses

1

T1562

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\edb.log
Filesize
1.3MB

MD5
0c8f93812f619ae33a046d32447c1d55

SHA1
47782a056f41ca71bc47f598e4ae64973daa01d8

SHA256
8802b2e7d1f0f966f93f33499b9dcf1e72ce534b53e41d3f1713d7af47ffd3e1

SHA512
79da141fc96e94c195a02cd9f0010c1917b6a97fec206f6097bb4c1bf60cf8111d645c4e3ad9c6456bbff84b93e8aaa9112d899f504ab4387194092f89c8024d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp76ade05f.bat
Filesize
203B

MD5
5d3988a11d6654286751a1c07f0c0124

SHA1
3bee499065795161c7d1a4182bf2148a22d8c3ef

SHA256
c09452b2d7cac84b13a5d0349d2997efc364557d051e5051e48901212404c3e5

SHA512
336a636af37db10ce59902228a213875cb6c0c57459888788f5ec9eb6303cd489bcd91120c24ad463b6ab86619aeab06c966c01a607f8ccfc8d46f8cfa2eff54

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpec589828.bat
Filesize
243B

MD5
71afd509c63af395002c383a477e4ede

SHA1
907839ba56f6a15dd3b66e42be89788c72ada592

SHA256
f64ea94186dbcd1f8de3173670998494a473e9d045a479f32f8ce4e7455e6361

SHA512
0c4cbabfaadb48fef81b97d94891a516082ea1e9822e8a27a93bebae0ae9cafbcd476150d1ac8df3a0a3fbd6ae7de3847ff49bc205b0f3517618f0eecf16b844

Download Submit
C:\Users\Admin\AppData\Roaming\Umic\emyshe.umm
Filesize
366B

MD5
a65920019f8d5630d3e6d0daff5d17ab

SHA1
85ca08e19852870b74f6f86b8a6d71e3836c58c8

SHA256
e5eefd3a364607170c0e841ae94560bd151d2a28ddcc8ae4bc2ab1c87c041ba5

SHA512
a166fda05484277020033aa922726cb7321a2ac2063023be9d89685ab694acc1f91f77ec18d09a791c7fc150e5eda8ef6487346fea88a79e8a7da9289f367df0

Download Submit
\Users\Admin\AppData\Roaming\Alpaazh\maylez.exe
Filesize
165KB

MD5
16245ee3f3ae5372182260beea6da910

SHA1
5415b3f9e87ed0aa7e3e6554080958c429fe5475

SHA256
856b4f963838b10a507598096543e0fdf2e4b9fc3b2a9293c8d1f5acd1791b79

SHA512
80c59f03cdc2983517b85500af01337e982ff203f48ee451c7f944372c2b6d50523f0ee2f7533f2d359281e95780cc5a8ed6837733ba4c8a0a128d554058f465

Download Submit
memory/1076-223-0x0000000000050000-0x0000000000078000-memory.dmp

Filesize
160KB

Download
memory/1076-273-0x0000000076EC0000-0x0000000076EC1000-memory.dmp

Filesize
4KB

Download
memory/1076-316-0x0000000000050000-0x0000000000078000-memory.dmp

Filesize
160KB

Download
memory/1100-20-0x00000000003A0000-0x00000000003C8000-memory.dmp

Filesize
160KB

Download
memory/1100-21-0x00000000003A0000-0x00000000003C8000-memory.dmp

Filesize
160KB

Download
memory/1100-22-0x00000000003A0000-0x00000000003C8000-memory.dmp

Filesize
160KB

Download
memory/1100-23-0x00000000003A0000-0x00000000003C8000-memory.dmp

Filesize
160KB

Download
memory/1100-19-0x00000000003A0000-0x00000000003C8000-memory.dmp

Filesize
160KB

Download
memory/1164-25-0x0000000000130000-0x0000000000158000-memory.dmp

Filesize
160KB

Download
memory/1164-27-0x0000000000130000-0x0000000000158000-memory.dmp

Filesize
160KB

Download
memory/1164-26-0x0000000000130000-0x0000000000158000-memory.dmp

Filesize
160KB

Download
memory/1164-28-0x0000000000130000-0x0000000000158000-memory.dmp

Filesize
160KB

Download
memory/1192-30-0x00000000024A0000-0x00000000024C8000-memory.dmp

Filesize
160KB

Download
memory/1192-33-0x00000000024A0000-0x00000000024C8000-memory.dmp

Filesize
160KB

Download
memory/1192-32-0x00000000024A0000-0x00000000024C8000-memory.dmp

Filesize
160KB

Download
memory/1192-31-0x00000000024A0000-0x00000000024C8000-memory.dmp

Filesize
160KB

Download
memory/1568-46-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-70-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-37-0x00000000002C0000-0x00000000002E8000-memory.dmp

Filesize
160KB

Download
memory/1568-41-0x00000000002C0000-0x00000000002E8000-memory.dmp

Filesize
160KB

Download
memory/1568-38-0x00000000002C0000-0x00000000002E8000-memory.dmp

Filesize
160KB

Download
memory/1568-42-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-44-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-39-0x00000000002C0000-0x00000000002E8000-memory.dmp

Filesize
160KB

Download
memory/1568-48-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-50-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-52-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-54-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-56-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-58-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-60-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-62-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-64-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-66-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-68-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-36-0x00000000002C0000-0x00000000002E8000-memory.dmp

Filesize
160KB

Download
memory/1568-72-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-74-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-76-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-78-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-80-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-82-0x0000000076EC0000-0x0000000076EC1000-memory.dmp

Filesize
4KB

Download
memory/1568-132-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1568-40-0x00000000002C0000-0x00000000002E8000-memory.dmp

Filesize
160KB

Download
memory/1568-173-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1568-15-0x0000000000550000-0x0000000000590000-memory.dmp

Filesize
256KB

Download
memory/1568-220-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1568-221-0x00000000002C0000-0x00000000002E8000-memory.dmp

Filesize
160KB

Download
memory/1568-12-0x0000000000550000-0x0000000000590000-memory.dmp

Filesize
256KB

Download
memory/1568-2-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1568-1-0x00000000001B0000-0x00000000001C4000-memory.dmp

Filesize
80KB

Download
memory/1568-0-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1800-317-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download
memory/1800-16-0x0000000000400000-0x0000000000440000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads