glupteba | 4641ab967c008d73785d344dd5cc99279da5d7271d9fe73a805ea2c218027b1a

Analysis

max time kernel
0s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b814afaa89cdf33bc32543afcc9c5bfe.exe
Size

4.1MB
MD5

b814afaa89cdf33bc32543afcc9c5bfe
SHA1

3023551ecb0e29fa6433360f2a0c51d68d472b6b
SHA256

4641ab967c008d73785d344dd5cc99279da5d7271d9fe73a805ea2c218027b1a
SHA512

df2b83af2dfc29b3ac1ab8187f501cac7a6f17989a39cf2963eb3a1cfe3e5e94ac2bcd73c32376c1d2ce26ffff0fa129f19117a56251d8f605619c3481094b37
SSDEEP

98304:TV1wO0l/3cW0ckMAK1O4y3hKDtaW+rPldA/YAjz+/JLqQ:Tbl0l0K1ehGgtdLW0JLN

Score

10^/10

glupteba dropper evasion loader upx

Malware Config

Signatures

Glupteba
Glupteba is a modular loader written in Golang with various components.
loader dropper glupteba

Glupteba payload 19 IoCs

resource	yara_rule
behavioral2/memory/4492-2-0x0000000005070000-0x000000000595B000-memory.dmp	family_glupteba
behavioral2/memory/4492-3-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/232-57-0x0000000004FE0000-0x00000000058CB000-memory.dmp	family_glupteba
behavioral2/memory/4492-56-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/4492-60-0x0000000005070000-0x000000000595B000-memory.dmp	family_glupteba
behavioral2/memory/232-59-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/232-155-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-259-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-268-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-270-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-272-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-274-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-276-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-278-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-280-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-282-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-284-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-286-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba
behavioral2/memory/1708-288-0x0000000000400000-0x0000000002EE6000-memory.dmp	family_glupteba

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
2980	netsh.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000023228-262.dat	upx
behavioral2/files/0x0007000000023228-265.dat	upx
behavioral2/memory/4928-267-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/files/0x0007000000023228-263.dat	upx
behavioral2/memory/1344-269-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1344-273-0x0000000000400000-0x00000000008DF000-memory.dmp	upx
behavioral2/memory/1344-279-0x0000000000400000-0x00000000008DF000-memory.dmp	upx

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
1628	sc.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4836	4492	WerFault.exe	16

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2980	schtasks.exe
1780	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\b814afaa89cdf33bc32543afcc9c5bfe.exe
"C:\Users\Admin\AppData\Local\Temp\b814afaa89cdf33bc32543afcc9c5bfe.exe"
1⤵
PID:4492
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell -nologo -noprofile
  2⤵
  PID:1416
- C:\Users\Admin\AppData\Local\Temp\b814afaa89cdf33bc32543afcc9c5bfe.exe
  "C:\Users\Admin\AppData\Local\Temp\b814afaa89cdf33bc32543afcc9c5bfe.exe"
  2⤵
  PID:232
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:1068
- - C:\Windows\system32\cmd.exe
    C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
    3⤵
    PID:4848
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:2092
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:3764
- - C:\Windows\rss\csrss.exe
    C:\Windows\rss\csrss.exe
    3⤵
    PID:1708
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:1628
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:748
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /delete /tn ScheduledUpdate /f
      4⤵
      PID:1748
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:2980
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
      4⤵
      PID:3560
  - - C:\Windows\SYSTEM32\schtasks.exe
      schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
      4⤵
      Creates scheduled task(s)
      PID:1780
  - - C:\Windows\windefender.exe
      "C:\Windows\windefender.exe"
      4⤵
      PID:4928
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 896
  2⤵
  - Program crash
  PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4492 -ip 4492
1⤵
PID:2420

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
1⤵
- Modifies Windows Firewall
PID:2980

C:\Windows\windefender.exe
C:\Windows\windefender.exe
1⤵
PID:1344

C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
1⤵
- Launches sc.exe
PID:1628

C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
1⤵
PID:592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ykafygzv.xee.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
25KB

MD5
e80eed7ceb11993653dbeb621f80017a

SHA1
2b3cbbc9be623206107c459633b479b5d46045fa

SHA256
31c7a39ee893fcb237b610c846346f8ba2f223963edacb25227070b80c8808c9

SHA512
5852ceeb0c2e230a0e51384b75700b44a42de3f1b53d4b52322435e9a9451f07baf224dc96124d7f346741a0e54defbd38d50b3c0f908656935e6e137f3990be

Download Submit
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe

Filesize
18KB

MD5
56b531a7ec84e226e5369c4d1b7b9a8e

SHA1
81388210387aadcdde1312955dc23aac104f8974

SHA256
ae030f476408b77c6d9f2be5d124f1e94e075b824ae4194aa2f73f7fec4b539e

SHA512
67cd3927dd2e43013096c77ae9043e871760c60b3f956fbdb1e60dceeb7b1c85ca995d74a1bf721ed1df59d834d1fb3e142786713d78c4b50555e79e69f59e7e

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
968cb9309758126772781b83adb8a28f

SHA1
8da30e71accf186b2ba11da1797cf67f8f78b47c

SHA256
92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a

SHA512
4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
35e3532da8e2f8217f34614cf9e72188

SHA1
d24d1926cbe8e403fff6d4830fe710751275ea83

SHA256
682d808d8aaa193d6d4c87ce9859a719af01f8fd5a69a462d76cdc2acba099cb

SHA512
08706d2439f5c43e869be865c5e72c8f6991082c11613e47eafe4246e658620428d9fa7cf31b8f12bd43a5e503d5e078c376c013ae3d55855fb570b00f5410e9

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
e91cd327d43dfad2b4f0a3dd14d591a3

SHA1
eca998aa0f10189825c6340de3149ce7c1e7ccc5

SHA256
5e4c48996c570e5f6227a5eac7b69ca35155e0d229983c6f067392588858f9dd

SHA512
02bf533a19c9c1c455c15d97164094147e0add706d872c3e96376e3bccf2b6522f10a8c6ad0e5095cc9bba4affdb25371368968e2693efcdd0bc526086913c6c

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
2be70c6a4b8ab1b61564cda713b4564f

SHA1
96eae3204062fb9d131da5809dddd6981f33fd18

SHA256
956b619d76cfe7e6c8ea82463ef336d006dab4b1904c739a17f9c0da284ec4fb

SHA512
270a6aae63d3f12b3aaa82495d79d56a062e4dabdacbf84b75ee6b5dc2480aac8a20380734f977731b512dd25b817ac1bcb6a1a49d2e449aba19ffbde7c2d1b6

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
15KB

MD5
46e750c2ffca3563e83c29152f6786b5

SHA1
cbaf24869292fe881516d8affc0fddb48ee79148

SHA256
ff8b2c5dd3fd66591c8f474e2aad74ea455f54e8162dfefbe68675028534247c

SHA512
35fd9cb60664812ca0a0141aaca5d61a588974cece718545339fba34e2e836ca72d4647b6816c293309b7f1bc70e42e868b9f2d168610fdcd4da53572f517b9a

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
19KB

MD5
a4caeace0ced631b966532cce55b1d8d

SHA1
3ce5c252f5f0a83157cc0db6146b1e69d4c54d03

SHA256
69df279adf2410c39ff53b1c99b5df94b6add52fe5a913edc3001013415ae35a

SHA512
140f963693fd14151b30995fcf83c2e5268f730ceea6e93e9eedf264a77c53de175f66f27bbba62d039e40ba2497e63c1f86bac9021cb849455d007eb89fad57

Download Submit
C:\Windows\rss\csrss.exe

Filesize
106KB

MD5
91c51e80c9bd8786be194dcd83d5cc1f

SHA1
94d7f893b093e17cb8cbbbf33a4e12d0ec8fd59f

SHA256
8a558303c48120b6e9090f894f962d96645ca09d48773212516c4d46b8ed34b6

SHA512
604ed2665ac92148d42d2eab42ac6e531caa9bd765824b435adb6ee1635a5c8cb031d06c20ab8f375e6aad4f2d04292ba418d2e37150bf2bd48b5dce3dfa0e78

Download Submit
C:\Windows\rss\csrss.exe

Filesize
61KB

MD5
388b4394da1e8b009d884c676185d7db

SHA1
9af7f2c63a704dbe1f2f4139a0de1d56d2fbee26

SHA256
abe7b29f6d0c3c68c228e6b0bb3a4f50bbf3241e0c275b5c2ee68994cbf3fadd

SHA512
b3be4c850fb3f539ee8ae4ca9c63b62614fa6c4a06557384f198148ac7b78491b96878de060283b0a1197078b6850419ddc871238710dde82ccdb6c84bff6b0c

Download Submit
C:\Windows\windefender.exe

Filesize
274KB

MD5
123762eeb368330a38e1ab48e8a23c96

SHA1
cf4f7d422d822eb8a13ac8e6e1fedd1e417ada28

SHA256
92759631a9c43480a8d37740d2208b5c10ff3dc8bb1067ce88f89de9f3204640

SHA512
b1dc44db49fc907d0296b81b64a53f5f78d20c5a3da2dfbec893bcccf747605c3880072a8bec32e8f7f053f21627c281634889b75288676ebfaaaae30d270d4b

Download Submit
C:\Windows\windefender.exe

Filesize
257KB

MD5
9c10d85a2f77aeae5792650817d2c5d9

SHA1
035535db3affbf7f2d6d6fd4a49f17824f2c8562

SHA256
a811e4465125096cb34f170bfdf69fce342a08c0ba975f633c10e540a38c91d0

SHA512
94480fc80790350de1d61b248d8e5353165d3f13f06070a0d807dba543f35e84fd7439659f1fe2ddd1f3e9b237da87f608604d3155b01a0585d661dad6e5ea89

Download Submit
C:\Windows\windefender.exe

Filesize
231KB

MD5
585ca1d9122ba7bc69f6b434bedbcc4c

SHA1
7559f5540a5642d34097ebff40186494409eee5b

SHA256
14e18715b98f8b5fc71e5b84213970467f44603a13b12d4a504a01f8a33993ef

SHA512
4be4a9fd07971aa35854ecc29d7f986754447985e35ebb29db25b565ab0b8818de9f1343aa38f7a9b7975ec0c17d6e9baef555add3fbf5fd66044e51f45c23ee

Download Submit
memory/232-55-0x0000000003330000-0x0000000003735000-memory.dmp

Filesize
4.0MB

Download
memory/232-155-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/232-121-0x0000000003330000-0x0000000003735000-memory.dmp

Filesize
4.0MB

Download
memory/232-59-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/232-57-0x0000000004FE0000-0x00000000058CB000-memory.dmp

Filesize
8.9MB

Download
memory/1068-88-0x0000000003250000-0x0000000003260000-memory.dmp

Filesize
64KB

Download
memory/1068-77-0x0000000070C90000-0x0000000070FE4000-memory.dmp

Filesize
3.3MB

Download
memory/1068-62-0x0000000003250000-0x0000000003260000-memory.dmp

Filesize
64KB

Download
memory/1068-61-0x00000000745F0000-0x0000000074DA0000-memory.dmp

Filesize
7.7MB

Download
memory/1068-73-0x00000000060D0000-0x0000000006424000-memory.dmp

Filesize
3.3MB

Download
memory/1068-94-0x00000000745F0000-0x0000000074DA0000-memory.dmp

Filesize
7.7MB

Download
memory/1068-91-0x0000000007CA0000-0x0000000007CB4000-memory.dmp

Filesize
80KB

Download
memory/1068-90-0x0000000007C50000-0x0000000007C61000-memory.dmp

Filesize
68KB

Download
memory/1068-75-0x000000007EE90000-0x000000007EEA0000-memory.dmp

Filesize
64KB

Download
memory/1068-63-0x0000000003250000-0x0000000003260000-memory.dmp

Filesize
64KB

Download
memory/1068-89-0x0000000007920000-0x00000000079C3000-memory.dmp

Filesize
652KB

Download
memory/1068-87-0x0000000003250000-0x0000000003260000-memory.dmp

Filesize
64KB

Download
memory/1068-76-0x00000000704F0000-0x000000007053C000-memory.dmp

Filesize
304KB

Download
memory/1068-74-0x0000000006790000-0x00000000067DC000-memory.dmp

Filesize
304KB

Download
memory/1344-269-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1344-273-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1344-279-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download
memory/1416-4-0x00000000027A0000-0x00000000027D6000-memory.dmp

Filesize
216KB

Download
memory/1416-22-0x0000000005DB0000-0x0000000005DCE000-memory.dmp

Filesize
120KB

Download
memory/1416-43-0x0000000007370000-0x0000000007413000-memory.dmp

Filesize
652KB

Download
memory/1416-27-0x0000000007150000-0x000000000716A000-memory.dmp

Filesize
104KB

Download
memory/1416-42-0x00000000049A0000-0x00000000049B0000-memory.dmp

Filesize
64KB

Download
memory/1416-26-0x00000000077D0000-0x0000000007E4A000-memory.dmp

Filesize
6.5MB

Download
memory/1416-30-0x00000000703F0000-0x000000007043C000-memory.dmp

Filesize
304KB

Download
memory/1416-53-0x0000000074550000-0x0000000074D00000-memory.dmp

Filesize
7.7MB

Download
memory/1416-50-0x0000000007510000-0x0000000007518000-memory.dmp

Filesize
32KB

Download
memory/1416-47-0x00000000074C0000-0x00000000074CE000-memory.dmp

Filesize
56KB

Download
memory/1416-49-0x00000000075C0000-0x00000000075DA000-memory.dmp

Filesize
104KB

Download
memory/1416-48-0x00000000074D0000-0x00000000074E4000-memory.dmp

Filesize
80KB

Download
memory/1416-44-0x0000000007460000-0x000000000746A000-memory.dmp

Filesize
40KB

Download
memory/1416-46-0x0000000007480000-0x0000000007491000-memory.dmp

Filesize
68KB

Download
memory/1416-45-0x0000000007520000-0x00000000075B6000-memory.dmp

Filesize
600KB

Download
memory/1416-28-0x000000007F0F0000-0x000000007F100000-memory.dmp

Filesize
64KB

Download
memory/1416-29-0x0000000007310000-0x0000000007342000-memory.dmp

Filesize
200KB

Download
memory/1416-41-0x0000000007350000-0x000000000736E000-memory.dmp

Filesize
120KB

Download
memory/1416-25-0x00000000070D0000-0x0000000007146000-memory.dmp

Filesize
472KB

Download
memory/1416-31-0x0000000070570000-0x00000000708C4000-memory.dmp

Filesize
3.3MB

Download
memory/1416-6-0x00000000049A0000-0x00000000049B0000-memory.dmp

Filesize
64KB

Download
memory/1416-24-0x00000000062D0000-0x0000000006314000-memory.dmp

Filesize
272KB

Download
memory/1416-5-0x0000000074550000-0x0000000074D00000-memory.dmp

Filesize
7.7MB

Download
memory/1416-8-0x00000000049A0000-0x00000000049B0000-memory.dmp

Filesize
64KB

Download
memory/1416-23-0x0000000005DD0000-0x0000000005E1C000-memory.dmp

Filesize
304KB

Download
memory/1416-7-0x0000000004FE0000-0x0000000005608000-memory.dmp

Filesize
6.2MB

Download
memory/1416-9-0x0000000004DB0000-0x0000000004DD2000-memory.dmp

Filesize
136KB

Download
memory/1416-10-0x0000000004F50000-0x0000000004FB6000-memory.dmp

Filesize
408KB

Download
memory/1416-11-0x0000000005610000-0x0000000005676000-memory.dmp

Filesize
408KB

Download
memory/1416-21-0x0000000005770000-0x0000000005AC4000-memory.dmp

Filesize
3.3MB

Download
memory/1708-268-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-270-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-290-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-288-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-286-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-284-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-282-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-280-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-278-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-276-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-274-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-259-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/1708-272-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/2092-110-0x00000000704F0000-0x000000007053C000-memory.dmp

Filesize
304KB

Download
memory/2092-111-0x0000000070C90000-0x0000000070FE4000-memory.dmp

Filesize
3.3MB

Download
memory/2092-124-0x00000000745F0000-0x0000000074DA0000-memory.dmp

Filesize
7.7MB

Download
memory/2092-109-0x000000007FDD0000-0x000000007FDE0000-memory.dmp

Filesize
64KB

Download
memory/2092-122-0x0000000002F30000-0x0000000002F40000-memory.dmp

Filesize
64KB

Download
memory/2092-96-0x00000000745F0000-0x0000000074DA0000-memory.dmp

Filesize
7.7MB

Download
memory/2092-97-0x0000000002F30000-0x0000000002F40000-memory.dmp

Filesize
64KB

Download
memory/2092-107-0x0000000002F30000-0x0000000002F40000-memory.dmp

Filesize
64KB

Download
memory/3764-127-0x0000000003370000-0x0000000003380000-memory.dmp

Filesize
64KB

Download
memory/3764-125-0x00000000745F0000-0x0000000074DA0000-memory.dmp

Filesize
7.7MB

Download
memory/3764-126-0x0000000003370000-0x0000000003380000-memory.dmp

Filesize
64KB

Download
memory/4492-58-0x00000000032D0000-0x00000000036CA000-memory.dmp

Filesize
4.0MB

Download
memory/4492-3-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/4492-60-0x0000000005070000-0x000000000595B000-memory.dmp

Filesize
8.9MB

Download
memory/4492-1-0x00000000032D0000-0x00000000036CA000-memory.dmp

Filesize
4.0MB

Download
memory/4492-56-0x0000000000400000-0x0000000002EE6000-memory.dmp

Filesize
42.9MB

Download
memory/4492-2-0x0000000005070000-0x000000000595B000-memory.dmp

Filesize
8.9MB

Download
memory/4928-267-0x0000000000400000-0x00000000008DF000-memory.dmp

Filesize
4.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads