bitrat | 875237641d591cc1fe90e3bcac9a63000fe52366a0ece16728becd34d5b5752e

Analysis

max time kernel
106s
max time network
107s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
17-02-2024 23:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

stub_tor.exe
Size

7.8MB
MD5

b30606fcc4649c057f26005617816fe3
SHA1

0b1d5b6a70402bb3865a7bdc8afc50f44c308c63
SHA256

875237641d591cc1fe90e3bcac9a63000fe52366a0ece16728becd34d5b5752e
SHA512

0a3ed3ded1f23b930b7758f40d9b4438de39eca69926f19253f03ec68d8b9b022d0fe3a5b44feb10159bd0c969aca6620097f7355c66b08559297591e25b7658
SSDEEP

196608:oIRcbH4jSteTGvlxwhzav1yo31CPwDv3uFZjeg2EeJUO9WLQkDxtw3iFFrS6XOf:odHsfulxwZ6v1CPwDv3uFteg2EeJUO9E

Score

10^/10

bitrat persistence trojan upx

Malware Config

Extracted

Family

bitrat

Version

1.38

7sbl4dpbubwjjghdquwg47fyq7rookd4bgm2ypm2kjzkivd7tomvczqd.onion:80

Attributes

communication_password
4124bc0a9335c27f086f24ba207a4912
install_dir
cold
install_file
Runtime_Broker
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

ACProtect 1.3x - 1.4x DLL software 7 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000100000002a790-26.dat	acprotect
behavioral1/files/0x000100000002a794-29.dat	acprotect
behavioral1/files/0x000100000002a791-32.dat	acprotect
behavioral1/files/0x000100000002a795-37.dat	acprotect
behavioral1/files/0x000100000002a792-39.dat	acprotect
behavioral1/files/0x000100000002a797-31.dat	acprotect
behavioral1/files/0x000100000002a793-30.dat	acprotect

Executes dropped EXE 3 IoCs

pid	Process
1392	tor.exe
4248	tor.exe
4308	tor.exe

Loads dropped DLL 23 IoCs

pid	Process
1392	tor.exe
1392	tor.exe
1392	tor.exe
1392	tor.exe
1392	tor.exe
1392	tor.exe
1392	tor.exe
1392	tor.exe
1392	tor.exe
4248	tor.exe
4248	tor.exe
4248	tor.exe
4248	tor.exe
4248	tor.exe
4248	tor.exe
4248	tor.exe
4308	tor.exe
4308	tor.exe
4308	tor.exe
4308	tor.exe
4308	tor.exe
4308	tor.exe
4308	tor.exe

UPX packed file 47 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000100000002a796-21.dat	upx
behavioral1/files/0x000100000002a790-26.dat	upx
behavioral1/memory/1392-25-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/files/0x000100000002a794-29.dat	upx
behavioral1/files/0x000100000002a791-32.dat	upx
behavioral1/files/0x000100000002a795-37.dat	upx
behavioral1/memory/1392-43-0x0000000073510000-0x00000000735D8000-memory.dmp	upx
behavioral1/memory/1392-40-0x00000000735E0000-0x00000000736AE000-memory.dmp	upx
behavioral1/files/0x000100000002a792-39.dat	upx
behavioral1/files/0x000100000002a797-31.dat	upx
behavioral1/files/0x000100000002a793-30.dat	upx
behavioral1/memory/1392-48-0x0000000073490000-0x00000000734D9000-memory.dmp	upx
behavioral1/memory/1392-47-0x00000000734E0000-0x0000000073504000-memory.dmp	upx
behavioral1/memory/1392-49-0x00000000732F0000-0x00000000733FA000-memory.dmp	upx
behavioral1/memory/1392-50-0x0000000073020000-0x00000000732EF000-memory.dmp	upx
behavioral1/memory/1392-52-0x0000000073400000-0x0000000073488000-memory.dmp	upx
behavioral1/memory/1392-54-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/1392-55-0x00000000735E0000-0x00000000736AE000-memory.dmp	upx
behavioral1/memory/1392-56-0x0000000073510000-0x00000000735D8000-memory.dmp	upx
behavioral1/memory/1392-62-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/1392-63-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/1392-81-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/1392-98-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/1392-107-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/1392-115-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/1392-123-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/1392-131-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/4248-154-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/4248-157-0x0000000073020000-0x00000000732EF000-memory.dmp	upx
behavioral1/memory/4248-160-0x0000000073510000-0x00000000735D8000-memory.dmp	upx
behavioral1/memory/1392-158-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/4248-163-0x00000000735E0000-0x00000000736AE000-memory.dmp	upx
behavioral1/memory/4248-165-0x0000000073490000-0x00000000734D9000-memory.dmp	upx
behavioral1/memory/4248-168-0x00000000734E0000-0x0000000073504000-memory.dmp	upx
behavioral1/memory/4248-171-0x00000000732F0000-0x00000000733FA000-memory.dmp	upx
behavioral1/memory/4248-174-0x0000000073020000-0x00000000732EF000-memory.dmp	upx
behavioral1/memory/4248-175-0x0000000073510000-0x00000000735D8000-memory.dmp	upx
behavioral1/memory/4248-173-0x0000000073400000-0x0000000073488000-memory.dmp	upx
behavioral1/memory/4248-176-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx
behavioral1/memory/4308-189-0x0000000073360000-0x0000000073428000-memory.dmp	upx
behavioral1/memory/4308-190-0x0000000073310000-0x0000000073359000-memory.dmp	upx
behavioral1/memory/4308-196-0x0000000073200000-0x000000007330A000-memory.dmp	upx
behavioral1/memory/4308-197-0x00000000730A0000-0x000000007316E000-memory.dmp	upx
behavioral1/memory/4308-199-0x0000000073FC0000-0x0000000073FE4000-memory.dmp	upx
behavioral1/memory/4308-198-0x0000000073430000-0x00000000736FF000-memory.dmp	upx
behavioral1/memory/4308-193-0x0000000073170000-0x00000000731F8000-memory.dmp	upx
behavioral1/memory/4308-180-0x0000000000BD0000-0x0000000000FD4000-memory.dmp	upx

Adds Run key to start application 2 TTPs 5 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3404610768-3912631216-307532709-1000\Software\Microsoft\Windows\CurrentVersion\Run\Runtime_Broker = "C:\\Users\\Admin\\AppData\\Local\\cold\\Runtime_Brokerᴀ"	stub_tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3404610768-3912631216-307532709-1000\Software\Microsoft\Windows\CurrentVersion\Run\Runtime_Broker = "C:\\Users\\Admin\\AppData\\Local\\cold\\Runtime_Broker瀀"	stub_tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3404610768-3912631216-307532709-1000\Software\Microsoft\Windows\CurrentVersion\Run\Runtime_Broker = "C:\\Users\\Admin\\AppData\\Local\\cold\\Runtime_Broker"	stub_tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3404610768-3912631216-307532709-1000\Software\Microsoft\Windows\CurrentVersion\Run\Runtime_Broker = "C:\\Users\\Admin\\AppData\\Local\\cold\\Runtime_Broker\ue000"	stub_tor.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3404610768-3912631216-307532709-1000\Software\Microsoft\Windows\CurrentVersion\Run\Runtime_Broker = "C:\\Users\\Admin\\AppData\\Local\\cold\\Runtime_Broker\uf000"	stub_tor.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3404610768-3912631216-307532709-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: RenamesItself 19 IoCs

pid	Process
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe
1180	stub_tor.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1180	stub_tor.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4716	MiniSearchHost.exe
1180	stub_tor.exe
1180	stub_tor.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1392	1180	stub_tor.exe	81
PID 1180 wrote to memory of 1392	1180	stub_tor.exe	81
PID 1180 wrote to memory of 1392	1180	stub_tor.exe	81
PID 1180 wrote to memory of 4248	1180	stub_tor.exe	82
PID 1180 wrote to memory of 4248	1180	stub_tor.exe	82
PID 1180 wrote to memory of 4248	1180	stub_tor.exe	82
PID 1180 wrote to memory of 4308	1180	stub_tor.exe	83
PID 1180 wrote to memory of 4308	1180	stub_tor.exe	83
PID 1180 wrote to memory of 4308	1180	stub_tor.exe	83

C:\Users\Admin\AppData\Local\Temp\stub_tor.exe
"C:\Users\Admin\AppData\Local\Temp\stub_tor.exe"
1⤵
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Users\Admin\AppData\Local\db6ca74f\tor\tor.exe
  "C:\Users\Admin\AppData\Local\db6ca74f\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1392
- C:\Users\Admin\AppData\Local\db6ca74f\tor\tor.exe
  "C:\Users\Admin\AppData\Local\db6ca74f\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4248
- C:\Users\Admin\AppData\Local\db6ca74f\tor\tor.exe
  "C:\Users\Admin\AppData\Local\db6ca74f\tor\tor.exe" -f torrc
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4308

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
c1aae28f6dfde7dce20da53868979a08

SHA1
d8d7812b1338f547d7d345c805ea034e0fe814fa

SHA256
b00dd88fcd9fb26a3afda2e652ed830950d0315371065ede6a7eff9aef77c330

SHA512
d4fae8f55d86526b702a1390d231a2624bdcb032089d58126ba168cc33a61885a02dd677da21a5e19c23ba92075db4a66e6a60621af998dc3c1138ec67e45deb

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\data\cached-certs

Filesize
20KB

MD5
01cc7b62b272f9df8a6da7af63a27070

SHA1
62acc79a155e95f0ac22b4d1002ce2310a590cf2

SHA256
5582b21124b12dedc5878c44af11e1b13ee420a3a0456258b4c42c57634bbbf7

SHA512
d1b5129bf3c4f58e0405e1f7dd8654082a999c51a338bb839f3a2b3733e5c252d4ed8e4413d475d6e40e209c49713d891673ac751b38c4692497e159c15d9ce8

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\data\cached-microdesc-consensus

Filesize
2.6MB

MD5
1d0e7e383ca56c8ad4bca066cfa3f45f

SHA1
8ac8c6524d0f0d5653c9a08336bcf68b8a9f1c8f

SHA256
c84886c0416cc99f58be9105ff56a7345786f25c8f4c1ac3b9ac3a4c7e2540cd

SHA512
ddd1c781ab689ea29588e7983853d5fa25737813b84f4cb06cf3859ef76b3ad98d01962d146ca92cbfd7013291aa83b61ddda7bd7aae0f668552e19565047810

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\data\cached-microdescs.new

Filesize
10.9MB

MD5
f3f97be4bc07f96ae39925531a7ceea4

SHA1
c090d1158bc05532838bd0278c54db1c92b250ca

SHA256
f8d8621b22e8affa563e3ab7a7f585c09dd461553d15eef80a7891183156907f

SHA512
4d8adde20f02c77430cca2828c154eda89b50eed2a2f0dba59d3bcef02675144d774f757b282afabab1773ef13e45b103cca054fa15420a79a474966ff0f29b1

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\data\cached-microdescs.new

Filesize
9.4MB

MD5
e49a311ae928bb2fc519ffb6b093f64b

SHA1
f3934274a71ccb12b185b0489f8e5f454f1b5cca

SHA256
e4a5202d262d0c81cf7202a8b5d83be6dd84db16b4631f0b300ff66445de16fe

SHA512
187203068879d1547a19d86511577d21abfe5694a732bfbf71c1c1bd378559513cc5fb8112b90fffa7a8c559e91ecbf472f918f2ee324a2ff3c90c57c73ab076

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\data\state

Filesize
232B

MD5
54b13d673bcc4b2191adda5c9a576d9a

SHA1
eb4c948498cc4acebf15da65fb13d590dab10a91

SHA256
1ac1d0656b8c66bf6d65046efe8942eea7967e2e1a4372b9d507e972ca71e985

SHA512
ab85e83d7f66fdbd7650c4dea5c896f630b4598b8ac487029f25a437f14a8313638dc68c5e0b4a6653cb3f2aba1a52dbf754c409fc94e9bf938403603c14fc63

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\libcrypto-1_1.dll

Filesize
1.7MB

MD5
2384a02c4a1f7ec481adde3a020607d3

SHA1
7e848d35a10bf9296c8fa41956a3daa777f86365

SHA256
c8db0ff0f7047ed91b057005e86ad3a23eae616253313aa047c560d9eb398369

SHA512
1ac74dd2d863acd7415ef8b9490a5342865462fbabdad0645da22424b0d56f5e9c389a3d7c41386f2414d6c4715c79a6ddecb6e6cff29e98319e1fd1060f4503

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\libevent-2-1-6.dll

Filesize
366KB

MD5
099983c13bade9554a3c17484e5481f1

SHA1
a84e69ad9722f999252d59d0ed9a99901a60e564

SHA256
b65f9aa0c7912af64bd9b05e9322e994339a11b0c8907e6a6166d7b814bda838

SHA512
89f1a963de77873296395662d4150e3eff7a2d297fb9ec54ec06aa2e40d41e5f4fc4611e9bc34126d760c9134f2907fea3bebdf2fbbd7eaddad99f8e4be1f5e2

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\libgcc_s_sjlj-1.dll

Filesize
286KB

MD5
b0d98f7157d972190fe0759d4368d320

SHA1
5715a533621a2b642aad9616e603c6907d80efc4

SHA256
2922193133dabab5b82088d4e87484e2fac75e9e0c765dacaf22eb5f4f18b0c5

SHA512
41ce56c428158533bf8b8ffe0a71875b5a3abc549b88d7d3e69acc6080653abea344d6d66fff39c04bf019fcaa295768d620377d85a933ddaf17f3d90df29496

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\libssl-1_1.dll

Filesize
439KB

MD5
c88826ac4bb879622e43ead5bdb95aeb

SHA1
87d29853649a86f0463bfd9ad887b85eedc21723

SHA256
c4d898b1a4285a45153af9ed88d79aa2a073dcb7225961b6b276b532b4d18b6f

SHA512
f733041ef35b9b8058fbcf98faa0d1fea5c0858fea941ecebbe9f083cd73e3e66323afffd8d734097fcdd5e6e59db4d94f51fca5874edbcd2a382d9ba6cd97b3

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\libssp-0.dll

Filesize
88KB

MD5
2c916456f503075f746c6ea649cf9539

SHA1
fa1afc1f3d728c89b2e90e14ca7d88b599580a9d

SHA256
cbb5236d923d4f4baf2f0d2797c72a2cbae42ef7ac0acce786daf5fdc5b456e6

SHA512
1c1995e1aa7c33c597c64122395275861d9219e46d45277d4f1768a2e06227b353d5d77d6b7cb655082dc6fb9736ad6f7cfcc0c90e02776e27d50857e792e3fd

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\libwinpthread-1.dll

Filesize
188KB

MD5
d407cc6d79a08039a6f4b50539e560b8

SHA1
21171adbc176dc19aaa5e595cd2cd4bd1dfd0c71

SHA256
92cfd0277c8781a15a0f17b7aee6cff69631b9606a001101631f04b3381efc4e

SHA512
378a10fed915591445d97c6d04e82d28008d8ea65e0e40c142b8ee59867035d561d4e103495c8f0d9c19b51597706ce0b450c25516aa0f1744579ffcd097ae0c

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\tor.exe

Filesize
973KB

MD5
5cfe61ff895c7daa889708665ef05d7b

SHA1
5e58efe30406243fbd58d4968b0492ddeef145f2

SHA256
f9c1d18b50ce7484bf212cb61a9035602cfb90ebdfe66a077b9f6df73196a9f5

SHA512
43b6f10391a863a21f70e05cee41900729c7543750e118ff5d74c0cac3d1383f10bcb73eade2a28b555a393cada4795e204246129b01ad9177d1167827dd68da

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\torrc

Filesize
157B

MD5
f695271007d045c22270f23f7166b828

SHA1
f599b938da9cd9e31ffa5cd64ce947e2418fbe02

SHA256
edb5397c9683c75323e117fd7365770400656b652a2c139d5e8503cbf90983ad

SHA512
cf92301892d77fc25b08e972851efdb74b561f3b2267ee9b8acf6c1853f608a901e64c7b6662352cc04ab831e9522cc2de5f1d286378bca3c4d23bb2954e040e

Download Submit
C:\Users\Admin\AppData\Local\db6ca74f\tor\zlib1.dll

Filesize
52KB

MD5
add33041af894b67fe34e1dc819b7eb6

SHA1
6db46eb021855a587c95479422adcc774a272eeb

SHA256
8688bd7ca55dcc0c23c429762776a0a43fe5b0332dfd5b79ef74e55d4bbc1183

SHA512
bafc441198d03f0e7fe804bab89283c389d38884d0f87d81b11950a9b79fcbf7b32be4bb16f4fcd9179b66f865c563c172a46b4514a6087ef0af64425a4b2cfa

Download Submit
memory/1180-53-0x0000000072CF0000-0x0000000072D2C000-memory.dmp

Filesize
240KB

Download
memory/1180-0-0x0000000000400000-0x0000000000BD8000-memory.dmp

Filesize
7.8MB

Download
memory/1180-106-0x00000000740A0000-0x00000000740DC000-memory.dmp

Filesize
240KB

Download
memory/1180-8-0x0000000074090000-0x00000000740CC000-memory.dmp

Filesize
240KB

Download
memory/1392-48-0x0000000073490000-0x00000000734D9000-memory.dmp

Filesize
292KB

Download
memory/1392-81-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-51-0x0000000001B40000-0x0000000001E0F000-memory.dmp

Filesize
2.8MB

Download
memory/1392-54-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-55-0x00000000735E0000-0x00000000736AE000-memory.dmp

Filesize
824KB

Download
memory/1392-56-0x0000000073510000-0x00000000735D8000-memory.dmp

Filesize
800KB

Download
memory/1392-62-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-63-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-71-0x0000000001B40000-0x0000000001B89000-memory.dmp

Filesize
292KB

Download
memory/1392-72-0x0000000001B40000-0x0000000001E0F000-memory.dmp

Filesize
2.8MB

Download
memory/1392-50-0x0000000073020000-0x00000000732EF000-memory.dmp

Filesize
2.8MB

Download
memory/1392-40-0x00000000735E0000-0x00000000736AE000-memory.dmp

Filesize
824KB

Download
memory/1392-49-0x00000000732F0000-0x00000000733FA000-memory.dmp

Filesize
1.0MB

Download
memory/1392-98-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-47-0x00000000734E0000-0x0000000073504000-memory.dmp

Filesize
144KB

Download
memory/1392-107-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-115-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-123-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-131-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-25-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/1392-43-0x0000000073510000-0x00000000735D8000-memory.dmp

Filesize
800KB

Download
memory/1392-52-0x0000000073400000-0x0000000073488000-memory.dmp

Filesize
544KB

Download
memory/1392-158-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/4248-160-0x0000000073510000-0x00000000735D8000-memory.dmp

Filesize
800KB

Download
memory/4248-163-0x00000000735E0000-0x00000000736AE000-memory.dmp

Filesize
824KB

Download
memory/4248-168-0x00000000734E0000-0x0000000073504000-memory.dmp

Filesize
144KB

Download
memory/4248-171-0x00000000732F0000-0x00000000733FA000-memory.dmp

Filesize
1.0MB

Download
memory/4248-174-0x0000000073020000-0x00000000732EF000-memory.dmp

Filesize
2.8MB

Download
memory/4248-175-0x0000000073510000-0x00000000735D8000-memory.dmp

Filesize
800KB

Download
memory/4248-173-0x0000000073400000-0x0000000073488000-memory.dmp

Filesize
544KB

Download
memory/4248-176-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/4248-154-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/4248-165-0x0000000073490000-0x00000000734D9000-memory.dmp

Filesize
292KB

Download
memory/4248-157-0x0000000073020000-0x00000000732EF000-memory.dmp

Filesize
2.8MB

Download
memory/4308-190-0x0000000073310000-0x0000000073359000-memory.dmp

Filesize
292KB

Download
memory/4308-199-0x0000000073FC0000-0x0000000073FE4000-memory.dmp

Filesize
144KB

Download
memory/4308-198-0x0000000073430000-0x00000000736FF000-memory.dmp

Filesize
2.8MB

Download
memory/4308-197-0x00000000730A0000-0x000000007316E000-memory.dmp

Filesize
824KB

Download
memory/4308-193-0x0000000073170000-0x00000000731F8000-memory.dmp

Filesize
544KB

Download
memory/4308-196-0x0000000073200000-0x000000007330A000-memory.dmp

Filesize
1.0MB

Download
memory/4308-180-0x0000000000BD0000-0x0000000000FD4000-memory.dmp

Filesize
4.0MB

Download
memory/4308-189-0x0000000073360000-0x0000000073428000-memory.dmp

Filesize
800KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads