xworm | ebf760dbfa32628221a5a902ffd7e98f560d181225e260ed4326aa36aa99f659

Analysis

max time kernel
2s
max time network
62s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Freemasonry (2).exe
Size

5KB
MD5

ff7e6dfa113f9f87601e895a40260678
SHA1

8e313c176605587b2d9b7111d35c5b51f09f6606
SHA256

156c9e8bef9013a1b498d6ba5aa8582ec7f2d02e6123ac777bca863f087e7c62
SHA512

53975519c17bf8b24ca46e0326a084e7959e475c47c4e8cd74672dd1a2df570279dd34801460b3fcd630f581aaaff12058b77f09414b411ddac285cc8db45bed
SSDEEP

48:6in5YDNwtZdLP10NjDCPp9glLGoNMDyxAoQ5WD9KLGNI6iqAa54tdXl4f59FWpfG:UDOrVmGIIy8UBKS26iBmBQzNt

Score

10^/10

xworm rat trojan

Malware Config

Extracted

Family

xworm

Version

3.1

Attributes

install_file
game.exe

Signatures

Detect Xworm Payload 5 IoCs

resource	yara_rule
behavioral3/files/0x000f000000005578-22.dat	family_xworm
behavioral3/files/0x000f000000005578-20.dat	family_xworm
behavioral3/memory/2596-44-0x00000000007F0000-0x0000000000804000-memory.dmp	family_xworm
behavioral3/memory/2596-24-0x000000013F170000-0x000000013F1C0000-memory.dmp	family_xworm
behavioral3/files/0x000f000000005578-23.dat	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 1964	2148	Freemasonry (2).exe	28
PID 2148 wrote to memory of 1964	2148	Freemasonry (2).exe	28
PID 2148 wrote to memory of 1964	2148	Freemasonry (2).exe	28
PID 2148 wrote to memory of 1964	2148	Freemasonry (2).exe	28

C:\Users\Admin\AppData\Local\Temp\Freemasonry (2).exe
"C:\Users\Admin\AppData\Local\Temp\Freemasonry (2).exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Users\Admin\AppData\Local\Temp\cmd.exe
  "cmd.exe"
  2⤵
  PID:1964
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powershell.exe'
    3⤵
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp16AC.tmp.bat""
    3⤵
    PID:2816
- - C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powershell.exe
    "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powershell.exe"
    3⤵
    PID:2596
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powershell.exe'
      4⤵
      PID:2276
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'powershell.exe'
      4⤵
      PID:3012

C:\Windows\System32\dllhost.exe
C:\Windows\System32\dllhost.exe /Processid:{c4c7411e-7ac6-4087-9097-9b3e4402ebe4}
1⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp2E80.tmp.bat""
1⤵
PID:2500
- C:\Users\Admin\AppData\Local\Temp\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp5F20.tmp.bat""
  2⤵
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp6BED.tmp.bat""
    3⤵
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp7436.tmp.bat""
      4⤵
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp7DF6.tmp.bat""
        5⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp865F.tmp.bat""
        6⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp8EC8.tmp.bat""
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp96C3.tmp.bat""
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpA016.tmp.bat""
        9⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpA812.tmp.bat""
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpB0B9.tmp.bat""
        11⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpB8B5.tmp.bat""
        12⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpC10E.tmp.bat""
        13⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpC919.tmp.bat""
        14⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpD44F.tmp.bat""
        15⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpDCC8.tmp.bat""
        16⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpE57F.tmp.bat""
        17⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\cmd.exe
        
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmpEE26.tmp.bat""
        18⤵
        
        PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmp16AC.tmp.bat

Filesize
155B

MD5
6825217a7081ae2a99636a0c6765d42a

SHA1
9749c71eaa6903d7e7785390a48fab973c1c3a85

SHA256
6900651cb19cebc8ac980fe7e990f7ee431bfb48fe02a8765e08a2effb88d5ed

SHA512
18610d475f5d719624774a5a02ee1f667f2f4b00c25c6ef0f5111a9e08cfabdb2c20e5e62271c80905a2e6badc81722c258fbb7e21e987bb285c227128afb31b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp2E80.tmp.bat

Filesize
155B

MD5
4e6d4788ae9592d5980063ade15d10b2

SHA1
9713b93175d15ff22f237a4ea1fa5d3cd83c3cf7

SHA256
709af23b831f6d13271592f85329f6ad86aa29ef0d42abd6169aec7edd6d071a

SHA512
4dad23fc480024ee39803e2dc48a642cefa2695adb75f7a95e434da113cd3d9fc8d897c1b792ed6d153441459f715c6abc1efd2e0a129ac7acf87f068019248d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp5F20.tmp.bat

Filesize
155B

MD5
7696474acf8080bde89fe4aed883cae5

SHA1
f5c302e0ccd8739e3abed51e94c560c126159b8b

SHA256
4a453fc15262c6920f19c38630c623383beef1443b181a6e0c1afdd7b48c8f29

SHA512
c8f6918fd737376223c3aaaf3fc0752d36977e232cfd594ac8065a3446fbbdf3cc906863af2222661d505c29b9b70f30ef463dcd539b720696e33b4a8fe60671

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp6BED.tmp.bat

Filesize
155B

MD5
12c3676cd7c51526af9929e88518930b

SHA1
1733b1ff6967d4b86ea74c6c6b68355299497ec2

SHA256
dfa8c983c65724f4d5f857cb139ff0f4c318ab6f891a29a1b620c589425c2b43

SHA512
8285b5d24436d77c301363bbd27ef8c161d79fcb4af1f0fa51da9ebad77a9ec4877416768b96749bb6e4bf40e338ea579fa8101df53e04ced91e1f2700974ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp7DF6.tmp.bat

Filesize
155B

MD5
2ea5787a9aa8ddca46f5f86cb74df7d7

SHA1
c6077383ba7b18a696e00b0ece43cf591f14c658

SHA256
edadc48ff646673e6a0ef03dab27170582b0776d319e972dac39a4503907ba23

SHA512
11b6a191ead281d5ecb8d3479605f67faa82021fb957b11514ba24964a0db9aaef066b5a2e02647262b6d4a2b17e57be3a1c34feb7cfbc885c20d520aa7e46af

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp865F.tmp.bat

Filesize
155B

MD5
8edc9d8b577b9dc3a783935e0ac18452

SHA1
943a67aa8149c8522bb229c78bc45692dd562214

SHA256
a56b15c65dd096d047ffdded2a629a7b7e5a51bbfcf55b11464fc9a40aeb55c1

SHA512
6d3b4ab6854f090fa15664aaae029e70dae0b399082847be38f906b491944837c7dd8ab71330dbcf7a2538d510cd1fa9d81e99ef9cac94506d5745940b0fa136

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp8EC8.tmp.bat

Filesize
155B

MD5
e81a91345aeb5d26a448487498463765

SHA1
c09f110fadbebc99ba67d7b1640f64c3e7728945

SHA256
bf1ab55489863412a0937d83903e8efab636d45d4d17c1b035e0eeb10bb6a0e1

SHA512
d9650c9ee61b0cd6843bfecdf6efae985c1f7b1d92be7b3e68bd63692f52e9e67ed6e84768636a1668ed9f0f546d066fe0df2a6f8f719fd57d9133a6d2fab954

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp96C3.tmp.bat

Filesize
155B

MD5
c587ecba793c0ab5131cf8650cc9f27b

SHA1
bd7e1bfcfc91c610660d60d0319c47bea4a9ea01

SHA256
acfdab8a27b5a7b66aeaae2cba1df5543cf2752e727a8c2f8cb1d86105d2f63a

SHA512
f5bcd2500952fcd2585933eaa4ff7821c5611963a4fbc72476a9f9c05fafb16f49fe55262d0d51a43a32bee7576748770ffb0000853408e8789e6cc06e861f7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA016.tmp.bat

Filesize
155B

MD5
b2246f216a6e778382d0303ef5b86ebf

SHA1
e1fdaf2a43374df9393f3c4ed7d88edb1366b8af

SHA256
bc4fe016c930dae0b03de511d5f1a2367dd2cd8f51d7b3aebabb09a4813d981f

SHA512
a5f5bb51902b71ee7702b9d697ce83e8177c9a7488c5299dc68062a6e3ec3152d5dae58bef950c6f783bfe9d153b0e4024733c9a9cc7582c5b07257d94abcbee

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpA812.tmp.bat

Filesize
155B

MD5
c058f74e3918805d69a013e4a9961875

SHA1
85e9f04f7d617c7f85f60c5f25b242abb9761d06

SHA256
041e8a116afcf46eaa90c35e7fc1fa2b258166ad5565f7b15247822fabc0c876

SHA512
840b6551cc5465e95807cfda5c4afb46417b0944d0da64455854c4fa2bbe301818e06d4417d9e3d6a7ad91b629a8377667a8c2eb59da167d642d6a2e8709ad8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB0B9.tmp.bat

Filesize
155B

MD5
178df61835ff1afe7719c71c6a9476c6

SHA1
fabde5058d3a67e07fff822750f42282f2dd6af1

SHA256
2e68bc5c7f41f0866c641fb72b534b67adbe29e8ab8781f5d8bb875fe6720d15

SHA512
418c37b179e8284c9352e2a1339d5c62f70ca6394d3b1310c85d1c1709c747847d952ec0d7a48a69af46b4d2d09db59074386b47b3572561f5d70dc8786745c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpB8B5.tmp.bat

Filesize
155B

MD5
4dd2833c522103919932701a6b52ab04

SHA1
c8c77d224524b11c28bad0d3bc880b4db5740fe7

SHA256
d37b4dcd83e401e0e60863e71690b85b7e0d34b06b1db4711c9bace2f6b1a768

SHA512
d7192a917f821e1c588c021d5b4b896c18601797820cc01f6a0e9b004452de36e4f34a6be9340590a2fbc22f5caa355fbc9cd5095137ddfd73b081cf5654dc34

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC10E.tmp.bat

Filesize
155B

MD5
40064a5b1e0b6122c68f1d01b0d64fcc

SHA1
e5208c88c10543fe56de5c02fcd96c8eb857f27f

SHA256
01d2a3778324238eaeab29f23870175e5f9fb6c5ea5d127436afe9014e465649

SHA512
5e05f126d29812861978218e5527f0b36833ea3d4e14bea123b87421c78fc76c03dc54b7474fb24c47cc967622104fb90cd7e50d8134e4a7daf0a97548caa2a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC919.tmp.bat

Filesize
155B

MD5
d65ce8ac286afdf3887d37ce1726a16e

SHA1
96e4cdb46f572cbd42e1765d93f0a9185a2711bc

SHA256
ee7cfa5cb0fe2d80173919914113539efc8c268f3cd3f79adbfb86df9d54119c

SHA512
07de75de30476d9b93920c197a4dbffd3713fa49ba8f74e63333539b56b53ac261d1348d9479bd1596a0e9985dfb93158ac132c6b20bb2f1892ec320b8c6fe2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpD44F.tmp.bat

Filesize
155B

MD5
e680b2c26260d694e28eaa155bb58ae8

SHA1
187c288be44d1afc2b8349bc2bc64b875783c66b

SHA256
6263ba34d4e821401f27b86b2cb0f7db3fae80f97c2d5059368b0219283bc99c

SHA512
37da6de0015e8fa9e94800f05b30d79b5f1c76f0b91d1d5fd335eab5182804bc3ee662507f8b2d1f2465ab5b6a53277766d3c39018fb504dcad681dcd38ca5c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpDCC8.tmp.bat

Filesize
155B

MD5
69d9f4483f0b35488d5c84b45f3b9432

SHA1
dff401e83e7d9317220322382b16003212c1047e

SHA256
b9c0bfbf46481b0abab3bd4e818907c9ae22d92a05c25e654510642ebb6a3e8f

SHA512
bfa103e10386635fe3cec4a265093464022fb70cce6ba044f577fc628852d4754bf7b1e63cf53456a8c0ead490073fa4223e2b4e521bfb90fb590594a28963f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpE57F.tmp.bat

Filesize
155B

MD5
6d9cfcca28160330262a04904816b230

SHA1
ebb0b0bb57760e6d5f379f97fb2512abf6a401b7

SHA256
acf5a2ac08f1bb2c75b2139244946fb9561a02533eea623b5b2625a2403e86c1

SHA512
7954ceb1d269fb7a166c92515c01bd80a8e5cdbd15a1bf94365f97fc776eeac84aacea8a03999c60f4f3d3f31d7dde19df560b5f9823ff22c0ef722be0f4040a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpEE26.tmp.bat

Filesize
155B

MD5
13a49dda626b36e00230a399c275e032

SHA1
26d80d84dfba367d9445c223c9f69a0cb3b29d7c

SHA256
b0ac4d8921aa897c8d067cf75bfbd641f1392dffd6b300d9c6dc9d78b0d9ef90

SHA512
f423b25565b583ace28d709a4415f53cb69ba5b3a4089867c775f761ea830cbc073c62bbc60320737db4b7d149744e5b082a1b69b59f51932a59efafb2963826

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
c352cd4bb98da78a8997bf997633f231

SHA1
2beb00d48292005dc63723b5f6abf34f38039cd2

SHA256
123714f35aad2e50a37e85ca6deb531eb62453dafe44f429abc19181750aca38

SHA512
a330ad4235f39c8de6b038e30f71914bc9a9d168de2d71e9e73012e9d7727e13ce89694ac4226e12eb16a192eb89764fc496069c5ffbe21ba4a8efe6a93213f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powershell.exe

Filesize
219KB

MD5
97aeabe14cfa558f3966e0988e60283e

SHA1
1d5b61a359ec4a2f5853116562da0903073eaed4

SHA256
1f2844ea7fd59d21549ad7fbf5b5b4e7fda57bf594b063d0974cd93504c92a4e

SHA512
9e2d4c6dcfba0bf1e59f754cf82adc906a38e43a65ecd6bd973fb8ce547cd6d9eb00f02ce9ed582fca95bd4fde28513b5af2dfbedca6a82623950bbcae77b5b9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powershell.exe

Filesize
300KB

MD5
3c09d9c6df337337adaa6f3880a318c9

SHA1
a4a3a1222476e739e12b28e3bcc8c9dbe2d07fdb

SHA256
6f6d67095f0b3ee860ebeb646c7ed14413f1b7cbfccae682109790e84bb461ef

SHA512
c0bd827b401ee1cfb4fbc53ceb6f3c40d7d6ee2c14b74832c5367c0df06b37dfd6733b840ebe0f091e6397a35e3b60f11cbbc3db893b68b92b8053c45fd1b24d

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\powershell.exe

Filesize
208KB

MD5
7bacfdae4d225c9b80a7ac0d035f073d

SHA1
7c06261c9c0b2e65d0849a18481da87f4f1b8869

SHA256
24d7b4b6068fcfd43c694cf44f9822d95664a787a89038b8eb746bc424b1187c

SHA512
bba1084414694d5991d581c3b00587c40e7b6624cf2bce5422333e77aa3f9e015dabf1f46a2eae15f7f9754d61b89c56b72509532006fe9929c53ffe32243394

Download Submit
memory/296-174-0x0000000000DB0000-0x0000000000DDA000-memory.dmp

Filesize
168KB

Download
memory/296-177-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/436-52-0x0000000000C90000-0x0000000000CB3000-memory.dmp

Filesize
140KB

Download
memory/436-51-0x0000000000C90000-0x0000000000CB3000-memory.dmp

Filesize
140KB

Download
memory/436-55-0x000007FEBEEA0000-0x000007FEBEEB0000-memory.dmp

Filesize
64KB

Download
memory/436-70-0x0000000077701000-0x0000000077702000-memory.dmp

Filesize
4KB

Download
memory/436-57-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/436-69-0x0000000000CC0000-0x0000000000CEA000-memory.dmp

Filesize
168KB

Download
memory/436-54-0x0000000000CC0000-0x0000000000CEA000-memory.dmp

Filesize
168KB

Download
memory/480-71-0x0000000000120000-0x000000000014A000-memory.dmp

Filesize
168KB

Download
memory/480-73-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/480-198-0x0000000000120000-0x000000000014A000-memory.dmp

Filesize
168KB

Download
memory/480-60-0x000007FEBEEA0000-0x000007FEBEEB0000-memory.dmp

Filesize
64KB

Download
memory/480-58-0x0000000000120000-0x000000000014A000-memory.dmp

Filesize
168KB

Download
memory/496-80-0x0000000000930000-0x000000000095A000-memory.dmp

Filesize
168KB

Download
memory/496-79-0x0000000000930000-0x000000000095A000-memory.dmp

Filesize
168KB

Download
memory/496-195-0x0000000000930000-0x000000000095A000-memory.dmp

Filesize
168KB

Download
memory/504-87-0x00000000004E0000-0x000000000050A000-memory.dmp

Filesize
168KB

Download
memory/504-90-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/504-88-0x000007FEBEEA0000-0x000007FEBEEB0000-memory.dmp

Filesize
64KB

Download
memory/608-98-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/608-96-0x000007FEBEEA0000-0x000007FEBEEB0000-memory.dmp

Filesize
64KB

Download
memory/608-94-0x0000000000340000-0x000000000036A000-memory.dmp

Filesize
168KB

Download
memory/676-120-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/676-113-0x000007FEBEEA0000-0x000007FEBEEB0000-memory.dmp

Filesize
64KB

Download
memory/676-116-0x0000000000460000-0x000000000048A000-memory.dmp

Filesize
168KB

Download
memory/676-111-0x0000000000460000-0x000000000048A000-memory.dmp

Filesize
168KB

Download
memory/756-121-0x000007FEBEEA0000-0x000007FEBEEB0000-memory.dmp

Filesize
64KB

Download
memory/756-117-0x0000000000C30000-0x0000000000C5A000-memory.dmp

Filesize
168KB

Download
memory/756-124-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/816-138-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/816-132-0x000007FEBEEA0000-0x000007FEBEEB0000-memory.dmp

Filesize
64KB

Download
memory/816-131-0x0000000000C90000-0x0000000000CBA000-memory.dmp

Filesize
168KB

Download
memory/816-136-0x0000000000C90000-0x0000000000CBA000-memory.dmp

Filesize
168KB

Download
memory/852-144-0x0000000000460000-0x000000000048A000-memory.dmp

Filesize
168KB

Download
memory/984-186-0x0000000001FF0000-0x000000000201A000-memory.dmp

Filesize
168KB

Download
memory/984-187-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/996-156-0x00000000004A0000-0x00000000004CA000-memory.dmp

Filesize
168KB

Download
memory/996-164-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/1964-33-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/1964-2-0x00000000002D0000-0x0000000000322000-memory.dmp

Filesize
328KB

Download
memory/1964-3-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/1964-18-0x000000001BFD0000-0x000000001C050000-memory.dmp

Filesize
512KB

Download
memory/2148-1-0x00000000748B0000-0x0000000074F9E000-memory.dmp

Filesize
6.9MB

Download
memory/2148-34-0x00000000748B0000-0x0000000074F9E000-memory.dmp

Filesize
6.9MB

Download
memory/2148-0-0x0000000001000000-0x0000000001008000-memory.dmp

Filesize
32KB

Download
memory/2276-169-0x000007FEF2BE0000-0x000007FEF357D000-memory.dmp

Filesize
9.6MB

Download
memory/2276-166-0x0000000002D50000-0x0000000002DD0000-memory.dmp

Filesize
512KB

Download
memory/2276-163-0x000000001B560000-0x000000001B842000-memory.dmp

Filesize
2.9MB

Download
memory/2276-184-0x0000000002D50000-0x0000000002DD0000-memory.dmp

Filesize
512KB

Download
memory/2276-183-0x000007FEF2BE0000-0x000007FEF357D000-memory.dmp

Filesize
9.6MB

Download
memory/2276-168-0x0000000002060000-0x0000000002068000-memory.dmp

Filesize
32KB

Download
memory/2276-171-0x0000000002D50000-0x0000000002DD0000-memory.dmp

Filesize
512KB

Download
memory/2452-40-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/2452-50-0x00000000776B0000-0x0000000077859000-memory.dmp

Filesize
1.7MB

Download
memory/2452-43-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/2452-190-0x00000000776B0000-0x0000000077859000-memory.dmp

Filesize
1.7MB

Download
memory/2452-46-0x0000000077590000-0x00000000776AF000-memory.dmp

Filesize
1.1MB

Download
memory/2452-45-0x00000000776B0000-0x0000000077859000-memory.dmp

Filesize
1.7MB

Download
memory/2452-47-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/2500-142-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2500-76-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2532-14-0x0000000002DA0000-0x0000000002E20000-memory.dmp

Filesize
512KB

Download
memory/2532-9-0x0000000001DA0000-0x0000000001DA8000-memory.dmp

Filesize
32KB

Download
memory/2532-10-0x000007FEF20F0000-0x000007FEF2A8D000-memory.dmp

Filesize
9.6MB

Download
memory/2532-15-0x000007FEF20F0000-0x000007FEF2A8D000-memory.dmp

Filesize
9.6MB

Download
memory/2532-13-0x0000000002DA0000-0x0000000002E20000-memory.dmp

Filesize
512KB

Download
memory/2532-12-0x000007FEF20F0000-0x000007FEF2A8D000-memory.dmp

Filesize
9.6MB

Download
memory/2532-11-0x0000000002DA0000-0x0000000002E20000-memory.dmp

Filesize
512KB

Download
memory/2532-8-0x000000001B6F0000-0x000000001B9D2000-memory.dmp

Filesize
2.9MB

Download
memory/2596-36-0x0000000000540000-0x000000000057E000-memory.dmp

Filesize
248KB

Download
memory/2596-41-0x000000001C000000-0x000000001C080000-memory.dmp

Filesize
512KB

Download
memory/2596-147-0x00000000776B0000-0x0000000077859000-memory.dmp

Filesize
1.7MB

Download
memory/2596-39-0x00000000776B0000-0x0000000077859000-memory.dmp

Filesize
1.7MB

Download
memory/2596-114-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2596-44-0x00000000007F0000-0x0000000000804000-memory.dmp

Filesize
80KB

Download
memory/2596-179-0x000000001C000000-0x000000001C080000-memory.dmp

Filesize
512KB

Download
memory/2596-32-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2596-24-0x000000013F170000-0x000000013F1C0000-memory.dmp

Filesize
320KB

Download
memory/2596-153-0x0000000077590000-0x00000000776AF000-memory.dmp

Filesize
1.1MB

Download
memory/2596-37-0x00000000776B0000-0x0000000077859000-memory.dmp

Filesize
1.7MB

Download
memory/2596-38-0x0000000077590000-0x00000000776AF000-memory.dmp

Filesize
1.1MB

Download
memory/2816-84-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2816-35-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2968-154-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2968-133-0x00000000776B0000-0x0000000077859000-memory.dmp

Filesize
1.7MB

Download
memory/2968-119-0x0000000000350000-0x000000000037A000-memory.dmp

Filesize
168KB

Download
memory/2968-123-0x000007FEBEEA0000-0x000007FEBEEB0000-memory.dmp

Filesize
64KB

Download
memory/2968-129-0x00000000376F0000-0x0000000037700000-memory.dmp

Filesize
64KB

Download
memory/2968-130-0x0000000000350000-0x000000000037A000-memory.dmp

Filesize
168KB

Download
memory/3048-126-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads